Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antimalware doctor


  • This topic is locked This topic is locked

#16
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,770 posts
Hi. :)

Ok ditch the Panda Online Scan if still problems with running the scan. It may just be one of them things as some types of online scan are prone to problems. See if you can run the ESET Online Scanner from the link below, the same principle as outlined here in a prior post of mine.

Before doing so however re-run TFC(Temp File Cleaner) again.

http://www.eset.com/onlinescan/
  • 0

Advertisements


#17
anpsi

anpsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
hey this link seems to work but unfortunately cudnt run the scan...I did all the steps as per your instruction and was able to reach the window where the virus database wud start to download. i tried couple of times to download but i keep getting the message that Cudnot download. is proxy configured?....and when I went to the prev step the custom settings were not checked...i dont know why this message was popping up...i checked all the options that u had me to...Avg was disabled and also re ran TFC....
  • 0

#18
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,770 posts
Hi. :)

What type of Internet connection do you have? Is your machine still experiencing the original symptoms you mentioned in your first post in this topic?

Next:

Follow the below advice then also please run the requested scan for me and post the resulting log, thank you.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) >> OK.

Scan With RKUnHooker:

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
Note: You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
  • 0

#19
anpsi

anpsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
hey!!!

finally I got it done....but lemme tell u that I was getting lot of AVG warnings saying that file is infected and gave me options what to do with it like move it to vault or ignore...i simply closed it....I think its fake warnings.....So, I think its still infected but I dont see the antimalware anymore.....anyways here's the results

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF188000 C:\WINDOWS\System32\igxpdx32.DLL 2121728 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF049000 C:\WINDOWS\System32\igxpdv32.DLL 1306624 bytes (Intel Corporation, Component GHAL Driver)
0xB9D35000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1110016 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA4A5D000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0x9E369000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 876544 bytes
0xF830A000 iaStor.sys 876544 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xA49AD000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 720896 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA4BB0000 C:\WINDOWS\system32\drivers\CHDAud.sys 610304 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0xF8234000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9E49F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9C91000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 425984 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB9B6D000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA3B5F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9E077000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF38E000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA3B18000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x9C623000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9E463000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xA4B5A000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 204800 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB9C16000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF8446000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9E29C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8207000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9C288000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9E50F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9CF9000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9E55C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9C46000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xBF022000 C:\WINDOWS\System32\igxpgd32.dll 159744 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA3AF2000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9E43F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA4B8C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9C6D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9BF3000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9E53A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x9DFDF000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF82EA000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF83F8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8417000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF81ED000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF83E0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF82C1000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9BDC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9E25F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9D21000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA3BB8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF82D8000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8435000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9BCB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA425D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF87C5000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 65536 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF8585000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF85F5000 Serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xA63AC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF87D5000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB9EC4000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA63BC000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8595000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF85D5000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF87A5000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF87E5000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF85B5000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA635C000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF8615000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9EFBB000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF87B5000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF85A5000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8625000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8575000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8675000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF85E5000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8645000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA48C3000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF85C5000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8795000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8785000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8635000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9EFCB000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA4943000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA8740000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xA50EF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF887D000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF880D000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF886D000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF87F5000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8885000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF888D000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8805000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xF8875000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA50FF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA030C000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xA032C000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xA8758000 C:\WINDOWS\system32\drivers\cpqdfw.sys 20480 bytes
0xA50F7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87FD000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF889D000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF88A5000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8895000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9EA49000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8995000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xF898D000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA051000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9E2E9000 C:\WINDOWS\system32\drivers\cqcpu.sys 16384 bytes (Microsoft Corporation, Description string for cqcpu driver)
0xBA031000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x9E0E3000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xBA035000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA019F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8991000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8985000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8989000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF8194000 C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0xA172C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA91C5000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA049000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA60ED000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA055000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF8A7D000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF8B2D000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0x9E88D000 C:\WINDOWS\system32\drivers\cq_mem.sys 8192 bytes (Microsoft Corporation, Description string for cq_mem driver)
0xF8B05000 C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 8192 bytes (Hewlett-Packard Development Company, L.P., QLB PS/2 Keyboard filter driver)
0xF8B2B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A79000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A75000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B2F000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8B31000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8AB9000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8AB7000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A7B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8A77000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8B97000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0x9E724000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA4638000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8B3E000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8B3D000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
[216]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[216]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[216]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[216]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]
[216]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[216]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[216]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[216]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
[2544]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[2544]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->715B9E59 [aclayers.dll]
[2544]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->715BA16B [aclayers.dll]
[2544]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->715BA067 [aclayers.dll]
[2544]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[2544]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A81190-->715B9E59 [aclayers.dll]
[2544]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A811F8-->715B9F5D [aclayers.dll]
[2544]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A811FC-->715BA16B [aclayers.dll]
[2544]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[2544]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->715B9E59 [aclayers.dll]
[2544]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->715BA16B [aclayers.dll]
[2544]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->715BA067 [aclayers.dll]
[2544]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->5CB77774 [shimeng.dll]
[2544]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->715B9E59 [aclayers.dll]
[2544]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->715BA16B [aclayers.dll]
[2544]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->715BA067 [aclayers.dll]
[2544]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->5CB77774 [shimeng.dll]
[2544]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->715B9E59 [aclayers.dll]
[2544]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->715BA067 [aclayers.dll]
[2544]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[2544]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->715B9E59 [aclayers.dll]
[2544]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->715B9F5D [aclayers.dll]
[2544]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->715BA16B [aclayers.dll]
[2544]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->715BA067 [aclayers.dll]
[2544]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->3E2EDB04 [ieframe.dll]
[2544]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->3E3E538C [ieframe.dll]
[2544]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->3E3E5329 [ieframe.dll]
[2544]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->3E3E52C6 [ieframe.dll]
[2544]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->3E2154C5 [ieframe.dll]
[2544]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[2544]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->715B9E59 [aclayers.dll]
[2544]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->715BA16B [aclayers.dll]
[2544]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->715BA067 [aclayers.dll]
[2544]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->3E3E518E [ieframe.dll]
[2544]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->3E3E512C [ieframe.dll]
[2544]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->3E3E525B [ieframe.dll]
[2544]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->3E3E51F0 [ieframe.dll]
[2544]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[2544]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->715B9E59 [aclayers.dll]
[2544]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->715BA16B [aclayers.dll]
[2544]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->715BA067 [aclayers.dll]
[2544]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
[2544]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->715B9E59 [aclayers.dll]
[3480]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->63602441 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->63602A5B [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->63602B3E [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->63602AA2 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004110C4-->63602A5B [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x004110BC-->63602AE9 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->63602441 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->63602A5B [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->63602AE9 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->63602B3E [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->63602AA2 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x7C9C1D18-->63601740 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcA, Type: IAT modification 0x7C9C1D48-->6360208F [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x7C9C1EA4-->63602065 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x7C9C1E3C-->63601FC4 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x7C9C1F90-->636015C8 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x7C9C1D34-->636015EF [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->user32.dll-->DefWindowProcA, Type: IAT modification 0x00411488-->6360208F [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x00411454-->63601FC4 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->63602441 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->63602A5B [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->63602B3E [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->63602AA2 [YbSkin2.dll]
[3480]Ymsgr_tray.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x004113D8-->636015C8 [YbSkin2.dll]
[632]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[632]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->715B9E59 [aclayers.dll]
[632]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->715BA16B [aclayers.dll]
[632]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->715BA067 [aclayers.dll]
[632]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[632]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A81190-->715B9E59 [aclayers.dll]
[632]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A811F8-->715B9F5D [aclayers.dll]
[632]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A811FC-->715BA16B [aclayers.dll]
[632]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[632]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->715B9E59 [aclayers.dll]
[632]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->715BA16B [aclayers.dll]
[632]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->715BA067 [aclayers.dll]
[632]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->5CB77774 [shimeng.dll]
[632]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->715B9E59 [aclayers.dll]
[632]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->715BA16B [aclayers.dll]
[632]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->715BA067 [aclayers.dll]
[632]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->5CB77774 [shimeng.dll]
[632]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->715B9E59 [aclayers.dll]
[632]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->715BA067 [aclayers.dll]
[632]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[632]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->715B9E59 [aclayers.dll]
[632]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->715B9F5D [aclayers.dll]
[632]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->715BA16B [aclayers.dll]
[632]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->715BA067 [aclayers.dll]
[632]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->3E2DD0CD [ieframe.dll]
[632]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->3E2EDB04 [ieframe.dll]
[632]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->3E3E538C [ieframe.dll]
[632]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->3E3E5329 [ieframe.dll]
[632]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->3E3E52C6 [ieframe.dll]
[632]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->3E2154C5 [ieframe.dll]
[632]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[632]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->715B9E59 [aclayers.dll]
[632]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->715BA16B [aclayers.dll]
[632]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->715BA067 [aclayers.dll]
[632]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->3E3E518E [ieframe.dll]
[632]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->3E3E512C [ieframe.dll]
[632]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->3E3E525B [ieframe.dll]
[632]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->3E3E51F0 [ieframe.dll]
[632]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->3E2E9A91 [ieframe.dll]
[632]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->3E25466E [ieframe.dll]
[632]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[632]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->715B9E59 [aclayers.dll]
[632]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->715BA16B [aclayers.dll]
[632]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->715BA067 [aclayers.dll]
[632]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
[632]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->715B9E59 [aclayers.dll]
  • 0

#20
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,770 posts
Hi. :)

A specific tool I need your good self to both download and run, namely ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG falsely detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause unpredictable results Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.

We will however replace this with a different Anti-Virus application after the ComboFix run.

Next:

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot, please do so.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


Download/Install a AV:

Download just one only of the two free anti-virus programs listed below please and then:

Install >> Update >> Carry Out a Complete Scan. Have it fix anything it finds.

Note: If anything was removed by the AV you chose to install, please save a copy of the report created and post the contents in your next reply, thank you.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.

  • 0

#21
anpsi

anpsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
hello :)

Had some problems while uninstalling AVG...I used the app remover at first to remove it but it was taking forever to uninstall....So, what I did was went to programs and uninstalled from there and then ran the app remover...The app remover did not show anymore AVG components but showed panda online scanner that I had previously downloaded...So, I removed it and then ran the combo fix...it detected some AVG components...So, i went to programs again and saw AVG PC tool...removed that n combofix ran smoothly...here's the log:



ComboFix 11-06-26.01 - Anoop 06/26/2011 17:32:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.197 [GMT -4:00]
Running from: c:\documents and settings\Anoop\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\basis.xml
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\bg.bmp
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\bing_logo.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\celebrity.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\drop_images.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\drop_maps.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\drop_news.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\drop_videos.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\drop_web.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\facebook.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\favicon.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\games.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\hotmail.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\icon.ico
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\images.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\include.xml
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\info.txt
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\lifestyle.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\maps.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\messenger.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\msn.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\news.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\twitter.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\uninstall.exe
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\update.exe
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\version.txt
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\video.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\videos.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\weather.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\web.png
c:\documents and settings\Anoop\Application Data\Adobe\plugs
c:\documents and settings\Anoop\Application Data\Adobe\shed
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\uninstall.exe
D:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_vvdsvc
-------\Legacy_vvdsvc
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-21 23:56 . 2011-06-21 23:56 -------- d-----w- c:\program files\ESET
2011-06-17 02:55 . 2011-06-17 02:55 -------- d-----w- c:\program files\Panda Security
2011-06-16 23:41 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-15 02:32 . 2011-06-15 02:32 -------- d-----w- c:\documents and settings\Anoop\Local Settings\Application Data\ESET
2011-06-15 02:32 . 2011-06-15 02:32 -------- d-----w- c:\documents and settings\Anoop\Application Data\ESET
2011-06-15 02:31 . 2011-06-15 02:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-06-12 01:57 . 2011-06-12 01:57 -------- d-----w- c:\documents and settings\Anoop\Application Data\Malwarebytes
2011-06-12 01:57 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 01:57 . 2011-06-12 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-12 01:57 . 2011-06-12 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-12 01:57 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-12 00:56 . 2011-06-12 00:56 -------- d-----w- C:\_OTL
2011-06-12 00:53 . 2011-06-12 00:53 -------- d-----w- c:\program files\ERUNT
2011-06-04 22:13 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-06-04 22:13 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-06-04 22:12 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2011-06-04 22:11 . 2011-06-04 22:12 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-06-04 22:04 . 2011-06-12 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-05-28 17:49 . 2011-06-25 15:15 -------- d-----w- c:\documents and settings\Anoop\Application Data\go
2011-05-28 17:48 . 2011-06-25 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2004-08-04 21:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2005-01-19 12:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 21:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 21:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 21:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Anoop\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"="0"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"="0"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Anoop\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S3 D929E9E3;D929E9E3;c:\windows\system32\D929E9E3.exe --> c:\windows\system32\D929E9E3.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/11/2011 9:57 PM 39984]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [3/31/2010 6:58 AM 342784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3395193766-2834175670-3244675603-1006Core.job
- c:\documents and settings\Anoop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 00:07]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3395193766-2834175670-3244675603-1006UA.job
- c:\documents and settings\Anoop\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 00:07]
.
2011-06-26 c:\windows\Tasks\User_Feed_Synchronization-{30A78C71-9143-4ABC-8679-D94A28FAC630}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.89.70.2 64.89.74.2 4.2.2.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-26 17:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? ????]??????([email protected][email protected]
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\lxcgcoms.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-06-26 17:50:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-26 21:50
.
Pre-Run: 41,401,344,000 bytes free
Post-Run: 42,016,583,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C573B7BA0758BFD139C37380A4B106A9







installed MS Security essentials and on scanning it detected the foll and i removed it:





Adware

Description: This program displays pop-up advertisements.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:C:\WINDOWS\System32\I-y-WNN__vUB-sX.exe
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\I-y-WNN__vUB-sX
uninstall:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\I-y-WNN__vUB-sX






Also, can I now remove all tools that u had asked me to download starting from OTL, erunt,,malwarebytes, TFC, rootkit unhooker,app remover to combofix

Edited by anpsi, 26 June 2011 - 04:46 PM.

  • 0

#22
anpsi

anpsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Hey again!!!

Just finished running a full scan by MS security essentials and it detected a trojan as foolows:....previously I had done a quick scan....

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP886\A0193944.exe

Get more information about this item online.
  • 0

#23
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,770 posts
Hi. :)

Had some problems while uninstalling AVG...I used the app remover at first to remove it but it was taking forever to uninstall....So, what I did was went to programs and uninstalled from there and then ran the app remover...The app remover did not show anymore AVG components but showed panda online scanner that I had previously downloaded...So, I removed it and then ran the combo fix...it detected some AVG components...So, i went to programs again and saw AVG PC tool...removed that n combofix ran smoothly...

OK and thanks for the update, unfortunately AVG can be problematic to uninstall at times. The Anti-Virus software you have replaced it it with is very good and use it on all of my own machines these days.

installed MS Security essentials and on scanning it detected the foll and i removed it

Good.

Just finished running a full scan by MS security essentials and it detected a trojan as foolows:....previously I had done a quick scan....

Actually this would have been fine to leave in-place for the time being as it merely denotes a infected System Restore point which we will be resetting when I give the all clear. No harm done however.

Also, can I now remove all tools that u had asked me to download starting from OTL, erunt,,malwarebytes, TFC, rootkit unhooker,app remover to combofix

We will be in due course, however I wish to check your machines MBR(Master Boot Record) as ComboFix is reporting a error reading the MBR. This is not necessarily a bad thing and I suspect it is merely the form of CD tools you have installed causing this but I think it is worth checking to err on the side of caution as follows...

Next:

Please download DeFogger to your desktop.

Double-click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Important! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Note: Do not re-enable these drivers until otherwise instructed.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.

  • Double-click the aswMBR.exe to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).
  • 0

#24
anpsi

anpsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
hi

here's the log:

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-27 18:48:13
-----------------------------
18:48:13.359 OS Version: Windows 5.1.2600 Service Pack 3
18:48:13.375 Number of processors: 1 586 0xE08
18:48:13.375 ComputerName: SINDHU UserName: Anoop
18:48:17.609 Initialize success
18:49:27.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:49:27.312 Disk 0 Vendor: Size: 0MB BusType: 0
18:49:27.687 Disk 0 MBR read successfully
18:49:27.687 Disk 0 MBR scan
18:49:27.703 Disk 0 unknown MBR code
18:49:27.703 Disk 0 MBR hidden
18:49:27.718 Disk 0 scanning C:\WINDOWS\system32\drivers
18:49:34.031 Service scanning
18:49:35.296 Disk 0 trace - called modules:
18:49:35.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
18:49:35.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d1eab8]
18:49:35.343 3 CLASSPNP.SYS[f85d5fd7] -> nt!IofCallDriver -> \Device\0000007d[0x82d14898]
18:49:35.359 5 ACPI.sys[f844c620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x82dd3030]
18:49:35.375 Scan finished successfully
18:50:22.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anoop\Desktop\MBR.dat"
18:50:22.031 The log file has been saved successfully to "C:\Documents and Settings\Anoop\Desktop\aswMBRlog.txt"
  • 0

#25
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,770 posts
Hi. :)

Re-scan with aswMBR:

Please move the file on the desktop named MBR.dat(or similir) to a form of removable storage media as a precaution before proceeding...

  • Double-click the aswMBR.exe to run it.
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Click the Scan button to start the scan.
  • On completion of the scan, click the Fix MBR button. Click on Yes at the prompt.
  • When the Fix MBR process has completed, please save the log file, to your desktop, as you did before.
  • Copy and paste the contents of the log file in your next reply.
Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
  • 0

Advertisements


#26
anpsi

anpsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
hey

Please move the file on the desktop named MBR.dat(or similir) to a form of removable storage media as a precaution before proceeding

by removable storage media u mean move to a flash drive
  • 0

#27
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,770 posts
Aye using such as you mentioned is absolutely fine. :)
  • 0

#28
anpsi

anpsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Hi

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-28 20:19:02
-----------------------------
20:19:02.843 OS Version: Windows 5.1.2600 Service Pack 3
20:19:02.843 Number of processors: 1 586 0xE08
20:19:02.859 ComputerName: SINDHU UserName: Anoop
20:19:07.968 Initialize success
20:19:41.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:19:41.875 Disk 0 Vendor: Size: 0MB BusType: 0
20:19:41.906 Disk 0 MBR read successfully
20:19:41.906 Disk 0 MBR scan
20:19:41.921 Disk 0 unknown MBR code
20:19:41.921 Disk 0 MBR hidden
20:19:41.937 Disk 0 scanning C:\WINDOWS\system32\drivers
20:19:50.640 Service scanning
20:19:52.328 Disk 0 trace - called modules:
20:19:52.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
20:19:52.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d1eab8]
20:19:52.375 3 CLASSPNP.SYS[f85d5fd7] -> nt!IofCallDriver -> \Device\0000007d[0x82d14898]
20:19:52.390 5 ACPI.sys[f844c620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x82dd3030]
20:19:52.406 Scan finished successfully
20:20:19.250 Disk 0 Windows 501 MBR fixed successfully
20:20:41.859 Disk 0 Windows 501 MBR fixed successfully
20:20:56.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anoop\Desktop\MBR.dat"
20:20:56.718 The log file has been saved successfully to "C:\Documents and Settings\Anoop\Desktop\aswMBRnew.txt"


TDSS log as follows:



2011/06/28 20:22:10.0046 3552 TDSS rootkit removing tool 2.5.7.0 Jun 28 2011 13:21:55
2011/06/28 20:22:10.0531 3552 ================================================================================
2011/06/28 20:22:10.0531 3552 SystemInfo:
2011/06/28 20:22:10.0531 3552
2011/06/28 20:22:10.0546 3552 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/28 20:22:10.0546 3552 Product type: Workstation
2011/06/28 20:22:10.0546 3552 ComputerName: SINDHU
2011/06/28 20:22:10.0546 3552 UserName: Anoop
2011/06/28 20:22:10.0546 3552 Windows directory: C:\WINDOWS
2011/06/28 20:22:10.0546 3552 System windows directory: C:\WINDOWS
2011/06/28 20:22:10.0546 3552 Processor architecture: Intel x86
2011/06/28 20:22:10.0546 3552 Number of processors: 1
2011/06/28 20:22:10.0546 3552 Page size: 0x1000
2011/06/28 20:22:10.0546 3552 Boot type: Normal boot
2011/06/28 20:22:10.0546 3552 ================================================================================
2011/06/28 20:22:12.0562 3552 Initialize success
2011/06/28 20:22:24.0453 3576 ================================================================================
2011/06/28 20:22:24.0453 3576 Scan started
2011/06/28 20:22:24.0453 3576 Mode: Manual;
2011/06/28 20:22:24.0453 3576 ================================================================================
2011/06/28 20:22:25.0375 3576 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/28 20:22:25.0453 3576 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/28 20:22:25.0484 3576 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/28 20:22:25.0531 3576 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/28 20:22:25.0562 3576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/28 20:22:25.0640 3576 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/28 20:22:25.0687 3576 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/28 20:22:25.0718 3576 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/28 20:22:25.0828 3576 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/28 20:22:25.0875 3576 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/28 20:22:25.0921 3576 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/28 20:22:26.0156 3576 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/28 20:22:26.0203 3576 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/28 20:22:26.0250 3576 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/28 20:22:26.0296 3576 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/28 20:22:26.0390 3576 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/28 20:22:26.0421 3576 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/28 20:22:26.0453 3576 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/28 20:22:26.0484 3576 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/28 20:22:26.0562 3576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/28 20:22:26.0609 3576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/28 20:22:26.0687 3576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/28 20:22:26.0718 3576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/28 20:22:27.0031 3576 BCM43XX (69f940672be0ecee5bd1e905706ba8ce) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/28 20:22:27.0234 3576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/28 20:22:27.0328 3576 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/06/28 20:22:27.0421 3576 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/28 20:22:27.0468 3576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/28 20:22:27.0531 3576 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/28 20:22:27.0593 3576 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/28 20:22:27.0640 3576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/28 20:22:27.0703 3576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/28 20:22:27.0750 3576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/28 20:22:27.0828 3576 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/28 20:22:27.0890 3576 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/28 20:22:27.0937 3576 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/28 20:22:27.0984 3576 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/28 20:22:28.0046 3576 cpqdfw (817bec5f328518290ac42821ec3922cb) C:\WINDOWS\system32\drivers\cpqdfw.sys
2011/06/28 20:22:28.0093 3576 cqcpu (be43d9c71508cb4116cb56979d1ce820) C:\WINDOWS\system32\drivers\cqcpu.sys
2011/06/28 20:22:28.0281 3576 cq_mem (cd6364f3acb9b2094ab60671806a5b9c) C:\WINDOWS\system32\drivers\cq_mem.sys
2011/06/28 20:22:28.0343 3576 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/28 20:22:28.0390 3576 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/28 20:22:28.0453 3576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/28 20:22:28.0531 3576 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/28 20:22:28.0625 3576 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/28 20:22:28.0671 3576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/28 20:22:28.0734 3576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/28 20:22:28.0953 3576 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/28 20:22:29.0015 3576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/28 20:22:29.0046 3576 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/28 20:22:29.0093 3576 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2011/06/28 20:22:29.0140 3576 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
2011/06/28 20:22:29.0250 3576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/28 20:22:29.0312 3576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/28 20:22:29.0343 3576 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/28 20:22:29.0375 3576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/28 20:22:29.0437 3576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/28 20:22:29.0515 3576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/28 20:22:29.0546 3576 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/28 20:22:29.0625 3576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/28 20:22:29.0656 3576 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/06/28 20:22:29.0734 3576 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/06/28 20:22:29.0937 3576 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/28 20:22:30.0015 3576 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/28 20:22:30.0093 3576 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/28 20:22:30.0140 3576 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/28 20:22:30.0218 3576 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/28 20:22:30.0343 3576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/28 20:22:30.0421 3576 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/28 20:22:30.0609 3576 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/28 20:22:30.0671 3576 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/28 20:22:30.0796 3576 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/28 20:22:30.0953 3576 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/06/28 20:22:31.0218 3576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/28 20:22:31.0281 3576 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/28 20:22:31.0328 3576 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/28 20:22:31.0375 3576 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/28 20:22:31.0421 3576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/28 20:22:31.0468 3576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/28 20:22:31.0515 3576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/28 20:22:31.0578 3576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/28 20:22:31.0625 3576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/28 20:22:31.0687 3576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/28 20:22:31.0734 3576 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/28 20:22:31.0781 3576 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/28 20:22:31.0828 3576 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/28 20:22:31.0875 3576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/28 20:22:32.0109 3576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/28 20:22:32.0265 3576 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/28 20:22:32.0328 3576 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/28 20:22:32.0359 3576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/28 20:22:32.0437 3576 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/28 20:22:32.0484 3576 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/28 20:22:32.0546 3576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/28 20:22:32.0609 3576 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/28 20:22:32.0828 3576 MpKsl33b691c2 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B7E7290-6F33-430D-A23C-57913B0DF3A1}\MpKsl33b691c2.sys
2011/06/28 20:22:33.0109 3576 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/28 20:22:33.0187 3576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/28 20:22:33.0281 3576 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/28 20:22:33.0359 3576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/28 20:22:33.0421 3576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/28 20:22:33.0468 3576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/28 20:22:33.0687 3576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/28 20:22:33.0734 3576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/28 20:22:33.0828 3576 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/28 20:22:33.0906 3576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/28 20:22:33.0968 3576 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/28 20:22:34.0046 3576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/28 20:22:34.0093 3576 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/28 20:22:34.0140 3576 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/28 20:22:34.0187 3576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/28 20:22:34.0234 3576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/28 20:22:34.0453 3576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/28 20:22:34.0531 3576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/28 20:22:34.0578 3576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/28 20:22:34.0687 3576 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/28 20:22:34.0750 3576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/28 20:22:34.0812 3576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/28 20:22:34.0875 3576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/28 20:22:34.0937 3576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/28 20:22:35.0140 3576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/28 20:22:35.0218 3576 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/28 20:22:35.0281 3576 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/28 20:22:35.0343 3576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/28 20:22:35.0390 3576 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/28 20:22:35.0421 3576 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/28 20:22:35.0515 3576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/28 20:22:35.0546 3576 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/28 20:22:35.0687 3576 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/28 20:22:35.0718 3576 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/28 20:22:35.0812 3576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/28 20:22:35.0875 3576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/28 20:22:35.0921 3576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/28 20:22:35.0968 3576 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/28 20:22:36.0015 3576 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/28 20:22:36.0046 3576 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/28 20:22:36.0078 3576 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/28 20:22:36.0125 3576 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/28 20:22:36.0156 3576 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/28 20:22:36.0203 3576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/28 20:22:36.0250 3576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/28 20:22:36.0484 3576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/28 20:22:36.0515 3576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/28 20:22:36.0562 3576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/28 20:22:36.0609 3576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/28 20:22:36.0687 3576 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/28 20:22:36.0750 3576 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/28 20:22:36.0796 3576 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/28 20:22:36.0875 3576 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/28 20:22:36.0968 3576 RTL8187B (2890916eb8ded61cc2d8d057a9778e03) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
2011/06/28 20:22:37.0046 3576 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/28 20:22:37.0109 3576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/28 20:22:37.0187 3576 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/28 20:22:37.0406 3576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/28 20:22:37.0515 3576 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/28 20:22:37.0578 3576 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/28 20:22:37.0656 3576 SoC PC-Camera Service (105531f39b6f85bb0a025182d8d8c37b) C:\WINDOWS\system32\DRIVERS\pfc027.sys
2011/06/28 20:22:37.0718 3576 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/28 20:22:37.0781 3576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/28 20:22:37.0859 3576 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/28 20:22:37.0953 3576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/28 20:22:38.0031 3576 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/28 20:22:38.0218 3576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/28 20:22:38.0250 3576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/28 20:22:38.0343 3576 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/28 20:22:38.0375 3576 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/28 20:22:38.0421 3576 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/28 20:22:38.0468 3576 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/28 20:22:38.0531 3576 SynTP (c9a1785cc0d7a040dd0fdbfeaa8be135) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/28 20:22:38.0578 3576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/28 20:22:38.0656 3576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/28 20:22:38.0734 3576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/28 20:22:38.0781 3576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/28 20:22:39.0000 3576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/28 20:22:39.0078 3576 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/06/28 20:22:39.0125 3576 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/28 20:22:39.0187 3576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/28 20:22:39.0234 3576 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/28 20:22:39.0296 3576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/28 20:22:39.0406 3576 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/28 20:22:39.0484 3576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/28 20:22:39.0671 3576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/28 20:22:39.0734 3576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/28 20:22:39.0812 3576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/28 20:22:39.0890 3576 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/28 20:22:39.0937 3576 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/28 20:22:40.0000 3576 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/28 20:22:40.0093 3576 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/28 20:22:40.0140 3576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/28 20:22:40.0187 3576 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/28 20:22:40.0234 3576 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/28 20:22:40.0328 3576 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/28 20:22:40.0640 3576 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/06/28 20:22:40.0765 3576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/28 20:22:40.0875 3576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/28 20:22:40.0953 3576 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/28 20:22:41.0203 3576 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/28 20:22:41.0328 3576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/28 20:22:41.0406 3576 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/28 20:22:41.0484 3576 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/28 20:22:41.0625 3576 MBR (0x1B8) (9dd7c297c715294665b34e4af0183df2) \Device\Harddisk0\DR0
2011/06/28 20:22:41.0812 3576 Boot (0x1200) (afaa83c5671118c3cdbb4bac88a19a5f) \Device\Harddisk0\DR0\Partition0
2011/06/28 20:22:41.0859 3576 Boot (0x1200) (5520b142561fbaf0f64b0146e4443b2e) \Device\Harddisk0\DR0\Partition1
2011/06/28 20:22:41.0875 3576 ================================================================================
2011/06/28 20:22:41.0875 3576 Scan finished
2011/06/28 20:22:41.0875 3576 ================================================================================
2011/06/28 20:22:41.0906 1544 Detected object count: 0
2011/06/28 20:22:41.0906 1544 Actual detected object count: 0
2011/06/28 20:23:21.0562 3796 ================================================================================
2011/06/28 20:23:21.0562 3796 Scan started
2011/06/28 20:23:21.0562 3796 Mode: Manual;
2011/06/28 20:23:21.0562 3796 ================================================================================
2011/06/28 20:23:21.0859 3796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/28 20:23:21.0937 3796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/28 20:23:21.0968 3796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/28 20:23:22.0015 3796 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/28 20:23:22.0078 3796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/28 20:23:22.0156 3796 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/28 20:23:22.0203 3796 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/28 20:23:22.0250 3796 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/28 20:23:22.0296 3796 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/28 20:23:22.0390 3796 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/28 20:23:22.0484 3796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/28 20:23:22.0703 3796 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/28 20:23:22.0765 3796 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/28 20:23:22.0812 3796 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/28 20:23:22.0859 3796 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/28 20:23:22.0937 3796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/28 20:23:23.0000 3796 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/28 20:23:23.0031 3796 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/28 20:23:23.0062 3796 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/28 20:23:23.0125 3796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/28 20:23:23.0156 3796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/28 20:23:23.0218 3796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/28 20:23:23.0265 3796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/28 20:23:23.0359 3796 BCM43XX (69f940672be0ecee5bd1e905706ba8ce) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/28 20:23:23.0578 3796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/28 20:23:23.0687 3796 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/06/28 20:23:23.0781 3796 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/28 20:23:23.0812 3796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/28 20:23:23.0890 3796 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/28 20:23:23.0937 3796 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/28 20:23:24.0000 3796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/28 20:23:24.0078 3796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/28 20:23:24.0109 3796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/28 20:23:24.0187 3796 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/28 20:23:24.0234 3796 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/28 20:23:24.0265 3796 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/28 20:23:24.0328 3796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/28 20:23:24.0406 3796 cpqdfw (817bec5f328518290ac42821ec3922cb) C:\WINDOWS\system32\drivers\cpqdfw.sys
2011/06/28 20:23:24.0453 3796 cqcpu (be43d9c71508cb4116cb56979d1ce820) C:\WINDOWS\system32\drivers\cqcpu.sys
2011/06/28 20:23:24.0671 3796 cq_mem (cd6364f3acb9b2094ab60671806a5b9c) C:\WINDOWS\system32\drivers\cq_mem.sys
2011/06/28 20:23:24.0734 3796 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/28 20:23:24.0812 3796 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/28 20:23:24.0859 3796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/28 20:23:24.0937 3796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/28 20:23:25.0031 3796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/28 20:23:25.0078 3796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/28 20:23:25.0265 3796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/28 20:23:25.0328 3796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/28 20:23:25.0375 3796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/28 20:23:25.0406 3796 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/28 20:23:25.0484 3796 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2011/06/28 20:23:25.0531 3796 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
2011/06/28 20:23:25.0625 3796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/28 20:23:25.0671 3796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/28 20:23:25.0703 3796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/28 20:23:25.0750 3796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/28 20:23:25.0812 3796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/28 20:23:25.0875 3796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/28 20:23:25.0984 3796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/28 20:23:26.0031 3796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/28 20:23:26.0062 3796 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/06/28 20:23:26.0125 3796 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/06/28 20:23:26.0343 3796 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/28 20:23:26.0421 3796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/28 20:23:26.0500 3796 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/28 20:23:26.0546 3796 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/28 20:23:26.0656 3796 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/28 20:23:26.0750 3796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/28 20:23:26.0828 3796 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/28 20:23:27.0031 3796 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/28 20:23:27.0109 3796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/28 20:23:27.0234 3796 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/28 20:23:27.0343 3796 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/06/28 20:23:27.0562 3796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/28 20:23:27.0656 3796 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/28 20:23:27.0718 3796 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/28 20:23:27.0750 3796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/28 20:23:27.0812 3796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/28 20:23:27.0843 3796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/28 20:23:27.0890 3796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/28 20:23:27.0937 3796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/28 20:23:28.0000 3796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/28 20:23:28.0046 3796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/28 20:23:28.0109 3796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/28 20:23:28.0156 3796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/28 20:23:28.0187 3796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/28 20:23:28.0234 3796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/28 20:23:28.0281 3796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/28 20:23:28.0578 3796 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/28 20:23:28.0640 3796 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/28 20:23:28.0687 3796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/28 20:23:28.0765 3796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/28 20:23:28.0812 3796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/28 20:23:28.0843 3796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/28 20:23:28.0906 3796 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/28 20:23:29.0187 3796 MpKsl33b691c2 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B7E7290-6F33-430D-A23C-57913B0DF3A1}\MpKsl33b691c2.sys
2011/06/28 20:23:29.0375 3796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/28 20:23:29.0484 3796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/28 20:23:29.0578 3796 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/28 20:23:29.0640 3796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/28 20:23:29.0703 3796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/28 20:23:29.0750 3796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/28 20:23:29.0812 3796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/28 20:23:30.0000 3796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/28 20:23:30.0093 3796 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/28 20:23:30.0156 3796 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/28 20:23:30.0234 3796 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/28 20:23:30.0312 3796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/28 20:23:30.0359 3796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/28 20:23:30.0375 3796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/28 20:23:30.0421 3796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/28 20:23:30.0468 3796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/28 20:23:30.0531 3796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/28 20:23:30.0578 3796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/28 20:23:30.0640 3796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/28 20:23:30.0859 3796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/28 20:23:30.0968 3796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/28 20:23:31.0031 3796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/28 20:23:31.0109 3796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/28 20:23:31.0140 3796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/28 20:23:31.0187 3796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/28 20:23:31.0218 3796 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/28 20:23:31.0281 3796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/28 20:23:31.0328 3796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/28 20:23:31.0390 3796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/28 20:23:31.0546 3796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/28 20:23:31.0625 3796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/28 20:23:31.0703 3796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/28 20:23:31.0859 3796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/28 20:23:31.0890 3796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/28 20:23:32.0000 3796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/28 20:23:32.0046 3796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/28 20:23:32.0093 3796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/28 20:23:32.0140 3796 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/28 20:23:32.0187 3796 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/28 20:23:32.0203 3796 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/28 20:23:32.0234 3796 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/28 20:23:32.0265 3796 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/28 20:23:32.0296 3796 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/28 20:23:32.0343 3796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/28 20:23:32.0390 3796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/28 20:23:32.0437 3796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/28 20:23:32.0515 3796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/28 20:23:32.0562 3796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/28 20:23:32.0609 3796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/28 20:23:32.0796 3796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/28 20:23:32.0921 3796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/28 20:23:32.0953 3796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/28 20:23:33.0046 3796 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/28 20:23:33.0125 3796 RTL8187B (2890916eb8ded61cc2d8d057a9778e03) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
2011/06/28 20:23:33.0203 3796 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/28 20:23:33.0265 3796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/28 20:23:33.0359 3796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/28 20:23:33.0421 3796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/28 20:23:33.0515 3796 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/28 20:23:33.0578 3796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/28 20:23:33.0781 3796 SoC PC-Camera Service (105531f39b6f85bb0a025182d8d8c37b) C:\WINDOWS\system32\DRIVERS\pfc027.sys
2011/06/28 20:23:33.0875 3796 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/28 20:23:33.0937 3796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/28 20:23:34.0000 3796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/28 20:23:34.0078 3796 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/28 20:23:34.0140 3796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/28 20:23:34.0187 3796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/28 20:23:34.0234 3796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/28 20:23:34.0312 3796 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/28 20:23:34.0343 3796 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/28 20:23:34.0390 3796 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/28 20:23:34.0406 3796 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/28 20:23:34.0468 3796 SynTP (c9a1785cc0d7a040dd0fdbfeaa8be135) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/28 20:23:34.0656 3796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/28 20:23:34.0781 3796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/28 20:23:34.0843 3796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/28 20:23:34.0875 3796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/28 20:23:34.0937 3796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/28 20:23:35.0031 3796 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/06/28 20:23:35.0078 3796 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/28 20:23:35.0140 3796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/28 20:23:35.0171 3796 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/28 20:23:35.0250 3796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/28 20:23:35.0484 3796 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/28 20:23:35.0562 3796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/28 20:23:35.0609 3796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/28 20:23:35.0671 3796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/28 20:23:35.0734 3796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/28 20:23:35.0796 3796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/28 20:23:35.0843 3796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/28 20:23:35.0875 3796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/28 20:23:35.0968 3796 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/28 20:23:36.0125 3796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/28 20:23:36.0171 3796 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/28 20:23:36.0281 3796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/28 20:23:36.0359 3796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/28 20:23:36.0515 3796 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/06/28 20:23:36.0734 3796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/28 20:23:36.0875 3796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/28 20:23:37.0015 3796 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/28 20:23:37.0187 3796 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/28 20:23:37.0281 3796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/28 20:23:37.0421 3796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/28 20:23:37.0515 3796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/28 20:23:37.0656 3796 MBR (0x1B8) (9dd7c297c715294665b34e4af0183df2) \Device\Harddisk0\DR0
2011/06/28 20:23:37.0843 3796 Boot (0x1200) (afaa83c5671118c3cdbb4bac88a19a5f) \Device\Harddisk0\DR0\Partition0
2011/06/28 20:23:37.0875 3796 Boot (0x1200) (5520b142561fbaf0f64b0146e4443b2e) \Device\Harddisk0\DR0\Partition1
2011/06/28 20:23:37.0890 3796 ================================================================================
2011/06/28 20:23:37.0890 3796 Scan finished
2011/06/28 20:23:37.0890 3796 ================================================================================
2011/06/28 20:23:37.0921 0964 Detected object count: 0
2011/06/28 20:23:37.0921 0964 Actual detected object count: 0
2011/06/28 20:23:43.0625 3652 Deinitialize success
  • 0

#29
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,770 posts
Hi. :)

New Adobe Reader Installation:

  • Go here and click on AdbeRdr1010_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • After the new Reader is installed, Open Adobe Reader X.
  • OK the license.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button
New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE 6 Update 26 (JDK or JRE). Click on Download JRE.
  • Check (tick) Java SE Runtime Environment 6u26 License Agreement box.
  • Click on jre-6u26-windows-i586.exe link next to Windows x86 Offline to download it and save this to a convenient location.
  • Double-click on on jre-6u26-windows-i586.exe to install Java.
Note: During installation de-select the option to install McAfee Security Scan Plus if offered.

Next:

Let myself know when completed the above and if any remaining issues remaining. If not we will clean up all tools used during the Malware Removal process and I will provide some advice about online safety etc.
  • 0

#30
anpsi

anpsi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Grt!!!!..finally we are almost there....installed adobe and java...jus wanted to know before we finish off wt was wrong and was my computer badly infected... I dont see those prompts anymore but the internet connection is bad on and off though I have ethernet...may be thats jus bad connection...but hey it was really nice cleaning up my system and I really appreciate ur help....
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP