1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer infected by win32 blaster worm. Please help!

Discussion in 'Virus & Other Malware Removal' started by va_girl, Dec 2, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. va_girl

    va_girl Thread Starter

    Joined:
    May 29, 2011
    Messages:
    34
    Hi!

    I am using windows vista on my computer and it has been infected with win32 blaster worm. Please find attached the Hijackthis log as well as DDS.txt and Attach.txt.

    I am trying to run TSG SysInfo on my computer but it has been stuck on 6% since the last 30 mins. so am aborting it.

    Please help me get rid of this virus from my computer.

    Thank you for all your help!
     

    Attached Files:

  2. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi va_girl and welcome..

    I'm DFW and I am going to try and help you with your Malware problem. Please observe the following points and rules while we work:
    • The fixes are specific to your problem and should only be used for this issue on this machine!.
    • The clean up process can take time. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Some of the Logs we ask for can take some time to Analise, so please be patient
    • This may or may not, solve other issues you have with your machine.


    Before we start:
    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer.
    However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system.
    It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Going over your Logs, be back as soon as possible
     
  3. va_girl

    va_girl Thread Starter

    Joined:
    May 29, 2011
    Messages:
    34
    Thank you for taking the time to help me out!
     
  4. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi va_girl


    Windows Vista & 7 Advice

    All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
    Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
    When prompted by this with anything I ask you to do carry out please select the option Allow.



    Any logs that I ask for can you please post them into the body of your post and do not attach any unless I ask, Thankyou.



    Uninstall programs

    These are out of date, or can cause more problems than there worth.
    • Click on Start.
    • All programs.
    • Accessories.
    • Run.
    • In the open text box copy/paste appwiz.cpl Then click Ok.
    • Uninstall the following if present.
    Coupon Printer for Windows
    Hitman Pro 3.5
    Java(TM) 6 Update 26
    WeatherBug Gadget




    Next install updated java

    Please download from HERE

    • Find Java SE 7u1.
    • Click the Download JRE button to the right.
    • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
    • Click the Continue button.
    • Click on the filename under Windows Offline Installation and save it to your desktop.
    • Close all active windows.
    • Install the program.




    Update Malwarebytes Anti-Malware and run a scan.

    • Right click on Malwarebytes Anti-Malware icon, choose Run as administrator and Continue
    • Click on the update tab, then click update.
    • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
    • If necessary, start Malwarebytes Anti-Malware again.
    • Next click on Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
    • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.




    Download TDSSKiller.zip and extract it to your Desktop.
    • Right click on TDSSKiller.exe, choose Run as administrator to launch it.
      • If using Vista or Windows7, when prompted by UAC allow the prompt.
    • Click on Start Scan
    • The scan will run.
    • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • Post the contents in your next reply please.
    • DO NOT TRY TO FIX ANYTHING AT THIS POINT



    Please post back with

    Malwarebytes Anti-Malware Log
    TDSSKiller Log




















    .
     
  5. va_girl

    va_girl Thread Starter

    Joined:
    May 29, 2011
    Messages:
    34
    Hi DFW,
    I was trying to follow all the steps that you wanted me to as stated in your last post. I could complete all the steps upto updating the java SE 7. Unfortunately when I tried to update malware bytes, I had to restart my computer for the updates to take effect. After the restart I cannot do anything on my computer. A program called "privacy protection" starts performing a scan and shows me all the potential threats on my computer and tells me to buy the software and when I cancel that, it does not allow me to open either ie, word or any other program on my computer. I get a message saying that the program has been infected by win32/blaster virus.

    Please advise as to what I should do next.

    Thank you,
    Va_girl.
     
  6. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    OK try this below, privacy protection is a rouge program, which we will sort out for you.



    Download and Run ComboFix (by sUBs)
    Download ComboFix from one of the below links and save it to your Desktop.
    Link 1
    Link 2

    Please visit this webpage for instructions for downloading and running ComboFix:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix.

    • You must run Combofix from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Right click on Combofix and choose Run as administrator to launch it, follow the prompts.
      Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..
    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper



    Please post back

    Combofix Log
     
  7. va_girl

    va_girl Thread Starter

    Joined:
    May 29, 2011
    Messages:
    34
    I cannot open anything on my computer.

    As soon as I log on, "privacy protection" starts doing a scan automatically. Even if I try to launch Internet Explorer, it gives me a message saying "file iexplore.exe is infected by W32/Blaster.worm. Please activate privacy protection to protect your computer.

    Please tell me what shoul I do now.
     
  8. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi va_girl

    Try and run combofix in safe mode




    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.

    Now run Combofix as in my last post.



    .
     
  9. va_girl

    va_girl Thread Starter

    Joined:
    May 29, 2011
    Messages:
    34
    I ran combofix in the safe mode. But even though I ran it in "Administrator Mode", it still prompted me to run as administrator. But it ran the scan anyways and please find the log below:

    ComboFix 11-12-04.02 - Ashutosh 12/04/2011 9:25.5.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.2179 [GMT -5:00]
    Running from: c:\users\Ashutosh\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Ashutosh\AppData\Roaming\privacy.exe
    c:\users\Ashutosh\Desktop\Privacy Protection.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-04 14:31 . 2011-12-04 14:32 -------- d-----w- c:\users\Ashutosh\AppData\Local\temp
    2011-12-04 14:31 . 2011-12-04 14:31 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-12-04 14:31 . 2011-12-04 14:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-12-04 14:31 . 2011-12-04 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-04 14:31 . 2011-12-04 14:31 -------- d-----w- c:\users\Ashutosh_2\AppData\Local\temp
    2011-12-04 14:31 . 2011-12-04 14:31 -------- d-----w- c:\users\Ash\AppData\Local\temp
    2011-12-04 14:04 . 2011-12-04 14:04 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2F32D98-EB17-46B7-8D49-EDF93C71F1BE}\offreg.dll
    2011-12-04 13:08 . 2011-12-04 13:08 -------- d-----w- c:\program files\Conduit
    2011-12-04 13:08 . 2011-12-04 13:08 -------- d-----w- c:\users\Ashutosh\AppData\Local\Conduit
    2011-12-04 13:08 . 2011-12-04 13:08 -------- d-----w- c:\program files\Swag_Bucks
    2011-12-04 00:49 . 2011-12-04 00:49 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
    2011-12-03 18:40 . 2011-12-03 18:40 -------- d-----w- c:\program files\Common Files\Java
    2011-12-03 17:13 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2F32D98-EB17-46B7-8D49-EDF93C71F1BE}\mpengine.dll
    2011-11-29 15:40 . 2011-11-29 15:40 -------- d-----w- c:\users\Ashutosh\AppData\Roaming\com.w3i.FlipToast
    2011-11-29 15:40 . 2011-11-29 16:34 -------- d-----w- c:\program files\fliptoast
    2011-11-29 15:40 . 2011-11-29 15:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-11-18 01:39 . 2011-11-18 01:39 -------- d-----w- c:\program files\iPod
    2011-11-18 01:39 . 2011-11-18 01:40 -------- d-----w- c:\program files\iTunes
    2011-11-15 02:53 . 2011-11-15 02:53 -------- d-----w- c:\users\Ashutosh\AppData\Roaming\Sony Corporation
    2011-11-15 02:44 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
    2011-11-15 02:42 . 2011-11-15 02:53 -------- d-----w- c:\program files\Sony
    2011-11-15 02:42 . 2011-11-15 02:42 -------- d-----w- c:\programdata\Sony Corporation
    2011-11-09 19:29 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 19:29 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 19:29 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-09 19:29 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-03 18:36 . 2011-06-14 19:38 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-02 16:01 . 2011-05-30 15:48 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-11-21 10:47 . 2010-05-25 20:42 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-11 20:16 . 2011-10-11 20:17 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F9E52F6-7A3C-46FE-8832-0E5DF94A9972}\gapaengine.dll
    2011-09-17 21:38 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-09-17 21:38 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-09-06 13:30 . 2011-10-13 18:29 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-11-10 02:24 . 2011-05-31 23:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\Swag_Bucks\prxtbSwag.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-13 4351216]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-01-12 468264]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-25 622592]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-23 114688]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-09-17 273528]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R1 MpKsl0143311a;MpKsl0143311a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70672822-1A8F-4132-A0B9-4BEF45F95996}\MpKsl0143311a.sys [x]
    R1 MpKsl1334fa1c;MpKsl1334fa1c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73A4A771-2A2E-4675-BD05-E7A97979F529}\MpKsl1334fa1c.sys [x]
    R1 MpKsl216a607e;MpKsl216a607e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2268C54-D826-4C5A-87BB-00F5CC2C6B6D}\MpKsl216a607e.sys [x]
    R1 MpKsl237be86c;MpKsl237be86c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8443200F-98D2-494E-8B40-2C98351FC4C9}\MpKsl237be86c.sys [x]
    R1 MpKsl281bb0b0;MpKsl281bb0b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4109A3D-A73A-4C76-B999-EA7B93154FD7}\MpKsl281bb0b0.sys [x]
    R1 MpKsl2861a1ff;MpKsl2861a1ff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73C08D08-D522-46A8-A689-D2D5A0FB0A99}\MpKsl2861a1ff.sys [x]
    R1 MpKsl5b3a3dce;MpKsl5b3a3dce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A9129D5-1581-47C6-9C47-C2E4BF107692}\MpKsl5b3a3dce.sys [x]
    R1 MpKsl5b546cf0;MpKsl5b546cf0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A501AA4-5828-4EAA-B9EB-A9BCBF54598A}\MpKsl5b546cf0.sys [x]
    R1 MpKsl64b2e4f0;MpKsl64b2e4f0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A501AA4-5828-4EAA-B9EB-A9BCBF54598A}\MpKsl64b2e4f0.sys [x]
    R1 MpKsl7644f9f3;MpKsl7644f9f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8443200F-98D2-494E-8B40-2C98351FC4C9}\MpKsl7644f9f3.sys [x]
    R1 MpKsl873800cf;MpKsl873800cf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{994762E8-18DB-4606-8295-E02777E55EA0}\MpKsl873800cf.sys [x]
    R1 MpKsl88935ecc;MpKsl88935ecc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DA6A3DF-5DAC-4954-AA78-02C47612CE1D}\MpKsl88935ecc.sys [x]
    R1 MpKsl93b60626;MpKsl93b60626;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A6F383D-21E2-4B4D-8209-E3EA70DD1FBF}\MpKsl93b60626.sys [x]
    R1 MpKsla19961ef;MpKsla19961ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B58075B6-0A17-4F17-BF7C-34988492563B}\MpKsla19961ef.sys [x]
    R1 MpKslbf143013;MpKslbf143013;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{994762E8-18DB-4606-8295-E02777E55EA0}\MpKslbf143013.sys [x]
    R1 MpKsld1e57c36;MpKsld1e57c36;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F6D9151-A721-4650-AE73-3A3E19ED8E7F}\MpKsld1e57c36.sys [x]
    R1 MpKsle77460fc;MpKsle77460fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57F43A9E-A6B5-41E1-BC79-4DC9243F892C}\MpKsle77460fc.sys [x]
    R1 MpKslf93c26fa;MpKslf93c26fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4ACEA5B9-D840-4A49-9BA2-CF1D24111C13}\MpKslf93c26fa.sys [x]
    R1 MpKslfc0c75d5;MpKslfc0c75d5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8443200F-98D2-494E-8B40-2C98351FC4C9}\MpKslfc0c75d5.sys [x]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
    R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
    R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-05-09 20032]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 23:11]
    .
    2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 23:11]
    .
    2011-12-03 c:\windows\Tasks\Norton Security Scan for Ashutosh.job
    - c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-08-15 04:47]
    .
    2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{F9FFF33D-EEBD-480F-9293-0A18CF029FC2}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-08 15:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
    FF - ProfilePath - c:\users\Ashutosh\AppData\Roaming\Mozilla\Firefox\Profiles\7rj18k6x.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Swagbucks.com
    FF - prefs.js: browser.startup.homepage - www.google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Privacy Protection - c:\users\Ashutosh\AppData\Roaming\privacy.exe
    AddRemove-{D0795B21-0CDA-4a92-AB9E-6E92D8111E44} - c:\users\Ashutosh\AppData\Local\Temp\SAMSUNG\USB Drivers\-r\Uninstall.exe
    AddRemove-03_Swallowtail - c:\users\Ashutosh\AppData\Local\Temp\SAMSUNG\USB Drivers\-r\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\users\Ashutosh\AppData\Local\Temp\SAMSUNG\USB Drivers\-r\04_semseyite\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\users\Ashutosh\AppData\Local\Temp\SAMSUNG\USB Drivers\-r\16_Shrewsbury\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-04 09:32
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-12-04 09:35:02
    ComboFix-quarantined-files.txt 2011-12-04 14:34
    ComboFix2.txt 2011-06-16 18:40
    .
    Pre-Run: 149,100,326,912 bytes free
    Post-Run: 149,120,909,312 bytes free
    .
    - - End Of File - - 211DE152CD0A46224546787763B1D21A




    Thanks! Let me know what's next.
     
  10. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi va_girl

    Lets try these scans again.




    Update Malwarebytes Anti-Malware and run a scan.

    • Right click on Malwarebytes Anti-Malware icon, choose Run as administrator and Continue
    • Click on the update tab, then click update.
    • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
    • If necessary, start Malwarebytes Anti-Malware again.
    • Next click on Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
    • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.




    Download TDSSKiller.zip and extract it to your Desktop.
    • Right click on TDSSKiller.exe, choose Run as administrator to launch it.
      • If using Vista or Windows7, when prompted by UAC allow the prompt.
    • Click on Start Scan
    • The scan will run.
    • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • Post the contents in your next reply please.
    • DO NOT TRY TO FIX ANYTHING AT THIS POINT



    Please post back with

    Malwarebytes Anti-Malware Log
    TDSSKiller Log
     
  11. va_girl

    va_girl Thread Starter

    Joined:
    May 29, 2011
    Messages:
    34
    Performed the scan using Malwarebytes as well as TDSSKiller and here are the logs:

    Malwarebytes log:
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8311

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 9.0.8112.16421

    12/4/2011 4:39:20 PM
    mbam-log-2011-12-04 (16-39-20).txt

    Scan type: Quick scan
    Objects scanned: 224935
    Time elapsed: 2 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    -----------------------------------------------------------------
    TDSSKiller log:

    16:48:45.0140 1008 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    16:48:45.0239 1008 ============================================================
    16:48:45.0239 1008 Current date / time: 2011/12/04 16:48:45.0239
    16:48:45.0239 1008 SystemInfo:
    16:48:45.0239 1008
    16:48:45.0239 1008 OS Version: 6.0.6002 ServicePack: 2.0
    16:48:45.0239 1008 Product type: Workstation
    16:48:45.0239 1008 ComputerName: ASHU
    16:48:45.0240 1008 UserName: Ashutosh
    16:48:45.0240 1008 Windows directory: C:\Windows
    16:48:45.0240 1008 System windows directory: C:\Windows
    16:48:45.0240 1008 Processor architecture: Intel x86
    16:48:45.0240 1008 Number of processors: 2
    16:48:45.0240 1008 Page size: 0x1000
    16:48:45.0240 1008 Boot type: Safe boot with network
    16:48:45.0240 1008 ============================================================
    16:48:45.0690 1008 Initialize success
    16:48:47.0383 2552 ============================================================
    16:48:47.0383 2552 Scan started
    16:48:47.0383 2552 Mode: Manual;
    16:48:47.0383 2552 ============================================================
    16:48:47.0995 2552 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    16:48:47.0998 2552 ACPI - ok
    16:48:48.0189 2552 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    16:48:48.0193 2552 adp94xx - ok
    16:48:48.0317 2552 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    16:48:48.0321 2552 adpahci - ok
    16:48:48.0398 2552 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    16:48:48.0399 2552 adpu160m - ok
    16:48:48.0487 2552 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    16:48:48.0488 2552 adpu320 - ok
    16:48:48.0601 2552 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    16:48:48.0604 2552 AFD - ok
    16:48:48.0695 2552 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    16:48:48.0696 2552 agp440 - ok
    16:48:48.0770 2552 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    16:48:48.0771 2552 aic78xx - ok
    16:48:48.0854 2552 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    16:48:48.0855 2552 aliide - ok
    16:48:48.0897 2552 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    16:48:48.0897 2552 amdagp - ok
    16:48:48.0968 2552 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    16:48:48.0968 2552 amdide - ok
    16:48:49.0056 2552 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    16:48:49.0057 2552 AmdK7 - ok
    16:48:49.0127 2552 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    16:48:49.0128 2552 AmdK8 - ok
    16:48:49.0207 2552 ApfiltrService (b49a709f65bf3beaa2b03f8ec139d568) C:\Windows\system32\DRIVERS\Apfiltr.sys
    16:48:49.0209 2552 ApfiltrService - ok
    16:48:49.0367 2552 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    16:48:49.0369 2552 arc - ok
    16:48:49.0453 2552 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    16:48:49.0455 2552 arcsas - ok
    16:48:49.0541 2552 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:48:49.0542 2552 AsyncMac - ok
    16:48:49.0615 2552 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    16:48:49.0615 2552 atapi - ok
    16:48:49.0847 2552 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
    16:48:49.0852 2552 BCM43XV - ok
    16:48:49.0929 2552 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    16:48:49.0929 2552 Beep - ok
    16:48:50.0067 2552 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    16:48:50.0068 2552 blbdrive - ok
    16:48:50.0162 2552 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    16:48:50.0163 2552 bowser - ok
    16:48:50.0364 2552 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    16:48:50.0365 2552 BrFiltLo - ok
    16:48:50.0407 2552 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    16:48:50.0408 2552 BrFiltUp - ok
    16:48:50.0474 2552 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    16:48:50.0475 2552 Brserid - ok
    16:48:50.0639 2552 BrSerIf (56f59a4011f503149ae4de826982ca4f) C:\Windows\system32\Drivers\BrSerIf.sys
    16:48:50.0640 2552 BrSerIf - ok
    16:48:50.0793 2552 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    16:48:50.0794 2552 BrSerWdm - ok
    16:48:50.0918 2552 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    16:48:50.0918 2552 BrUsbMdm - ok
    16:48:50.0998 2552 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
    16:48:50.0998 2552 BrUsbSer - ok
    16:48:51.0142 2552 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    16:48:51.0142 2552 BTHMODEM - ok
    16:48:51.0312 2552 catchme - ok
    16:48:51.0455 2552 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    16:48:51.0457 2552 cdfs - ok
    16:48:51.0565 2552 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    16:48:51.0566 2552 cdrom - ok
    16:48:51.0664 2552 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    16:48:51.0665 2552 circlass - ok
    16:48:51.0767 2552 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    16:48:51.0770 2552 CLFS - ok
    16:48:51.0925 2552 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:48:51.0926 2552 CmBatt - ok
    16:48:51.0980 2552 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    16:48:51.0980 2552 cmdide - ok
    16:48:52.0092 2552 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
    16:48:52.0095 2552 CnxtHdAudService - ok
    16:48:52.0215 2552 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    16:48:52.0216 2552 Compbatt - ok
    16:48:52.0278 2552 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    16:48:52.0279 2552 crcdisk - ok
    16:48:52.0471 2552 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    16:48:52.0472 2552 Crusoe - ok
    16:48:52.0681 2552 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    16:48:52.0682 2552 DfsC - ok
    16:48:52.0811 2552 dgderdrv (f4c7c13d736515ed5263d0019a9713b7) C:\Windows\system32\drivers\dgderdrv.sys
    16:48:52.0811 2552 dgderdrv - ok
    16:48:53.0015 2552 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    16:48:53.0016 2552 disk - ok
    16:48:53.0139 2552 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    16:48:53.0140 2552 drmkaud - ok
    16:48:53.0242 2552 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    16:48:53.0249 2552 DXGKrnl - ok
    16:48:53.0339 2552 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    16:48:53.0341 2552 E1G60 - ok
    16:48:53.0452 2552 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    16:48:53.0454 2552 Ecache - ok
    16:48:53.0645 2552 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    16:48:53.0649 2552 elxstor - ok
    16:48:53.0726 2552 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    16:48:53.0727 2552 ErrDev - ok
    16:48:53.0893 2552 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    16:48:53.0895 2552 exfat - ok
    16:48:54.0008 2552 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    16:48:54.0010 2552 fastfat - ok
    16:48:54.0123 2552 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    16:48:54.0124 2552 fdc - ok
    16:48:54.0209 2552 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    16:48:54.0211 2552 FileInfo - ok
    16:48:54.0304 2552 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    16:48:54.0305 2552 Filetrace - ok
    16:48:54.0422 2552 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:48:54.0422 2552 flpydisk - ok
    16:48:54.0545 2552 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    16:48:54.0547 2552 FltMgr - ok
    16:48:54.0680 2552 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    16:48:54.0681 2552 fssfltr - ok
    16:48:54.0783 2552 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    16:48:54.0783 2552 Fs_Rec - ok
    16:48:54.0840 2552 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    16:48:54.0841 2552 gagp30kx - ok
    16:48:54.0987 2552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:48:54.0988 2552 GEARAspiWDM - ok
    16:48:55.0137 2552 HdAudAddService (4487da7bd384caafa0c620b19fea540a) C:\Windows\system32\drivers\CHDART.sys
    16:48:55.0139 2552 HdAudAddService - ok
    16:48:55.0285 2552 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:48:55.0291 2552 HDAudBus - ok
    16:48:55.0371 2552 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    16:48:55.0371 2552 HidBth - ok
    16:48:55.0522 2552 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    16:48:55.0523 2552 HidIr - ok
    16:48:55.0639 2552 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    16:48:55.0640 2552 HidUsb - ok
    16:48:55.0715 2552 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    16:48:55.0715 2552 HpCISSs - ok
    16:48:55.0805 2552 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    16:48:55.0805 2552 HpqKbFiltr - ok
    16:48:55.0866 2552 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
    16:48:55.0867 2552 HpqRemHid - ok
    16:48:55.0982 2552 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    16:48:55.0985 2552 HSFHWAZL - ok
    16:48:56.0124 2552 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    16:48:56.0132 2552 HSF_DPV - ok
    16:48:56.0289 2552 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    16:48:56.0291 2552 HSXHWAZL - ok
    16:48:56.0454 2552 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    16:48:56.0458 2552 HTTP - ok
    16:48:56.0576 2552 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    16:48:56.0577 2552 i2omp - ok
    16:48:56.0676 2552 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    16:48:56.0677 2552 i8042prt - ok
    16:48:56.0798 2552 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
    16:48:56.0801 2552 iaStor - ok
    16:48:56.0913 2552 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    16:48:56.0916 2552 iaStorV - ok
    16:48:57.0341 2552 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
    16:48:57.0390 2552 igfx - ok
    16:48:57.0529 2552 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    16:48:57.0530 2552 iirsp - ok
    16:48:57.0616 2552 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    16:48:57.0617 2552 intelide - ok
    16:48:57.0755 2552 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    16:48:57.0756 2552 intelppm - ok
    16:48:57.0882 2552 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:48:57.0882 2552 IpFilterDriver - ok
    16:48:57.0998 2552 IpInIp - ok
    16:48:58.0066 2552 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    16:48:58.0067 2552 IPMIDRV - ok
    16:48:58.0163 2552 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    16:48:58.0164 2552 IPNAT - ok
    16:48:58.0257 2552 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    16:48:58.0257 2552 IRENUM - ok
    16:48:58.0324 2552 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    16:48:58.0325 2552 isapnp - ok
    16:48:58.0451 2552 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    16:48:58.0452 2552 iScsiPrt - ok
    16:48:58.0558 2552 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    16:48:58.0559 2552 iteatapi - ok
    16:48:58.0609 2552 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    16:48:58.0610 2552 iteraid - ok
    16:48:58.0659 2552 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:48:58.0660 2552 kbdclass - ok
    16:48:58.0729 2552 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    16:48:58.0729 2552 kbdhid - ok
    16:48:58.0811 2552 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    16:48:58.0816 2552 KSecDD - ok
    16:48:58.0914 2552 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    16:48:58.0915 2552 lltdio - ok
    16:48:59.0004 2552 lmimirr - ok
    16:48:59.0044 2552 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    16:48:59.0046 2552 LSI_FC - ok
    16:48:59.0101 2552 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    16:48:59.0102 2552 LSI_SAS - ok
    16:48:59.0126 2552 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    16:48:59.0127 2552 LSI_SCSI - ok
    16:48:59.0222 2552 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    16:48:59.0223 2552 luafv - ok
    16:48:59.0356 2552 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    16:48:59.0357 2552 mdmxsdk - ok
    16:48:59.0515 2552 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    16:48:59.0516 2552 megasas - ok
    16:48:59.0684 2552 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    16:48:59.0688 2552 MegaSR - ok
    16:48:59.0865 2552 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
    16:48:59.0866 2552 mfeavfk - ok
    16:48:59.0949 2552 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
    16:48:59.0950 2552 mfebopk - ok
    16:49:00.0140 2552 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
    16:49:00.0143 2552 mfehidk - ok
    16:49:00.0265 2552 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
    16:49:00.0265 2552 mferkdk - ok
    16:49:00.0368 2552 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
    16:49:00.0369 2552 mfesmfk - ok
    16:49:00.0534 2552 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    16:49:00.0535 2552 Modem - ok
    16:49:00.0626 2552 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    16:49:00.0627 2552 monitor - ok
    16:49:00.0698 2552 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    16:49:00.0698 2552 mouclass - ok
    16:49:00.0785 2552 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    16:49:00.0786 2552 mouhid - ok
    16:49:00.0846 2552 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    16:49:00.0847 2552 MountMgr - ok
    16:49:00.0987 2552 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    16:49:00.0988 2552 MpFilter - ok
    16:49:01.0039 2552 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    16:49:01.0061 2552 mpio - ok
    16:49:01.0151 2552 MpKsl0143311a - ok
    16:49:01.0172 2552 MpKsl1334fa1c - ok
    16:49:01.0191 2552 MpKsl216a607e - ok
    16:49:01.0211 2552 MpKsl237be86c - ok
    16:49:01.0254 2552 MpKsl281bb0b0 - ok
    16:49:01.0268 2552 MpKsl2861a1ff - ok
    16:49:01.0304 2552 MpKsl5b3a3dce - ok
    16:49:01.0312 2552 MpKsl5b546cf0 - ok
    16:49:01.0334 2552 MpKsl64b2e4f0 - ok
    16:49:01.0356 2552 MpKsl7644f9f3 - ok
    16:49:01.0405 2552 MpKsl873800cf - ok
    16:49:01.0412 2552 MpKsl88935ecc - ok
    16:49:01.0458 2552 MpKsl93b60626 - ok
    16:49:01.0466 2552 MpKsla19961ef - ok
    16:49:01.0475 2552 MpKslbf143013 - ok
    16:49:01.0483 2552 MpKsld1e57c36 - ok
    16:49:01.0505 2552 MpKsle77460fc - ok
    16:49:01.0513 2552 MpKslf93c26fa - ok
    16:49:01.0521 2552 MpKslfc0c75d5 - ok
    16:49:01.0649 2552 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    16:49:01.0650 2552 MpNWMon - ok
    16:49:01.0704 2552 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    16:49:01.0705 2552 mpsdrv - ok
    16:49:01.0804 2552 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    16:49:01.0804 2552 Mraid35x - ok
    16:49:01.0981 2552 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    16:49:01.0982 2552 MRxDAV - ok
    16:49:02.0085 2552 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:49:02.0087 2552 mrxsmb - ok
    16:49:02.0268 2552 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:49:02.0271 2552 mrxsmb10 - ok
    16:49:02.0326 2552 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:49:02.0328 2552 mrxsmb20 - ok
    16:49:02.0435 2552 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    16:49:02.0436 2552 msahci - ok
    16:49:02.0500 2552 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    16:49:02.0501 2552 msdsm - ok
    16:49:02.0554 2552 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    16:49:02.0555 2552 Msfs - ok
    16:49:02.0711 2552 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    16:49:02.0712 2552 msisadrv - ok
    16:49:02.0811 2552 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    16:49:02.0811 2552 MSKSSRV - ok
    16:49:02.0965 2552 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:49:02.0966 2552 MSPCLOCK - ok
    16:49:03.0024 2552 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    16:49:03.0025 2552 MSPQM - ok
    16:49:03.0075 2552 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    16:49:03.0077 2552 MsRPC - ok
    16:49:03.0127 2552 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    16:49:03.0128 2552 mssmbios - ok
    16:49:03.0187 2552 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    16:49:03.0188 2552 MSTEE - ok
    16:49:03.0247 2552 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    16:49:03.0248 2552 Mup - ok
    16:49:03.0325 2552 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    16:49:03.0327 2552 NativeWifiP - ok
    16:49:03.0410 2552 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    16:49:03.0416 2552 NDIS - ok
    16:49:03.0559 2552 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:49:03.0560 2552 NdisTapi - ok
    16:49:03.0696 2552 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:49:03.0696 2552 Ndisuio - ok
    16:49:03.0795 2552 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:49:03.0810 2552 NdisWan - ok
    16:49:03.0851 2552 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    16:49:03.0852 2552 NDProxy - ok
    16:49:03.0911 2552 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    16:49:03.0912 2552 NetBIOS - ok
    16:49:03.0998 2552 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    16:49:04.0000 2552 netbt - ok
    16:49:04.0199 2552 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
    16:49:04.0221 2552 NETw4v32 - ok
    16:49:04.0538 2552 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
    16:49:04.0576 2552 NETw5v32 - ok
    16:49:04.0697 2552 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    16:49:04.0697 2552 nfrd960 - ok
    16:49:04.0756 2552 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    16:49:04.0757 2552 NisDrv - ok
    16:49:04.0894 2552 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    16:49:04.0894 2552 Npfs - ok
    16:49:04.0968 2552 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    16:49:04.0969 2552 nsiproxy - ok
    16:49:05.0088 2552 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    16:49:05.0098 2552 Ntfs - ok
    16:49:05.0231 2552 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    16:49:05.0231 2552 ntrigdigi - ok
    16:49:05.0307 2552 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    16:49:05.0307 2552 Null - ok
    16:49:05.0382 2552 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
    16:49:05.0387 2552 NVENETFD - ok
    16:49:05.0494 2552 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    16:49:05.0496 2552 nvraid - ok
    16:49:05.0561 2552 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    16:49:05.0562 2552 nvstor - ok
    16:49:05.0601 2552 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    16:49:05.0603 2552 nv_agp - ok
    16:49:05.0619 2552 NwlnkFlt - ok
    16:49:05.0633 2552 NwlnkFwd - ok
    16:49:05.0694 2552 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    16:49:05.0696 2552 ohci1394 - ok
    16:49:05.0806 2552 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    16:49:05.0808 2552 Parport - ok
    16:49:05.0893 2552 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    16:49:05.0893 2552 partmgr - ok
    16:49:05.0948 2552 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    16:49:05.0949 2552 Parvdm - ok
    16:49:06.0031 2552 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    16:49:06.0033 2552 pci - ok
    16:49:06.0173 2552 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    16:49:06.0174 2552 pciide - ok
    16:49:06.0273 2552 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    16:49:06.0275 2552 pcmcia - ok
    16:49:06.0416 2552 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    16:49:06.0424 2552 PEAUTH - ok
    16:49:06.0575 2552 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    16:49:06.0576 2552 PptpMiniport - ok
    16:49:06.0620 2552 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    16:49:06.0621 2552 Processor - ok
    16:49:06.0721 2552 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    16:49:06.0722 2552 PSched - ok
    16:49:06.0830 2552 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
    16:49:06.0831 2552 PSI - ok
    16:49:06.0982 2552 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    16:49:06.0992 2552 ql2300 - ok
    16:49:07.0046 2552 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    16:49:07.0047 2552 ql40xx - ok
    16:49:07.0100 2552 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    16:49:07.0101 2552 QWAVEdrv - ok
    16:49:07.0147 2552 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    16:49:07.0148 2552 RasAcd - ok
    16:49:07.0246 2552 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:49:07.0247 2552 Rasl2tp - ok
    16:49:07.0312 2552 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:49:07.0312 2552 RasPppoe - ok
    16:49:07.0406 2552 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    16:49:07.0408 2552 RasSstp - ok
    16:49:07.0477 2552 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    16:49:07.0491 2552 rdbss - ok
    16:49:07.0577 2552 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:49:07.0577 2552 RDPCDD - ok
    16:49:07.0647 2552 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    16:49:07.0650 2552 rdpdr - ok
    16:49:07.0701 2552 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    16:49:07.0702 2552 RDPENCDD - ok
    16:49:07.0786 2552 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    16:49:07.0788 2552 RDPWD - ok
    16:49:07.0886 2552 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
    16:49:07.0887 2552 rimmptsk - ok
    16:49:07.0938 2552 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
    16:49:07.0939 2552 rimsptsk - ok
    16:49:08.0011 2552 RimUsb - ok
    16:49:08.0131 2552 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    16:49:08.0132 2552 RimVSerPort - ok
    16:49:08.0202 2552 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
    16:49:08.0203 2552 rismxdp - ok
    16:49:08.0280 2552 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    16:49:08.0281 2552 ROOTMODEM - ok
    16:49:08.0358 2552 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    16:49:08.0359 2552 rspndr - ok
    16:49:08.0447 2552 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    16:49:08.0449 2552 sbp2port - ok
    16:49:08.0566 2552 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    16:49:08.0567 2552 sdbus - ok
    16:49:08.0624 2552 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    16:49:08.0625 2552 secdrv - ok
    16:49:08.0737 2552 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    16:49:08.0738 2552 Serenum - ok
    16:49:08.0784 2552 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    16:49:08.0786 2552 Serial - ok
    16:49:08.0883 2552 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    16:49:08.0884 2552 sermouse - ok
    16:49:08.0962 2552 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    16:49:08.0963 2552 sffdisk - ok
    16:49:09.0018 2552 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    16:49:09.0019 2552 sffp_mmc - ok
    16:49:09.0105 2552 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    16:49:09.0106 2552 sffp_sd - ok
    16:49:09.0220 2552 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    16:49:09.0220 2552 sfloppy - ok
    16:49:09.0310 2552 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    16:49:09.0311 2552 sisagp - ok
    16:49:09.0365 2552 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    16:49:09.0366 2552 SiSRaid2 - ok
    16:49:09.0490 2552 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    16:49:09.0491 2552 SiSRaid4 - ok
    16:49:09.0584 2552 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    16:49:09.0585 2552 Smb - ok
    16:49:09.0627 2552 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    16:49:09.0628 2552 spldr - ok
    16:49:09.0737 2552 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    16:49:09.0741 2552 srv - ok
    16:49:09.0853 2552 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    16:49:09.0855 2552 srv2 - ok
    16:49:09.0941 2552 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    16:49:09.0944 2552 srvnet - ok
    16:49:10.0044 2552 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys
    16:49:10.0046 2552 ssadbus - ok
    16:49:10.0180 2552 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys
    16:49:10.0182 2552 ssadmdfl - ok
    16:49:10.0282 2552 ssadmdm (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys
    16:49:10.0283 2552 ssadmdm - ok
    16:49:10.0368 2552 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
    16:49:10.0369 2552 sscdbus - ok
    16:49:10.0429 2552 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    16:49:10.0430 2552 sscdmdfl - ok
    16:49:10.0512 2552 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
    16:49:10.0515 2552 sscdmdm - ok
    16:49:10.0587 2552 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    16:49:10.0587 2552 StillCam - ok
    16:49:10.0716 2552 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    16:49:10.0717 2552 swenum - ok
    16:49:10.0784 2552 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    16:49:10.0785 2552 Symc8xx - ok
    16:49:10.0842 2552 SymIMMP - ok
    16:49:10.0900 2552 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    16:49:10.0901 2552 Sym_hi - ok
    16:49:11.0006 2552 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    16:49:11.0007 2552 Sym_u3 - ok
    16:49:11.0138 2552 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
    16:49:11.0147 2552 Tcpip - ok
    16:49:11.0217 2552 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
    16:49:11.0226 2552 Tcpip6 - ok
    16:49:11.0341 2552 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
    16:49:11.0341 2552 tcpipreg - ok
    16:49:11.0425 2552 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    16:49:11.0426 2552 TDPIPE - ok
    16:49:11.0516 2552 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    16:49:11.0517 2552 TDTCP - ok
    16:49:11.0603 2552 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    16:49:11.0604 2552 tdx - ok
    16:49:11.0669 2552 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    16:49:11.0670 2552 TermDD - ok
    16:49:11.0799 2552 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:49:11.0800 2552 tssecsrv - ok
    16:49:11.0882 2552 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    16:49:11.0883 2552 tunmp - ok
    16:49:11.0952 2552 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    16:49:11.0953 2552 tunnel - ok
    16:49:12.0015 2552 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    16:49:12.0016 2552 uagp35 - ok
    16:49:12.0096 2552 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    16:49:12.0099 2552 udfs - ok
    16:49:12.0198 2552 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    16:49:12.0199 2552 uliagpkx - ok
    16:49:12.0273 2552 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    16:49:12.0276 2552 uliahci - ok
    16:49:12.0319 2552 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    16:49:12.0320 2552 UlSata - ok
    16:49:12.0363 2552 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    16:49:12.0364 2552 ulsata2 - ok
    16:49:12.0500 2552 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    16:49:12.0501 2552 umbus - ok
    16:49:12.0562 2552 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    16:49:12.0563 2552 USBAAPL - ok
    16:49:12.0634 2552 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:49:12.0636 2552 usbccgp - ok
    16:49:12.0717 2552 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    16:49:12.0718 2552 usbcir - ok
    16:49:12.0792 2552 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    16:49:12.0794 2552 usbehci - ok
    16:49:12.0830 2552 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    16:49:12.0832 2552 usbhub - ok
    16:49:12.0916 2552 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
    16:49:12.0917 2552 usbohci - ok
    16:49:13.0033 2552 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    16:49:13.0034 2552 usbprint - ok
    16:49:13.0128 2552 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    16:49:13.0130 2552 usbscan - ok
    16:49:13.0192 2552 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:49:13.0194 2552 USBSTOR - ok
    16:49:13.0277 2552 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    16:49:13.0278 2552 usbuhci - ok
    16:49:13.0373 2552 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    16:49:13.0375 2552 usbvideo - ok
    16:49:13.0485 2552 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:49:13.0486 2552 vga - ok
    16:49:13.0580 2552 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    16:49:13.0581 2552 VgaSave - ok
    16:49:13.0647 2552 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    16:49:13.0650 2552 viaagp - ok
    16:49:13.0766 2552 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    16:49:13.0767 2552 ViaC7 - ok
    16:49:13.0865 2552 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    16:49:13.0866 2552 viaide - ok
    16:49:13.0954 2552 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    16:49:13.0954 2552 volmgr - ok
    16:49:14.0043 2552 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    16:49:14.0047 2552 volmgrx - ok
    16:49:14.0170 2552 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    16:49:14.0174 2552 volsnap - ok
    16:49:14.0322 2552 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    16:49:14.0324 2552 vsmraid - ok
    16:49:14.0431 2552 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    16:49:14.0432 2552 WacomPen - ok
    16:49:14.0525 2552 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    16:49:14.0526 2552 Wanarp - ok
    16:49:14.0650 2552 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    16:49:14.0651 2552 Wanarpv6 - ok
    16:49:14.0742 2552 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    16:49:14.0742 2552 Wd - ok
    16:49:14.0854 2552 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
    16:49:14.0855 2552 WDC_SAM - ok
    16:49:14.0926 2552 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    16:49:14.0932 2552 Wdf01000 - ok
    16:49:15.0006 2552 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    16:49:15.0012 2552 winachsf - ok
    16:49:15.0173 2552 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    16:49:15.0174 2552 WmiAcpi - ok
    16:49:15.0296 2552 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    16:49:15.0297 2552 WpdUsb - ok
    16:49:15.0368 2552 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    16:49:15.0369 2552 ws2ifsl - ok
    16:49:15.0470 2552 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:49:15.0471 2552 WUDFRd - ok
    16:49:15.0552 2552 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    16:49:15.0553 2552 XAudio - ok
    16:49:15.0645 2552 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
    16:49:15.0649 2552 yukonwlh - ok
    16:49:15.0701 2552 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
    16:49:15.0759 2552 \Device\Harddisk0\DR0 - ok
    16:49:15.0770 2552 Boot (0x1200) (c6cf1a7df1aebd4d37cecf659929487a) \Device\Harddisk0\DR0\Partition0
    16:49:15.0793 2552 \Device\Harddisk0\DR0\Partition0 - ok
    16:49:15.0798 2552 Boot (0x1200) (486b6d319a106d46b6871fbb06ea3800) \Device\Harddisk0\DR0\Partition1
    16:49:15.0800 2552 \Device\Harddisk0\DR0\Partition1 - ok
    16:49:15.0802 2552 ============================================================
    16:49:15.0802 2552 Scan finished
    16:49:15.0802 2552 ============================================================
    16:49:15.0834 2204 Detected object count: 0
    16:49:15.0834 2204 Actual detected object count: 0


    Thanks!
     
  12. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    I see that you have ccleaner installed, can you please run it.
    CAUTION: Please do NOT use the "Registry" button in the left pane.
    This is a built-in registry cleaner. Removing certain entries can render your computer inoperable!
    • Open up CCleaner
    • Click the "Run Cleaner" button.
    • A pop up box will appear advising this process will permanently delete files from your system.
    • Click "OK"
    • CCleaner will scan and clean your system.
    • When cleaning is complete:
    • Click "Exit".
    • Repeat for all usernames.



    Now run a online scan, some of the steps below may not count as you have already have ESET Online Scanner v3 installed,
    but go though the instructions so ESET Online Scanner v3 will update.



    You can use either Internet Explorer or Mozilla FireFox for this scan.

    Windows Vista or Windows 7 users, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • First please Disable any Antivirus you have active, as shown in This topic.
    • Note: Don't forget to re-enable it after the scan.
    • Next hold down Control then click on the following link to open a new window to ESET online scannner
    • Select the option YES, I accept the Terms of Use then click on Start.
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on Start.
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on Finish.
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.


    Please post back with eset scan results.

    And also a good description on how your system is now.







    .
     
  13. va_girl

    va_girl Thread Starter

    Joined:
    May 29, 2011
    Messages:
    34
    Hi DFW,

    I have run CCleaner and ESET scan as per your instructions. I could not run CCleaner on the 'guest' account because for some reason I could not access the 'guest' account.

    Please find the ESET log results below:
    [email protected] as CAB hook log:
    OnlineScanner.ocx - registred OK
    [email protected] as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=722a3256bd95cf4280dccd2cc86a3a64
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-12-05 04:45:01
    # local_time=2011-12-05 11:45:01 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 67901477 67901477 0 0
    # compatibility_mode=5892 16776574 100 100 21879174 159704030 0 0
    # compatibility_mode=8192 67108863 100 0 14922476 14922476 0 0
    # scanned=183253
    # found=7
    # cleaned=0
    # scan_time=6999
    C:\Program Files\vShare\imedix-silent.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\Users\Ashutosh\AppData\Roaming\privacy.exe.vir a variant of Win32/Kryptik.WME trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Ashutosh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-7dbfb901 a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Ashutosh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\2b29fca3-72c22639 a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Ashutosh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\7b47aa68-4a9586a1 a variant of Win32/Kryptik.WME trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Ashutosh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\737e33f5-22f97ae8 multiple threats (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Ashutosh\Downloads\winamp5601_full_emusic-7plus_all.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 Ii

    Regarding the performance of my system, I am still running everything in 'safe mode' so I am not sure if I will be able to access anything in the 'regular mode'. Do you want me to restart using 'regular mode' and report back to you regarding that?

    Also, one thing that's been driving me crazy is that whenever I am typing something, my cursor jumps around like crazy.

    Thanks.
     
  14. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Yes, please try normal mode and let me know.
     
  15. va_girl

    va_girl Thread Starter

    Joined:
    May 29, 2011
    Messages:
    34
    I am running my computer in normal mode and everything seems to be working fine. I don't see the "privacy protection" software start scanning as soon as the computer starts. Also, I can open "IE" as well as "Firefox".

    Everything looks normal from a functional standpoint.

    Thanks!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1029355

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice