Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Infection, Generic, in System32, See OTL Log. Thanks! [So

Started by blueblue , Feb 27 2012 07:37 PM

  • This topic is locked This topic is locked

#1
blueblue
Posted 27 February 2012 - 07:37 PM

blueblue

    Member

  • Member
  • PipPipPip
  • 270 posts
About 2 months ago, something got into my machine, for some reason I never saw the report. The suspecious files are now in quarentine, in TDSSkiller, that may be why my AV couldn't clean it. I'm concerned I transferred it to my external drive, a thumb drive, and another computer. Nothing found it on the ext d, I can't get TDSSkiller to scan the external. On the other machine it found the same 2 and listed suspicious files. Here's my OTL Log for this machine. Thank you very much for your help. If this is an infection I don't know how it got in, I'm careful where I go, every day I scan for updates and viruses. I don't remember when I got TDSSkiller, could look that up. Here's my OTL log:

OTL logfile created on: 2/25/2012 3:53:36 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Rainbow\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 252.49 Mb Available Physical Memory | 24.92% Memory free
1.99 Gb Paging File | 0.40 Gb Available in Paging File | 19.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 41.75 Gb Free Space | 30.48% Space Free | Partition Type: NTFS

Computer Name: AMEE-PC | User Name: Sunny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/25 15:34:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Rainbow\Desktop\OTL.exe
PRC - [2012/02/20 18:21:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/11/08 12:05:23 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
PRC - [2011/11/01 11:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/11/01 11:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/09/09 08:23:35 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
PRC - [2011/09/09 08:23:34 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/23 08:45:53 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 09:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/07 02:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/09/30 17:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/09/30 17:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/09/30 17:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exe
PRC - [2009/08/23 21:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/08/05 10:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
PRC - [2009/08/05 10:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXE
PRC - [2009/08/05 10:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
PRC - [2009/08/05 10:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
PRC - [2009/08/05 10:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/13 20:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/13 20:14:23 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
PRC - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 18:21:39 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/08/05 10:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSPC\fspcfsm.eng
MOD - [2009/08/05 10:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fshook32.dll
MOD - [2009/08/05 10:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\strres.eng
MOD - [2009/08/05 10:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\gres.dll
MOD - [2009/08/05 10:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\flyerres.eng
MOD - [2009/08/05 10:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\fsavures.eng
MOD - [2009/08/05 10:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\about.dll
MOD - [2009/08/05 10:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\aboutres.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2011/05/23 08:45:53 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/07/31 21:42:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/30 17:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/23 21:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/08/05 10:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 10:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/08/05 10:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009/07/13 20:15:33 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
SRV - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/03/07 08:51:52 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\LxrSII1s.exe -- (LxrSII1s)


========== Driver Services (SafeList) ==========

DRV - [2011/11/02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/11/01 11:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/11/01 11:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/11/01 11:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2011/09/09 08:24:19 | 000,148,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011/08/17 21:54:49 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2011/05/19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2010/12/16 22:55:14 | 000,073,160 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2010/12/16 22:53:56 | 000,036,792 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/17 15:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 15:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 15:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 15:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 15:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/23 02:30:06 | 000,103,296 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/11/05 23:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/04 00:37:44 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/08/07 05:18:28 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/08/05 10:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 10:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/06/02 06:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 06:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 06:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/03/22 16:37:20 | 000,113,896 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://support.microsoft.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ixquick"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.duckduckgo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Charter Security Suite\NRS\[email protected] [2012/02/19 14:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/19 19:41:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 18:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/18 02:49:53 | 000,000,000 | ---D | M]

[2010/06/08 14:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\Mozilla\Extensions
[2012/02/16 21:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\6q78mrjr.default\extensions
[2010/10/28 18:14:27 | 000,002,484 | ---- | M] () -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\6q78mrjr.default\searchplugins\ixquick.xml
[2012/02/20 18:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/19 14:29:42 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\CHARTER SECURITY SUITE\NRS\[email protected]
() (No name found) -- C:\USERS\SUNNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Q78MRJR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\SUNNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Q78MRJR.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI
() (No name found) -- C:\USERS\SUNNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Q78MRJR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/20 18:21:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/18 10:16:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/20 18:21:32 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/20 18:21:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/20 18:21:32 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/20 18:21:32 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/20 18:21:32 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/23 12:19:58 | 000,441,415 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15170 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CKeyScramblerBHO Object) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [LxrAutorun] C:\Users\Sunny\AppData\Local\Lexar Media\LxrAutorun.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64F9C95D-74A6-436A-A1C9-B7CAF40E3775}: DhcpNameServer = 101.122.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD612608-98F2-447D-8306-503349FBF900}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/24 12:56:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/21 23:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/02/21 21:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/02/21 21:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/02/21 21:06:46 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Documents\Anti-Malware
[2012/02/19 23:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/02/18 10:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/17 19:18:17 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\Fix it portable
[2012/02/16 21:05:07 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\LogMeIn Rescue Applet
[2012/02/15 18:40:33 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/02/07 21:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/01/31 18:24:38 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/31 18:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2010/06/26 17:02:22 | 000,083,248 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS Master.exe
[2010/06/20 12:10:54 | 001,009,152 | ---- | C] (NewSoft, Inc.) -- C:\Program Files\PRESTOPM.EXE

========== Files - Modified Within 30 Days ==========

[2012/02/25 10:39:10 | 000,015,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 10:39:10 | 000,015,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 10:32:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/25 10:32:34 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/23 12:19:58 | 000,441,415 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/23 12:15:27 | 000,441,415 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-121958.backup
[2012/02/23 11:09:27 | 000,441,415 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-121527.backup
[2012/02/21 21:08:11 | 000,001,073 | ---- | M] () -- C:\Users\Sunny\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/02/21 21:08:11 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/02/21 03:19:41 | 000,704,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/21 03:19:41 | 000,136,306 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/20 18:15:06 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/20 00:13:54 | 000,359,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/07 21:20:56 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/02/07 21:18:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/29 22:35:47 | 000,008,987 | ---- | M] () -- C:\Users\Public\Documents\Awareness.rtf

========== Files Created - No Company Name ==========

[2012/02/21 21:08:11 | 000,001,073 | ---- | C] () -- C:\Users\Sunny\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/02/21 21:08:11 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/02/20 19:37:37 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/02/20 18:15:06 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/20 18:15:06 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/07 21:20:56 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/05 18:23:05 | 001,557,791 | ---- | C] () -- C:\Program Files\tdsskiller.zip
[2012/01/05 17:53:04 | 000,000,025 | ---- | C] () -- C:\ProgramData\descript.ion
[2011/12/21 17:45:46 | 000,040,296 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2011/12/21 17:45:45 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2011/03/21 16:01:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/18 03:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/18 03:52:10 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011/01/18 03:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/18 03:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010/12/08 19:38:54 | 000,000,268 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/27 23:43:04 | 000,007,601 | ---- | C] () -- C:\Users\Sunny\AppData\Local\resmon.resmoncfg
[2010/08/04 19:05:46 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2010/06/25 22:21:26 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LxrSII1s.exe
[2010/06/20 12:44:41 | 000,004,264 | ---- | C] () -- C:\Windows\IF40LE.INI
[2010/06/20 12:23:28 | 000,000,000 | ---- | C] () -- C:\Windows\PRESTOPM.INI
[2010/06/07 23:49:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/06 18:22:30 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe

========== LOP Check ==========

[2012/02/08 18:01:19 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
maliprog
Posted 28 February 2012 - 08:15 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello blueblue and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed


Please take your time and read my instructions carefully. Delete your version of TDSSKiller before your start with steps.

Also, do you experience any problems with your system?

Step 1

We need to disable Spybot S&amp;D's "TeaTimer".

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

  • Open Spybot Search and Destroy by going to Start -&gt; All Programs -&gt; Spybot Search and Destroy -&gt; Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode and then on "Advanced Mode".
    Posted Image
  • You may be presented with a warning dialog. If so, press Yes.
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck these checkboxes:
    Posted Image
  • Close/Exit Spybot Search and Destroy.


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
blueblue
Posted 28 February 2012 - 10:21 AM

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Hi thank you for your help and advice. Last night I updated TDSSkiller, is that OK?
I will do as you suggest and get back to you in a few hours.

My computer is a bit slow but I think it's because of some settings that need changing, I saw something about pagefile in system diagnostics but I don't feel comfortable making any changes. There's options to let windows decide what's best, I may have to let it do that. Otherwise my systemseems to be ok, I'm still concerned if I have something bad that's hiding, gathering info and sending it to someone. When we have this figured out I hope to know how it got there.

bb

Edited by blueblue, 28 February 2012 - 10:32 AM.

  • 0

#4
maliprog
Posted 28 February 2012 - 02:41 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

Last night I updated TDSSkiller, is that OK?


It's OK. Do scans :)
  • 0

#5
blueblue
Posted 28 February 2012 - 08:53 PM

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Hi I did what you asked. I have some details you may be interested in also, during the aswMBR scan, my security program caught and removed something, and deleted a file associated with the avast program. I couldn't figure out how to copy the log file for it so I wrote it down in a txt file in case you wanted to see it. It was a trojan.

Thank you for your help. I hope my logs are helpful. I did a full scan with the aswMBR. Here's the txt log, I can't zip the dat file with the program I have, don't have winzip anymore, I hope this doesn't upset you. I tried to use it with the program I have but it doesn't seem to support dat files, I am a bit upset about this.

These scans were done from an admin account.

Sincerely, bb

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 17:02:03
-----------------------------
17:02:03.316 OS Version: Windows 6.1.7601 Service Pack 1
17:02:03.316 Number of processors: 2 586 0x1C0A
17:02:03.347 ComputerName: AMEE-PC UserName: Sunny
17:02:59.237 Initialize success
17:05:56.648 AVAST engine defs: 12022802
17:06:16.142 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:06:16.152 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
17:06:16.241 Disk 0 MBR read successfully
17:06:16.248 Disk 0 MBR scan
17:06:16.334 Disk 0 Windows 7 default MBR code
17:06:16.346 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
17:06:16.392 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
17:06:16.441 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140232 MB offset 25382700
17:06:16.482 Disk 0 scanning sectors +312579760
17:06:16.576 Disk 0 scanning C:\Windows\system32\drivers
17:08:54.028 Service scanning
17:10:35.439 Modules scanning
17:11:01.827 Disk 0 trace - called modules:
17:11:01.879 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
17:11:01.896 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85560288]
17:11:01.922 3 CLASSPNP.SYS[87e8a59e] -> nt!IofCallDriver -> [0x84b40f08]
17:11:01.941 5 ACPI.sys[876273d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b13028]
17:11:02.995 AVAST engine scan C:\
19:51:47.900 Scan finished successfully
20:12:48.997 Disk 0 MBR has been saved successfully to "C:\Users\Sunny\Desktop\MBR.dat"
20:12:49.044 The log file has been saved successfully to "C:\Users\Sunny\Desktop\aswMBR22812.txt"

Edited by blueblue, 28 February 2012 - 09:28 PM.

  • 0

#6
blueblue
Posted 28 February 2012 - 09:15 PM

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
TDSSkiller log 2/28/12 (A previous scan put something in quarentine, it's still there but I don't see it listed in this scan.)

16:24:04.0974 6564 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
16:24:05.0738 6564 ============================================================
16:24:05.0738 6564 Current date / time: 2012/02/28 16:24:05.0738
16:24:05.0738 6564 SystemInfo:
16:24:05.0738 6564
16:24:05.0738 6564 OS Version: 6.1.7601 ServicePack: 1.0
16:24:05.0738 6564 Product type: Workstation
16:24:05.0738 6564 ComputerName: AMEE-PC
16:24:05.0738 6564 UserName: Sunny
16:24:05.0738 6564 Windows directory: C:\Windows
16:24:05.0738 6564 System windows directory: C:\Windows
16:24:05.0738 6564 Processor architecture: Intel x86
16:24:05.0738 6564 Number of processors: 2
16:24:05.0738 6564 Page size: 0x1000
16:24:05.0738 6564 Boot type: Normal boot
16:24:05.0738 6564 ============================================================
16:24:10.0621 6564 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:24:10.0621 6564 \Device\Harddisk0\DR0:
16:24:10.0652 6564 MBR used
16:24:10.0652 6564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
16:24:10.0652 6564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
16:24:10.0871 6564 Initialize success
16:24:10.0871 6564 ============================================================
16:26:18.0595 5812 ============================================================
16:26:18.0595 5812 Scan started
16:26:18.0595 5812 Mode: Manual; SigCheck; TDLFS;
16:26:18.0595 5812 ============================================================
16:26:20.0394 5812 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:26:21.0509 5812 1394ohci - ok
16:26:21.0652 5812 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
16:26:21.0951 5812 a2acc - ok
16:26:22.0109 5812 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
16:26:22.0382 5812 A2DDA - ok
16:26:22.0544 5812 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:26:22.0789 5812 ACPI - ok
16:26:22.0936 5812 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:26:23.0249 5812 AcpiPmi - ok
16:26:23.0406 5812 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:26:23.0633 5812 adp94xx - ok
16:26:23.0769 5812 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:26:23.0949 5812 adpahci - ok
16:26:24.0082 5812 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:26:24.0291 5812 adpu320 - ok
16:26:24.0469 5812 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:26:24.0808 5812 AFD - ok
16:26:24.0942 5812 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:26:25.0082 5812 agp440 - ok
16:26:25.0151 5812 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:26:25.0328 5812 aic78xx - ok
16:26:25.0499 5812 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:26:25.0673 5812 aliide - ok
16:26:25.0808 5812 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:26:25.0971 5812 amdagp - ok
16:26:26.0021 5812 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:26:26.0176 5812 amdide - ok
16:26:26.0306 5812 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:26:26.0579 5812 AmdK8 - ok
16:26:26.0699 5812 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:26:26.0976 5812 AmdPPM - ok
16:26:27.0115 5812 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:26:27.0299 5812 amdsata - ok
16:26:27.0431 5812 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:26:27.0666 5812 amdsbs - ok
16:26:27.0718 5812 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:26:27.0915 5812 amdxata - ok
16:26:28.0064 5812 ApfiltrService (3477e796ed9c9aace83eab276e4a92b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:26:28.0245 5812 ApfiltrService - ok
16:26:28.0398 5812 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:26:28.0795 5812 AppID - ok
16:26:28.0948 5812 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:26:29.0110 5812 arc - ok
16:26:29.0149 5812 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:26:29.0310 5812 arcsas - ok
16:26:29.0490 5812 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:26:29.0858 5812 AsyncMac - ok
16:26:30.0034 5812 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:26:30.0299 5812 atapi - ok
16:26:30.0475 5812 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\Windows\system32\DRIVERS\athr.sys
16:26:30.0936 5812 athr - ok
16:26:31.0131 5812 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:26:31.0559 5812 b06bdrv - ok
16:26:31.0702 5812 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:26:31.0971 5812 b57nd60x - ok
16:26:32.0223 5812 BCM43XX (4191f221e4af85a391567c6f9b55f370) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:26:32.0724 5812 BCM43XX - ok
16:26:32.0856 5812 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:26:33.0095 5812 Beep - ok
16:26:33.0224 5812 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:26:33.0443 5812 blbdrive - ok
16:26:33.0583 5812 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:26:33.0828 5812 bowser - ok
16:26:33.0939 5812 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:26:34.0188 5812 BrFiltLo - ok
16:26:34.0299 5812 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:26:34.0546 5812 BrFiltUp - ok
16:26:34.0703 5812 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:26:35.0018 5812 Brserid - ok
16:26:35.0127 5812 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:26:35.0349 5812 BrSerWdm - ok
16:26:35.0473 5812 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:26:35.0693 5812 BrUsbMdm - ok
16:26:35.0816 5812 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:26:36.0019 5812 BrUsbSer - ok
16:26:36.0142 5812 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:26:36.0371 5812 BTHMODEM - ok
16:26:36.0540 5812 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:26:36.0787 5812 cdfs - ok
16:26:36.0955 5812 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
16:26:37.0236 5812 cdrom - ok
16:26:37.0378 5812 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:26:37.0595 5812 circlass - ok
16:26:37.0775 5812 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:26:37.0934 5812 CLFS - ok
16:26:38.0033 5812 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:26:38.0276 5812 CmBatt - ok
16:26:38.0432 5812 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:26:38.0619 5812 cmdide - ok
16:26:38.0703 5812 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:26:38.0949 5812 CNG - ok
16:26:39.0083 5812 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:26:39.0266 5812 Compbatt - ok
16:26:39.0436 5812 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:26:39.0672 5812 CompositeBus - ok
16:26:39.0869 5812 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:26:40.0073 5812 crcdisk - ok
16:26:40.0290 5812 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:26:40.0523 5812 DfsC - ok
16:26:40.0579 5812 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:26:40.0776 5812 discache - ok
16:26:41.0022 5812 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:26:41.0193 5812 Disk - ok
16:26:41.0339 5812 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
16:26:41.0495 5812 DKbFltr - ok
16:26:41.0608 5812 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:26:41.0765 5812 drmkaud - ok
16:26:41.0962 5812 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:26:42.0260 5812 DXGKrnl - ok
16:26:42.0506 5812 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:26:43.0076 5812 ebdrv - ok
16:26:43.0288 5812 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:26:43.0536 5812 elxstor - ok
16:26:43.0712 5812 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:26:43.0934 5812 ErrDev - ok
16:26:44.0097 5812 EUCR (649427b91b9dc760001f73085a1bb25c) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
16:26:44.0285 5812 EUCR - ok
16:26:44.0452 5812 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:26:44.0714 5812 exfat - ok
16:26:44.0874 5812 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys
16:26:45.0104 5812 F-Secure Gatekeeper - ok
16:26:45.0290 5812 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys
16:26:45.0448 5812 F-Secure HIPS - ok
16:26:45.0586 5812 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:26:45.0851 5812 fastfat - ok
16:26:46.0001 5812 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:26:46.0219 5812 fdc - ok
16:26:46.0462 5812 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:26:46.0807 5812 FileInfo - ok
16:26:46.0931 5812 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:26:47.0152 5812 Filetrace - ok
16:26:47.0271 5812 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:26:47.0535 5812 flpydisk - ok
16:26:47.0682 5812 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:26:47.0936 5812 FltMgr - ok
16:26:48.0094 5812 fsbts (343786e182b9c9ae3066e00dec650f50) C:\Windows\system32\Drivers\fsbts.sys
16:26:48.0262 5812 fsbts - ok
16:26:48.0380 5812 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:26:48.0584 5812 FsDepends - ok
16:26:48.0787 5812 FSES (2bffae1318ce3d9847a8d61b3726e54e) C:\Windows\system32\drivers\fses.sys
16:26:48.0982 5812 FSES - ok
16:26:49.0146 5812 FSFW (73e6e711455491da6ebbaf9603e96323) C:\Windows\system32\drivers\fsdfw.sys
16:26:49.0302 5812 FSFW - ok
16:26:49.0531 5812 fsvista (f4a1769bd7a3f073c492663e6a7decd1) C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys
16:26:49.0658 5812 fsvista - ok
16:26:49.0794 5812 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:26:49.0968 5812 Fs_Rec - ok
16:26:50.0118 5812 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:26:50.0310 5812 fvevol - ok
16:26:50.0380 5812 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:26:50.0529 5812 gagp30kx - ok
16:26:50.0736 5812 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:26:51.0024 5812 hcw85cir - ok
16:26:51.0200 5812 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:26:51.0414 5812 HdAudAddService - ok
16:26:51.0510 5812 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:26:51.0720 5812 HDAudBus - ok
16:26:51.0824 5812 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:26:52.0019 5812 HidBatt - ok
16:26:52.0096 5812 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:26:52.0374 5812 HidBth - ok
16:26:52.0470 5812 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:26:52.0663 5812 HidIr - ok
16:26:52.0845 5812 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
16:26:53.0065 5812 HidUsb - ok
16:26:53.0191 5812 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:26:53.0357 5812 HpSAMD - ok
16:26:53.0524 5812 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:26:53.0934 5812 HTTP - ok
16:26:54.0071 5812 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:26:54.0197 5812 hwpolicy - ok
16:26:54.0280 5812 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:26:54.0486 5812 i8042prt - ok
16:26:54.0713 5812 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
16:26:54.0962 5812 iaStor - ok
16:26:55.0146 5812 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:26:55.0306 5812 iaStorV - ok
16:26:55.0532 5812 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:26:56.0723 5812 igfx - ok
16:26:56.0869 5812 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:26:57.0040 5812 iirsp - ok
16:26:57.0387 5812 IntcAzAudAddService (081596b57bc442cead3b1ae00b612da0) C:\Windows\system32\drivers\RTKVHDA.sys
16:26:58.0612 5812 IntcAzAudAddService - ok
16:26:58.0765 5812 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:26:58.0930 5812 intelide - ok
16:26:59.0081 5812 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:26:59.0310 5812 intelppm - ok
16:26:59.0483 5812 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:26:59.0729 5812 IpFilterDriver - ok
16:26:59.0906 5812 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:27:00.0126 5812 IPMIDRV - ok
16:27:00.0171 5812 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:27:00.0461 5812 IPNAT - ok
16:27:00.0661 5812 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:27:00.0961 5812 IRENUM - ok
16:27:01.0135 5812 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:27:01.0282 5812 isapnp - ok
16:27:01.0342 5812 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:27:02.0385 5812 iScsiPrt - ok
16:27:02.0537 5812 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
16:27:03.0593 5812 kbdclass - ok
16:27:03.0745 5812 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:27:04.0860 5812 kbdhid - ok
16:27:05.0053 5812 KeyScrambler (2fcdff8a230ae5e992239594cf0286a0) C:\Windows\system32\drivers\keyscrambler.sys
16:27:05.0721 5812 KeyScrambler - ok
16:27:05.0861 5812 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:27:06.0058 5812 KSecDD - ok
16:27:06.0128 5812 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:27:06.0333 5812 KSecPkg - ok
16:27:06.0505 5812 L1C (77f2ae3e32c2e647180ef3d71308e6ee) C:\Windows\system32\DRIVERS\L1C62x86.sys
16:27:06.0755 5812 L1C - ok
16:27:06.0994 5812 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:27:07.0215 5812 lltdio - ok
16:27:07.0476 5812 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:27:07.0629 5812 LSI_FC - ok
16:27:07.0786 5812 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:27:07.0956 5812 LSI_SAS - ok
16:27:08.0110 5812 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:27:08.0316 5812 LSI_SAS2 - ok
16:27:08.0458 5812 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:27:08.0605 5812 LSI_SCSI - ok
16:27:08.0761 5812 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:27:08.0977 5812 luafv - ok
16:27:09.0178 5812 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:27:09.0313 5812 megasas - ok
16:27:09.0376 5812 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:27:09.0552 5812 MegaSR - ok
16:27:09.0706 5812 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
16:27:09.0961 5812 mfeavfk - ok
16:27:10.0120 5812 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
16:27:10.0278 5812 mfebopk - ok
16:27:10.0351 5812 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
16:27:10.0618 5812 mfehidk - ok
16:27:10.0752 5812 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
16:27:10.0917 5812 mferkdk - ok
16:27:11.0006 5812 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
16:27:11.0133 5812 mfesmfk - ok
16:27:11.0281 5812 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:27:11.0534 5812 Modem - ok
16:27:11.0678 5812 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:27:11.0903 5812 monitor - ok
16:27:12.0078 5812 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:27:12.0236 5812 mouclass - ok
16:27:12.0308 5812 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:27:12.0504 5812 mouhid - ok
16:27:12.0648 5812 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:27:12.0809 5812 mountmgr - ok
16:27:12.0881 5812 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:27:13.0097 5812 mpio - ok
16:27:13.0235 5812 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:27:13.0573 5812 mpsdrv - ok
16:27:13.0752 5812 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:27:14.0000 5812 MRxDAV - ok
16:27:14.0158 5812 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:27:14.0483 5812 mrxsmb - ok
16:27:14.0643 5812 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:27:14.0792 5812 mrxsmb10 - ok
16:27:14.0872 5812 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:27:15.0097 5812 mrxsmb20 - ok
16:27:15.0259 5812 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:27:15.0389 5812 msahci - ok
16:27:15.0452 5812 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:27:15.0632 5812 msdsm - ok
16:27:15.0933 5812 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:27:16.0126 5812 Msfs - ok
16:27:16.0175 5812 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:27:16.0337 5812 mshidkmdf - ok
16:27:16.0416 5812 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:27:16.0545 5812 msisadrv - ok
16:27:16.0750 5812 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:27:16.0969 5812 MSKSSRV - ok
16:27:17.0024 5812 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:27:17.0211 5812 MSPCLOCK - ok
16:27:17.0349 5812 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:27:17.0605 5812 MSPQM - ok
16:27:17.0745 5812 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:27:17.0911 5812 MsRPC - ok
16:27:18.0016 5812 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:27:18.0125 5812 mssmbios - ok
16:27:18.0260 5812 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:27:18.0480 5812 MSTEE - ok
16:27:18.0531 5812 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:27:18.0737 5812 MTConfig - ok
16:27:18.0878 5812 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:27:19.0029 5812 Mup - ok
16:27:19.0082 5812 mwlPSDFilter (cb47c414e083ca6e50e634b148f28f64) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:27:19.0265 5812 mwlPSDFilter - ok
16:27:19.0396 5812 mwlPSDNServ (647b953019559bff07536f5c6121f333) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:27:19.0544 5812 mwlPSDNServ - ok
16:27:19.0597 5812 mwlPSDVDisk (5a236a36db8687d1e64dc81c03eaabe1) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:27:19.0723 5812 mwlPSDVDisk - ok
16:27:19.0934 5812 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:27:20.0108 5812 NativeWifiP - ok
16:27:20.0197 5812 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:27:20.0533 5812 NDIS - ok
16:27:20.0727 5812 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:27:20.0955 5812 NdisCap - ok
16:27:21.0097 5812 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:27:21.0310 5812 NdisTapi - ok
16:27:21.0451 5812 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:27:21.0688 5812 Ndisuio - ok
16:27:21.0762 5812 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:27:21.0936 5812 NdisWan - ok
16:27:22.0078 5812 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:27:22.0390 5812 NDProxy - ok
16:27:22.0530 5812 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:27:22.0721 5812 NetBIOS - ok
16:27:22.0805 5812 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:27:23.0037 5812 NetBT - ok
16:27:23.0406 5812 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:27:23.0605 5812 nfrd960 - ok
16:27:23.0837 5812 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:27:24.0087 5812 Npfs - ok
16:27:24.0262 5812 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:27:24.0535 5812 nsiproxy - ok
16:27:24.0772 5812 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:27:25.0122 5812 Ntfs - ok
16:27:25.0257 5812 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:27:25.0473 5812 Null - ok
16:27:25.0642 5812 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:27:25.0821 5812 nvraid - ok
16:27:25.0988 5812 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:27:26.0157 5812 nvstor - ok
16:27:26.0238 5812 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:27:26.0376 5812 nv_agp - ok
16:27:26.0564 5812 OADevice (43d99d58cbadbedebb95069caf6189ca) C:\Windows\system32\drivers\OADriver.sys
16:27:26.0786 5812 OADevice - ok
16:27:26.0998 5812 oahlpXX (f030e19809a764cae883050d2de42805) C:\Windows\system32\drivers\oahlp32.sys
16:27:27.0195 5812 oahlpXX - ok
16:27:27.0352 5812 OAmon (8e2a8fe08e0c5aacf59c8ec08f639b46) C:\Windows\system32\drivers\OAmon.sys
16:27:27.0476 5812 OAmon - ok
16:27:27.0576 5812 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:27:27.0728 5812 ohci1394 - ok
16:27:27.0930 5812 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:27:28.0086 5812 Parport - ok
16:27:28.0164 5812 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
16:27:28.0297 5812 partmgr - ok
16:27:28.0449 5812 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:27:28.0647 5812 Parvdm - ok
16:27:28.0855 5812 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:27:29.0022 5812 pci - ok
16:27:29.0077 5812 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:27:29.0224 5812 pciide - ok
16:27:29.0294 5812 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:27:29.0463 5812 pcmcia - ok
16:27:29.0619 5812 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:27:29.0755 5812 pcw - ok
16:27:29.0822 5812 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:27:30.0227 5812 PEAUTH - ok
16:27:30.0634 5812 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
16:27:30.0788 5812 Point32 - ok
16:27:30.0952 5812 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:27:31.0167 5812 PptpMiniport - ok
16:27:31.0316 5812 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:27:31.0510 5812 Processor - ok
16:27:31.0731 5812 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:27:32.0070 5812 Psched - ok
16:27:32.0254 5812 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
16:27:32.0456 5812 PSI - ok
16:27:32.0662 5812 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:27:33.0010 5812 ql2300 - ok
16:27:33.0168 5812 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:27:33.0322 5812 ql40xx - ok
16:27:33.0415 5812 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:27:33.0588 5812 QWAVEdrv - ok
16:27:33.0741 5812 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:27:34.0006 5812 RasAcd - ok
16:27:34.0155 5812 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:27:34.0423 5812 RasAgileVpn - ok
16:27:34.0682 5812 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:27:34.0889 5812 Rasl2tp - ok
16:27:34.0975 5812 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:27:35.0251 5812 RasPppoe - ok
16:27:35.0427 5812 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:27:35.0652 5812 RasSstp - ok
16:27:35.0799 5812 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:27:36.0026 5812 rdbss - ok
16:27:36.0090 5812 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:27:36.0234 5812 rdpbus - ok
16:27:36.0380 5812 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:27:36.0617 5812 RDPCDD - ok
16:27:36.0805 5812 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:27:37.0003 5812 RDPENCDD - ok
16:27:37.0075 5812 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:27:37.0253 5812 RDPREFMP - ok
16:27:37.0410 5812 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
16:27:37.0602 5812 RDPWD - ok
16:27:37.0695 5812 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:27:37.0834 5812 rdyboost - ok
16:27:38.0158 5812 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:27:38.0423 5812 rspndr - ok
16:27:38.0668 5812 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:27:38.0824 5812 sbp2port - ok
16:27:38.0998 5812 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:27:39.0234 5812 scfilter - ok
16:27:39.0510 5812 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:27:39.0726 5812 secdrv - ok
16:27:40.0056 5812 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:27:40.0213 5812 Serenum - ok
16:27:40.0271 5812 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:27:40.0428 5812 Serial - ok
16:27:40.0590 5812 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:27:40.0774 5812 sermouse - ok
16:27:40.0980 5812 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:27:41.0182 5812 sffdisk - ok
16:27:41.0334 5812 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:27:41.0486 5812 sffp_mmc - ok
16:27:41.0546 5812 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:27:41.0710 5812 sffp_sd - ok
16:27:41.0863 5812 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:27:42.0011 5812 sfloppy - ok
16:27:42.0304 5812 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:27:43.0653 5812 sisagp - ok
16:27:43.0792 5812 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:27:43.0928 5812 SiSRaid2 - ok
16:27:43.0993 5812 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:27:44.0217 5812 SiSRaid4 - ok
16:27:44.0478 5812 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:27:44.0741 5812 Smb - ok
16:27:45.0060 5812 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:27:45.0200 5812 spldr - ok
16:27:45.0498 5812 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:27:45.0889 5812 srv - ok
16:27:46.0069 5812 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:27:46.0463 5812 srv2 - ok
16:27:46.0652 5812 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:27:46.0839 5812 srvnet - ok
16:27:46.0995 5812 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:27:47.0152 5812 stexstor - ok
16:27:47.0384 5812 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:27:47.0542 5812 swenum - ok
16:27:47.0940 5812 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
16:27:48.0454 5812 Tcpip - ok
16:27:48.0673 5812 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
16:27:49.0011 5812 TCPIP6 - ok
16:27:49.0267 5812 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:27:49.0505 5812 tcpipreg - ok
16:27:49.0614 5812 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:27:49.0802 5812 TDPIPE - ok
16:27:49.0947 5812 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
16:27:50.0127 5812 TDTCP - ok
16:27:50.0203 5812 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:27:50.0385 5812 tdx - ok
16:27:50.0554 5812 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:27:50.0713 5812 TermDD - ok
16:27:51.0062 5812 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:27:51.0240 5812 tssecsrv - ok
16:27:51.0410 5812 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:27:51.0671 5812 TsUsbFlt - ok
16:27:51.0834 5812 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:27:52.0046 5812 tunnel - ok
16:27:52.0110 5812 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:27:52.0245 5812 uagp35 - ok
16:27:52.0407 5812 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:27:52.0639 5812 udfs - ok
16:27:52.0940 5812 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:27:53.0074 5812 uliagpkx - ok
16:27:53.0146 5812 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:27:53.0377 5812 umbus - ok
16:27:53.0518 5812 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:27:53.0663 5812 UmPass - ok
16:27:53.0867 5812 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:27:54.0087 5812 usbccgp - ok
16:27:54.0286 5812 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:27:54.0494 5812 usbcir - ok
16:27:54.0585 5812 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
16:27:54.0774 5812 usbehci - ok
16:27:54.0967 5812 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:27:55.0195 5812 usbhub - ok
16:27:55.0367 5812 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
16:27:55.0505 5812 usbohci - ok
16:27:55.0605 5812 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:27:55.0754 5812 usbprint - ok
16:27:55.0902 5812 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:27:56.0104 5812 usbscan - ok
16:27:56.0279 5812 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:27:56.0670 5812 USBSTOR - ok
16:27:56.0839 5812 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
16:27:57.0024 5812 usbuhci - ok
16:27:57.0176 5812 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
16:27:57.0410 5812 usbvideo - ok
16:27:57.0692 5812 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:27:57.0824 5812 vdrvroot - ok
16:27:57.0952 5812 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:27:58.0101 5812 vga - ok
16:27:58.0248 5812 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:27:58.0457 5812 VgaSave - ok
16:27:58.0571 5812 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:27:58.0735 5812 vhdmp - ok
16:27:58.0892 5812 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:27:59.0102 5812 viaagp - ok
16:27:59.0183 5812 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:27:59.0370 5812 ViaC7 - ok
16:27:59.0530 5812 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:27:59.0746 5812 viaide - ok
16:27:59.0838 5812 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:28:00.0033 5812 volmgr - ok
16:28:00.0268 5812 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:28:00.0522 5812 volmgrx - ok
16:28:00.0710 5812 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:28:00.0924 5812 volsnap - ok
16:28:01.0072 5812 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:28:01.0296 5812 vsmraid - ok
16:28:01.0444 5812 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
16:28:01.0669 5812 vwifibus - ok
16:28:01.0828 5812 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:28:02.0099 5812 vwififlt - ok
16:28:02.0359 5812 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:28:02.0574 5812 WacomPen - ok
16:28:02.0703 5812 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:28:02.0989 5812 WANARP - ok
16:28:03.0045 5812 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:28:03.0260 5812 Wanarpv6 - ok
16:28:03.0763 5812 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:28:03.0981 5812 Wd - ok
16:28:04.0076 5812 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:28:04.0429 5812 Wdf01000 - ok
16:28:05.0012 5812 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:28:05.0181 5812 WfpLwf - ok
16:28:05.0244 5812 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:28:05.0394 5812 WIMMount - ok
16:28:06.0024 5812 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:28:06.0157 5812 WmiAcpi - ok
16:28:06.0474 5812 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:28:06.0711 5812 ws2ifsl - ok
16:28:07.0177 5812 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:28:07.0427 5812 WudfPf - ok
16:28:07.0593 5812 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:28:07.0803 5812 WUDFRd - ok
16:28:08.0059 5812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:28:08.0198 5812 \Device\Harddisk0\DR0 - ok
16:28:08.0213 5812 Boot (0x1200) (1064563ed8e78b0ac23926eb998cc063) \Device\Harddisk0\DR0\Partition0
16:28:08.0217 5812 \Device\Harddisk0\DR0\Partition0 - ok
16:28:08.0243 5812 Boot (0x1200) (114c641fe714b9c888c44a6d916d19eb) \Device\Harddisk0\DR0\Partition1
16:28:08.0246 5812 \Device\Harddisk0\DR0\Partition1 - ok
16:28:08.0247 5812 ============================================================
16:28:08.0248 5812 Scan finished
16:28:08.0248 5812 ============================================================
16:28:08.0292 7188 Detected object count: 0
16:28:08.0292 7188 Actual detected object count: 0
16:30:14.0918 7572 Deinitialize success
  • 0

#7
maliprog
Posted 29 February 2012 - 12:58 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi blueblue,

You did good job. Let's continue.

Step 1

Please do the following now in order to ZIP MBR.dat:

  • On your desktop should be a file MBR.dat.
  • Right-click that file, point to Send To, and then click Compressed (zipped) Folder.
  • A new compressed file is created.
  • Please attach that file in your next reply.
How to add an attachment to a new topic or reply

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • MBR.zip
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#8
blueblue
Posted 29 February 2012 - 11:31 AM

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Hi thank you for all your help, here's the dat file attachment, I sent it but can't see it in my post, don't know why. next I'll run the other program you listed and send the results. Then I hope we can figure out if I infected my external drive, thumb drive, and other computer. I'm still curious about what my security program picked up that's in quarentine during the asw scan. I still have things in TDSSkiller's quarentine.

Sincerely, bb

Edited by blueblue, 29 February 2012 - 11:39 AM.

  • 0

#9
maliprog
Posted 29 February 2012 - 01:12 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Just don't use your USB memory until I sad so to minimize infection risk.
  • 0

#10
blueblue
Posted 29 February 2012 - 04:56 PM

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Hi I just finished scanning, it didn't find anything. But what about what's in the quarentine from TDSSkiller, and my security program that caught something yesterday?

I didn't see my attached file so I don't know if it came through in my last reply.

Sincerely, bb
  • 0

Advertisements

#11
maliprog
Posted 01 March 2012 - 03:40 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

But what about what's in the quarentine from TDSSkiller, and my security program that caught something yesterday?


Don't worry about it right now.

I didn't see my attached file so I don't know if it came through in my last reply.


No. It didn't come through but it is OK because I don't find anything wrong. This PC is clean now. Next step is clean your USB memory.

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

  • 0

#12
blueblue
Posted 01 March 2012 - 05:31 PM

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Hi thanks for all your help, I also need to be sure the other computer is ok, there's stuff in the quarentine from TDSSkiller on the other machine, too, that's why I thought I was infectetd and probably gave it to the other machine as well as the external drive and a thumb drive when I transferred files.

After this is settled I will ask my other question about a strange problem with the other machine that's been there for awhile, before I did anything with it, I mentioned it someplace in this site, will ask in the appropriate section, and when my case here is closed I will apply to GeekU.

Sincerely, bb
  • 0

#13
blueblue
Posted 01 March 2012 - 07:01 PM

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
The program isn't working. Oh well. I don't know what to do now, maybe look some stuff up. I really need to get this mess resolved already, it's been 3 weeks of the worst most frustrating techno misery I've had in a very long time and disrupting my life.

bb
  • 0

#14
maliprog
Posted 02 March 2012 - 02:34 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's try this to protect your USB memory

  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.

  • Double-click on the file USBVaccine.zip located on your desktop.
  • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
  • Follow the steps on screen to install the program on your computer.

  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.

  • 0

#15
blueblue
Posted 03 March 2012 - 12:08 PM

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Hi thanks for the link for Panda, I'm reading their terms very carefully first. Thank you for all your help, I'll let you know how it goes as soon as I can. Sincerely, bb
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP