Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Alureon Trojan Virus removal?


  • This topic is locked This topic is locked

#1
emma26

emma26

    Member

  • Member
  • PipPip
  • 10 posts
A few days ago, my computer started to have problems with the internet. It seems that all other aspects (itunes, getting to files etc) are working fine but often my internet won't open and it takes a couple tries to get it to not say "internet explorer is experiencing problems."

I've had problems with things like this in the past and when sent to the cheapest computer fixer we could find, he usually just backs up pictures and music (ignoring itunes) and wipes the computer clean. It is a horrible process and I'd like to remove these viruses myself (with your help of course(: )

I ran the Microsoft Security Essentials scan (full) and these are the detected items it has found the past few days:

Trojan:DOS/Alureon.A
Exploit:Win32/Pdfjsc.RF

The Trojan has not been removable, but has been quarentined by MSE.
The Exploit one has been "removed" but it keeps coming back.

Also, sometimes while running my internet explorer, the bottom tool bar and the tool bars on the top of the browser go into this weird boxy mode looking a bit like the classic windows appearances but different. If it happens again I will take a screen shot to show you.

In advance, thank you for the help.

I ran the OTL like asked, and here are my logs:

OTL logfile created on: 8/30/2011 10:58:15 PM - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Users\Emma\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.15 Gb Available Physical Memory | 7.52% Memory free
4.21 Gb Paging File | 1.66 Gb Available in Paging File | 39.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 98.66 Gb Free Space | 44.29% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.00 Gb Free Space | 49.95% Space Free | Partition Type: NTFS

Computer Name: SARA-PC | User Name: Emma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/30 22:57:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emma\Desktop\OTL.exe
PRC - [2011/07/29 11:40:57 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/04 04:52:35 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2011/05/04 04:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/27 13:19:15 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/27 12:00:35 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/03/09 04:53:20 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/03/09 04:52:56 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/05/11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007/01/12 14:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 20:07:04 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006/11/03 20:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/23 17:56:25 | 000,052,736 | -H-- | M] () -- C:\Windows\System32\chknsync.dll
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/03/21 17:30:06 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 17:30:06 | 000,324,896 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/08/28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2007/01/12 14:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
MOD - [2006/11/03 20:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
MOD - [2006/09/06 08:13:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll
MOD - [2006/08/08 17:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll
MOD - [2006/03/14 19:38:24 | 000,143,360 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/09 04:52:56 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2007/12/19 22:50:11 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/11/03 20:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV - [2011/08/30 21:06:03 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A85A1309-D9E8-4387-A4C0-F61AB760B734}\MpKslddc7107c.sys -- (MpKslddc7107c)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/09 09:21:36 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2011/03/09 09:21:36 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/03/09 09:21:36 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/03/09 04:17:26 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/11/27 03:47:00 | 001,384,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2008/05/15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/10/29 04:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2071220

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)



Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [jswtrayutil] File not found
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.196.64.53 68.113.206.10
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Emma\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Emma\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18f56935-782d-11e0-9cbb-001aa080f56c}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{18f56935-782d-11e0-9cbb-001aa080f56c}\Shell\Install\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dpapched - (C:\Windows\system32\chknsync.dll) - C:\Windows\System32\chknsync.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 22:56:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Emma\Desktop\OTL.exe
[2011/08/25 03:44:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/28 10:12:39 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2007/12/19 22:58:53 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2007/12/19 22:58:53 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2007/12/19 22:58:53 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2007/12/19 22:58:53 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2007/12/19 22:58:53 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2007/12/19 22:58:53 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2007/12/19 22:58:53 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2007/12/19 22:58:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2007/12/19 22:58:53 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2007/12/19 22:58:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2007/12/19 22:58:53 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2007/12/19 22:58:53 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2007/12/19 22:58:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2007/12/19 22:58:53 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/30 22:57:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emma\Desktop\OTL.exe
[2011/08/30 22:20:37 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/30 22:20:37 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/30 22:06:08 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 22:06:08 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 21:55:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/30 21:25:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/30 21:05:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/30 21:05:42 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/30 21:04:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/23 17:56:25 | 000,052,736 | -H-- | M] () -- C:\Windows\System32\chknsync.dll
[2011/08/23 14:09:55 | 000,001,052 | -HS- | M] () -- C:\Users\Emma\AppData\Local\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht
[2011/08/23 14:09:55 | 000,001,052 | -HS- | M] () -- C:\ProgramData\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht
[2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\Users\Emma\AppData\Local\vppp.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\ProgramData\qixd.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\Users\Emma\AppData\Local\nkub.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\ProgramData\lxvt.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\Users\Emma\AppData\Local\jpjj.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\ProgramData\gnaq.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\Users\Emma\AppData\Local\ewhb.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\ProgramData\cbio.exe
[2011/08/14 21:09:28 | 000,044,544 | ---- | M] () -- C:\Users\Emma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/23 17:56:25 | 000,052,736 | -H-- | C] () -- C:\Windows\System32\chknsync.dll
[2011/08/23 14:09:55 | 000,001,052 | -HS- | C] () -- C:\Users\Emma\AppData\Local\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht
[2011/08/23 14:09:55 | 000,001,052 | -HS- | C] () -- C:\ProgramData\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht
[2011/08/23 14:09:55 | 000,000,000 | ---- | C] () -- C:\Users\Emma\AppData\Local\vppp.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\qixd.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | C] () -- C:\Users\Emma\AppData\Local\nkub.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\lxvt.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | C] () -- C:\Users\Emma\AppData\Local\jpjj.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\gnaq.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | C] () -- C:\Users\Emma\AppData\Local\ewhb.exe
[2011/08/23 14:09:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\cbio.exe
[2011/04/28 10:13:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2011/04/28 10:13:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2011/04/28 10:12:39 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2011/04/27 14:39:05 | 000,044,544 | ---- | C] () -- C:\Users\Emma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 04:16:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/02/01 22:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/13 03:03:20 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2007/12/19 22:58:58 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/12/19 22:58:53 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2007/12/19 22:58:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2007/12/19 22:58:53 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2007/12/19 22:58:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2007/12/19 22:58:52 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2007/12/19 22:58:52 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2007/12/19 22:58:52 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2007/12/19 22:58:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2007/12/19 22:58:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2007/12/19 22:58:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2007/12/19 22:58:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2007/12/19 22:58:50 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2007/12/19 22:58:50 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2007/12/19 22:58:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2007/12/19 22:58:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2007/12/19 15:33:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/19 15:16:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/12/19 15:04:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,381,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,618,410 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,818 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/02/13 08:56:04 | 000,000,438 | ---- | C] () -- C:\Windows\System32\dlcxplc.ini

========== LOP Check ==========

[2011/07/19 19:00:30 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\PhotoScape
[2011/08/30 22:14:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello emma26 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [jswtrayutil] File not found
    O33 - MountPoints2\{18f56935-782d-11e0-9cbb-001aa080f56c}\Shell\AutoRun\command - "" = G:\Setup.exe
    O33 - MountPoints2\{18f56935-782d-11e0-9cbb-001aa080f56c}\Shell\Install\command - "" = G:\Setup.exe
    O36 - AppCertDlls: dpapched - (C:\Windows\system32\chknsync.dll) - C:\Windows\System32\chknsync.dll ()
    [2011/08/30 21:04:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/08/23 17:56:25 | 000,052,736 | -H-- | M] () -- C:\Windows\System32\chknsync.dll
    [2011/08/23 14:09:55 | 000,001,052 | -HS- | M] () -- C:\Users\Emma\AppData\Local\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht
    [2011/08/23 14:09:55 | 000,001,052 | -HS- | M] () -- C:\ProgramData\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht
    [2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\Users\Emma\AppData\Local\vppp.exe
    [2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\ProgramData\qixd.exe
    [2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\Users\Emma\AppData\Local\nkub.exe
    [2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\ProgramData\lxvt.exe
    [2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\Users\Emma\AppData\Local\jpjj.exe
    [2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\ProgramData\gnaq.exe
    [2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\Users\Emma\AppData\Local\ewhb.exe
    [2011/08/23 14:09:55 | 000,000,000 | ---- | M] () -- C:\ProgramData\cbio.exe
    [2011/08/30 22:14:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    :Files
    C:\ProgramData\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht
    C:\Users\Emma\AppData\Local\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • AVP log
It would be helpful if you could post each log in separate post
  • 0

#3
emma26

emma26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello Maliprog, and thank you for the help.

I ran the fix and this is the log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18f56935-782d-11e0-9cbb-001aa080f56c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18f56935-782d-11e0-9cbb-001aa080f56c}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18f56935-782d-11e0-9cbb-001aa080f56c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18f56935-782d-11e0-9cbb-001aa080f56c}\ not found.
File G:\Setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\dpapched deleted successfully.
C:\Windows\System32\chknsync.dll moved successfully.
C:\Windows\bthservsdp.dat moved successfully.
File C:\Windows\System32\chknsync.dll not found.
C:\Users\Emma\AppData\Local\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht moved successfully.
C:\ProgramData\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht moved successfully.
C:\Users\Emma\AppData\Local\vppp.exe moved successfully.
C:\ProgramData\qixd.exe moved successfully.
C:\Users\Emma\AppData\Local\nkub.exe moved successfully.
C:\ProgramData\lxvt.exe moved successfully.
C:\Users\Emma\AppData\Local\jpjj.exe moved successfully.
C:\ProgramData\gnaq.exe moved successfully.
C:\Users\Emma\AppData\Local\ewhb.exe moved successfully.
C:\ProgramData\cbio.exe moved successfully.
File move failed. C:\Windows\Tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\ProgramData\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht not found.
File\Folder C:\Users\Emma\AppData\Local\om5voeys5440gb80u7x13asrjy5wa168v45301t877ht not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Emma\Desktop\cmd.bat deleted successfully.
C:\Users\Emma\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Emma
->Temp folder emptied: 86283409 bytes
->Temporary Internet Files folder emptied: 11254467 bytes
->Java cache emptied: 44565 bytes
->Flash cache emptied: 651 bytes

User: Megan
->Temp folder emptied: 17288312 bytes
->Temporary Internet Files folder emptied: 66844 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sara
->Temp folder emptied: 9806666 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4196123537 bytes
RecycleBin emptied: 59386882 bytes

Total Files Cleaned = 4,177.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Emma
->Flash cache emptied: 0 bytes

User: Megan
->Flash cache emptied: 0 bytes

User: Public

User: Sara
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.7 log created on 08312011_095155

Files\Folders moved on Reboot...
File move failed. C:\Windows\Tasks\SCHEDLGU.TXT scheduled to be moved on reboot.

Registry entries deleted on Reboot...


I am going to do the next step when I get home- I have to go to class right now. I will post in about four hours though.
  • 0

#4
emma26

emma26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
So I have just gotten home, and the scan is still going from AVP. It is around 30% which seems odd... however there were three detected items so far and I deleted them. I will post once the scan is complete.
  • 0

#5
emma26

emma26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
about an hour after posting my last reply, the scan had a file and reccomended to disinfect it (not delete) so I clicked that option, and when the computer rebooted the scan was paused so I clicked to continue, and the scan froze (or my computer did) and i needed to cut power to my computer in able to shut down. I rebooted and, unfortunately, the scan needed to start over. It has now been running for 6 1/2 hours and is only at 14%. I am going to leave my computer on tonight and hopefully it will be completed when I wake up tomorrow. I guess I will just post when the scan has finished. Is it wrong for it to be going this slow? I'm not sure if it is working right. it has scanned about 71000 files and counting and is only 14%? Maybe I'm just used to quick scans.

Unless something bad happens, i will not post until the scan completes and I get the log.

Hope to speak to you soon-
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi emma26,

If you have a lot of files on your system scan time can take up to 8h - 12h. I know it's pain but we need to do it. You did good job with disinfection :) . Just post log after the scan now. I'll be here :unsure:
  • 0

#7
emma26

emma26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
arggg up to twelve hours? well it has been one day and 4 and a half hours so far and I'm at 60 percent D'x
It says 18 hours left :) see you then :unsure:
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi emma26,

I'm sorry but I would like to see that log. Scan time is directly associated with number of files on your system. More documents, longer scan time.

Just don't forget to save log for me...
  • 0

#9
emma26

emma26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
it finished FINALLY one minute ago! Here's the attachment.

Attached Files

  • Attached File  log.txt   1.98KB   125 downloads

  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi emma26,

AVP did good job and clean some infection. Please test your system after these two steps and tell me your current problems.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

Advertisements


#11
emma26

emma26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
2011/09/03 01:00:56.0063 5484 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/03 01:00:56.0422 5484 ================================================================================
2011/09/03 01:00:56.0422 5484 SystemInfo:
2011/09/03 01:00:56.0422 5484
2011/09/03 01:00:56.0422 5484 OS Version: 6.0.6000 ServicePack: 0.0
2011/09/03 01:00:56.0422 5484 Product type: Workstation
2011/09/03 01:00:56.0422 5484 ComputerName: SARA-PC
2011/09/03 01:00:56.0422 5484 UserName: Emma
2011/09/03 01:00:56.0422 5484 Windows directory: C:\Windows
2011/09/03 01:00:56.0422 5484 System windows directory: C:\Windows
2011/09/03 01:00:56.0422 5484 Processor architecture: Intel x86
2011/09/03 01:00:56.0422 5484 Number of processors: 2
2011/09/03 01:00:56.0422 5484 Page size: 0x1000
2011/09/03 01:00:56.0422 5484 Boot type: Normal boot
2011/09/03 01:00:56.0422 5484 ================================================================================
2011/09/03 01:00:57.0343 5484 Initialize success
2011/09/03 01:01:35.0900 5516 ================================================================================
2011/09/03 01:01:35.0900 5516 Scan started
2011/09/03 01:01:35.0900 5516 Mode: Manual;
2011/09/03 01:01:35.0900 5516 ================================================================================
2011/09/03 01:01:36.0243 5516 98630506 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\98630506.sys
2011/09/03 01:01:36.0306 5516 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/09/03 01:01:36.0368 5516 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/03 01:01:36.0415 5516 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/03 01:01:36.0431 5516 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/03 01:01:36.0462 5516 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/03 01:01:36.0509 5516 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/09/03 01:01:36.0571 5516 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/09/03 01:01:36.0602 5516 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/03 01:01:36.0649 5516 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/09/03 01:01:36.0696 5516 amacpi (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\DRIVERS\null.sys
2011/09/03 01:01:36.0758 5516 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/09/03 01:01:36.0789 5516 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/09/03 01:01:36.0836 5516 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/03 01:01:36.0852 5516 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/03 01:01:37.0070 5516 amdkmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/03 01:01:37.0273 5516 amdkmdap (655053f7c0a3b551da84db7417a10e15) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/09/03 01:01:37.0367 5516 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/03 01:01:37.0382 5516 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/03 01:01:37.0429 5516 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/03 01:01:37.0476 5516 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/09/03 01:01:37.0585 5516 athur (3efbcc92721a1ceaf7da6bda02e81366) C:\Windows\system32\DRIVERS\athur.sys
2011/09/03 01:01:37.0944 5516 atikmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/03 01:01:38.0131 5516 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/09/03 01:01:38.0240 5516 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/03 01:01:38.0271 5516 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/03 01:01:38.0287 5516 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/03 01:01:38.0318 5516 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/03 01:01:38.0334 5516 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/03 01:01:38.0349 5516 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/03 01:01:38.0381 5516 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/03 01:01:38.0443 5516 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/03 01:01:38.0568 5516 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/03 01:01:38.0599 5516 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/03 01:01:38.0646 5516 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/09/03 01:01:38.0677 5516 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/09/03 01:01:38.0724 5516 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/09/03 01:01:38.0786 5516 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/09/03 01:01:38.0817 5516 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/03 01:01:38.0833 5516 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/03 01:01:39.0067 5516 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/03 01:01:39.0270 5516 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/09/03 01:01:39.0426 5516 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/09/03 01:01:39.0473 5516 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/03 01:01:39.0519 5516 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/09/03 01:01:39.0566 5516 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/03 01:01:39.0613 5516 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/09/03 01:01:39.0691 5516 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/03 01:01:39.0785 5516 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/09/03 01:01:39.0847 5516 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/03 01:01:39.0894 5516 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/09/03 01:01:39.0925 5516 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/09/03 01:01:39.0956 5516 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/03 01:01:39.0987 5516 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/09/03 01:01:40.0034 5516 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/03 01:01:40.0065 5516 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/03 01:01:40.0175 5516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/03 01:01:40.0237 5516 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/03 01:01:40.0284 5516 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/03 01:01:40.0315 5516 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/03 01:01:40.0346 5516 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/03 01:01:40.0377 5516 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/03 01:01:40.0767 5516 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/03 01:01:40.0908 5516 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/09/03 01:01:41.0001 5516 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/09/03 01:01:41.0064 5516 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/03 01:01:41.0142 5516 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/03 01:01:41.0189 5516 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/03 01:01:41.0267 5516 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/03 01:01:41.0407 5516 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/03 01:01:41.0501 5516 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
2011/09/03 01:01:41.0594 5516 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/03 01:01:41.0641 5516 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/03 01:01:41.0750 5516 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/03 01:01:41.0906 5516 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/03 01:01:42.0000 5516 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/09/03 01:01:42.0327 5516 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/09/03 01:01:42.0421 5516 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/03 01:01:42.0483 5516 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/03 01:01:42.0530 5516 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/03 01:01:42.0593 5516 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
2011/09/03 01:01:42.0655 5516 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/03 01:01:42.0686 5516 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/03 01:01:42.0811 5516 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/03 01:01:42.0905 5516 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/03 01:01:42.0936 5516 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/03 01:01:42.0983 5516 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/03 01:01:43.0014 5516 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/03 01:01:43.0061 5516 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/09/03 01:01:43.0092 5516 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/03 01:01:43.0170 5516 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/03 01:01:43.0201 5516 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/09/03 01:01:43.0263 5516 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/03 01:01:43.0295 5516 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/03 01:01:43.0341 5516 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/03 01:01:43.0373 5516 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/09/03 01:01:43.0466 5516 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/09/03 01:01:43.0513 5516 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/03 01:01:43.0716 5516 MpKsle99b7fca (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F715A00-1B7B-45DB-BC93-3076FE18E25C}\MpKsle99b7fca.sys
2011/09/03 01:01:43.0856 5516 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/09/03 01:01:43.0919 5516 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/03 01:01:43.0997 5516 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/03 01:01:44.0028 5516 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/09/03 01:01:44.0075 5516 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/03 01:01:44.0090 5516 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/03 01:01:44.0121 5516 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/03 01:01:44.0168 5516 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/09/03 01:01:44.0199 5516 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/03 01:01:44.0262 5516 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/09/03 01:01:44.0293 5516 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/09/03 01:01:44.0402 5516 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/03 01:01:44.0465 5516 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/03 01:01:44.0480 5516 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/09/03 01:01:44.0527 5516 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/09/03 01:01:44.0558 5516 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/03 01:01:44.0605 5516 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/09/03 01:01:44.0667 5516 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/09/03 01:01:44.0839 5516 NativeWifiP (1d162e52fb691eb555a476b04b4bff3f) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/03 01:01:45.0042 5516 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/09/03 01:01:45.0120 5516 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/03 01:01:45.0167 5516 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/03 01:01:45.0198 5516 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/03 01:01:45.0229 5516 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/09/03 01:01:45.0276 5516 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/03 01:01:45.0307 5516 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/03 01:01:45.0401 5516 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/03 01:01:45.0447 5516 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/09/03 01:01:45.0463 5516 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/03 01:01:45.0525 5516 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/09/03 01:01:45.0603 5516 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/03 01:01:45.0635 5516 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/09/03 01:01:45.0697 5516 NVENETFD (19055a1c1076ef48e738d26ea7fb8017) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/09/03 01:01:45.0759 5516 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/09/03 01:01:45.0806 5516 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/09/03 01:01:45.0837 5516 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/09/03 01:01:45.0900 5516 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/09/03 01:01:46.0009 5516 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/09/03 01:01:46.0056 5516 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/03 01:01:46.0103 5516 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
2011/09/03 01:01:46.0118 5516 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/03 01:01:46.0165 5516 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/09/03 01:01:46.0259 5516 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
2011/09/03 01:01:46.0305 5516 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/03 01:01:46.0383 5516 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/03 01:01:46.0586 5516 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/03 01:01:46.0633 5516 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/09/03 01:01:46.0695 5516 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/03 01:01:46.0742 5516 PxHelp20 (324c27635e516184c811339a75cefd4a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/03 01:01:46.0805 5516 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/03 01:01:46.0898 5516 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/03 01:01:46.0961 5516 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/03 01:01:47.0179 5516 R300 (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/03 01:01:47.0335 5516 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/03 01:01:47.0397 5516 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/03 01:01:47.0429 5516 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/03 01:01:47.0460 5516 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/03 01:01:47.0522 5516 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/03 01:01:47.0585 5516 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/09/03 01:01:47.0600 5516 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/03 01:01:47.0694 5516 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
2011/09/03 01:01:47.0787 5516 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/03 01:01:47.0834 5516 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/03 01:01:47.0897 5516 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
2011/09/03 01:01:47.0943 5516 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/03 01:01:47.0990 5516 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/03 01:01:48.0021 5516 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/03 01:01:48.0053 5516 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/09/03 01:01:48.0131 5516 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/09/03 01:01:48.0162 5516 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/03 01:01:48.0209 5516 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/03 01:01:48.0255 5516 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/03 01:01:48.0333 5516 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/09/03 01:01:48.0365 5516 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/03 01:01:48.0411 5516 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/03 01:01:48.0521 5516 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
2011/09/03 01:01:48.0599 5516 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/09/03 01:01:48.0661 5516 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/09/03 01:01:48.0692 5516 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/03 01:01:48.0723 5516 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/03 01:01:48.0770 5516 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/03 01:01:48.0833 5516 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/03 01:01:48.0864 5516 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/03 01:01:48.0879 5516 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/03 01:01:48.0973 5516 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
2011/09/03 01:01:49.0051 5516 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/03 01:01:49.0098 5516 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/03 01:01:49.0145 5516 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/09/03 01:01:49.0238 5516 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/09/03 01:01:49.0347 5516 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/03 01:01:49.0410 5516 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/03 01:01:49.0566 5516 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/03 01:01:49.0613 5516 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/03 01:01:49.0644 5516 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/03 01:01:49.0675 5516 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/03 01:01:49.0722 5516 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/03 01:01:49.0800 5516 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/03 01:01:49.0847 5516 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/03 01:01:49.0878 5516 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/03 01:01:49.0893 5516 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/03 01:01:49.0940 5516 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/03 01:01:50.0034 5516 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/03 01:01:50.0096 5516 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/03 01:01:50.0127 5516 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/03 01:01:50.0174 5516 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/03 01:01:50.0205 5516 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/03 01:01:50.0237 5516 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/03 01:01:50.0283 5516 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/03 01:01:50.0361 5516 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/03 01:01:50.0393 5516 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/03 01:01:50.0439 5516 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/03 01:01:50.0502 5516 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/03 01:01:50.0533 5516 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/09/03 01:01:50.0595 5516 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/09/03 01:01:50.0627 5516 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/03 01:01:50.0689 5516 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/09/03 01:01:50.0720 5516 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/09/03 01:01:50.0783 5516 volmgrx (420c48e593b9520c2dee45d671f923e1) C:\Windows\system32\drivers\volmgrx.sys
2011/09/03 01:01:50.0829 5516 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/09/03 01:01:50.0876 5516 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/03 01:01:50.0923 5516 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/03 01:01:50.0970 5516 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/03 01:01:50.0985 5516 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/03 01:01:51.0079 5516 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/09/03 01:01:51.0141 5516 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/03 01:01:51.0235 5516 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/03 01:01:51.0344 5516 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/03 01:01:51.0407 5516 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/03 01:01:51.0438 5516 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/03 01:01:51.0563 5516 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/03 01:01:51.0625 5516 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/03 01:01:51.0672 5516 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/03 01:01:51.0703 5516 Boot (0x1200) (28540b1345770a46fa1eeac867c27e0e) \Device\Harddisk0\DR0\Partition0
2011/09/03 01:01:51.0719 5516 Boot (0x1200) (ce31315a08ea0c28149a047ababcd29e) \Device\Harddisk0\DR0\Partition1
2011/09/03 01:01:51.0719 5516 ================================================================================
2011/09/03 01:01:51.0719 5516 Scan finished
2011/09/03 01:01:51.0719 5516 ================================================================================
2011/09/03 01:01:51.0734 5316 Detected object count: 0
2011/09/03 01:01:51.0734 5316 Actual detected object count: 0
  • 0

#12
emma26

emma26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
and the second:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-03 01:04:40
-----------------------------
01:04:40.004 OS Version: Windows 6.0.6000
01:04:40.004 Number of processors: 2 586 0x6B01
01:04:40.004 ComputerName: SARA-PC UserName: Emma
01:04:50.113 Initialize success
01:04:59.947 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
01:04:59.947 Disk 0 Vendor: ST325031 3.AD Size: 238418MB BusType: 6
01:05:01.990 Disk 0 MBR read successfully
01:05:02.006 Disk 0 MBR scan
01:05:02.006 Disk 0 Windows VISTA default MBR code
01:05:02.021 Disk 0 scanning sectors +488278016
01:05:02.099 Disk 0 scanning C:\Windows\system32\drivers
01:05:06.405 Service scanning
01:05:07.201 Service MpKsle99b7fca c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F715A00-1B7B-45DB-BC93-3076FE18E25C}\MpKsle99b7fca.sys **LOCKED** 32
01:05:07.216 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
01:05:07.981 Modules scanning
01:05:22.691 Disk 0 trace - called modules:
01:05:22.707 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll dxgkrnl.sys atikmpag.sys atikmdag.sys watchdog.sys storport.sys nvstor32.sys
01:05:22.707 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85146820]
01:05:22.723 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x84280178]
01:05:22.723 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\0000004f[0x83e80a38]
01:05:22.738 Scan finished successfully
01:05:35.249 Disk 0 MBR has been saved successfully to "C:\Users\Emma\Desktop\MBR.dat"
01:05:35.249 The log file has been saved successfully to "C:\Users\Emma\Desktop\aswMBR.txt"
  • 0

#13
emma26

emma26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thank god they didn't take 2 days to scan ^.^
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes, I agree :)

Please test your system and tell me is there any sign of malware.
  • 0

#15
emma26

emma26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I just scanned uning the original detector of the malware- microsoft security essentials and no threats were detected!! thank you so much for helping me!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP