Jump to content


Photo
- - - - -

Infected and need help


  • This topic is locked This topic is locked
70 replies to this topic

#1 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 08 February 2012 - 12:38 PM

laptop was running slow and erratic, ran Malwarebytes pro, it alerted me of firefoxuninstall.exe was trojan and I opted to quarentine.

Symtoms continued, ran CA antivirus which picked up nothing as usual.

monitored applications with task manager and noticed that firefox was opening more than one instance, at one point one instance read Google Virus redirect .

ran MB pro again and it found another trojan, and I do not remember which one it said it was.

Quarentined it and later deleted both.

Ran several MB pro scans, and nothing showed up.
U pdated windows defender which picked up nothing, and later I uninstalled it.

Reading this thread;http://forums.malwar...?showtopic=9573

It sounds similar to what I was experiencing.

In preparing to post this new thread, I downloaded DDS.scr to the desktop and disabled MB pro windows firewall, and I snoozed the CA antivirus ( BTW should I get rid of the Ca AV it seams useless, could it be interfering with MB pro?) I tried several times to run DDS and everutime it seamed to run the scan, but never opened a save option panel like it says it should, after waiting up to 10 minutes, I attempetd to close DDS window but any mouse action froze the computer, leaving me no option but to switch off, and restart. after several of these instances I got a message on restart alerting me to reset active desktop, which to my knowledge I do not use. I followed the instructions and the alert disappeared.

I trashed the DDS.scr file and went looking for another download, same thing happened on several ocasions. When looking for the DDS.scr file on the desktop, it was lister as "screen saver" ??
Trashed it again and downled the DDS.com file to desktop again. Same thing happens.

Looks like a terrible start, not to even be able to run DDS and save the txt file to post here.
could there be another script blocking running, elsewhere that I do not know. CA AV was snoozed, MB Pro disabled, and Firewall off.

Please advise

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 08 February 2012 - 02:17 PM

Welcome to the forum, see if you can run this:

Please download and run RogueKiller.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 08 February 2012 - 04:12 PM

RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: q [Admin rights]
Mode: Scan -- Date : 02/08/2012 13:03:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 10 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N060ATMR04-0 +++++
--- User ---
[MBR] 0adf5cd53fc5266408060a59fd4084b1
[BSP] f480e0ffe868078be7c85b7929977b54 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MK1676GSX USB Device +++++
--- User ---
[MBR] e957d3a208e244ee36c737d24493a619
[BSP] c70c28a74af8e151c08b0bb6bd1ce88b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 149001 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

ALSO: There are also three items within a folder named RK_Quarantine one being a QuarantineReport.txt file and two other files named,
PhysicalDrive0_User.dat and PhysicalDrive1_User.dat

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 08 February 2012 - 04:26 PM

ALSO: There are also three items within a folder named RK_Quarantine one being a QuarantineReport.txt file and two other files named,
PhysicalDrive0_User.dat and PhysicalDrive1_User.dat



That's OK leave it for now.

-------------------------------

See if you can run TDSSKiller:


Please download and run TDSSKiller as outlined in the post below:

http://forums.malwar...howtopic=104821

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Post back the log, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 08 February 2012 - 05:00 PM

13:49:33.0312 3680 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
13:49:34.0593 3680 ============================================================
13:49:34.0593 3680 Current date / time: 2012/02/08 13:49:34.0593
13:49:34.0593 3680 SystemInfo:
13:49:34.0593 3680
13:49:34.0593 3680 OS Version: 5.1.2600 ServicePack: 3.0
13:49:34.0593 3680 Product type: Workstation
13:49:34.0593 3680 ComputerName: TOUCHEBAG
13:49:34.0593 3680 UserName: q
13:49:34.0593 3680 Windows directory: C:\WINDOWS
13:49:34.0593 3680 System windows directory: C:\WINDOWS
13:49:34.0593 3680 Processor architecture: Intel x86
13:49:34.0593 3680 Number of processors: 1
13:49:34.0593 3680 Page size: 0x1000
13:49:34.0593 3680 Boot type: Normal boot
13:49:34.0593 3680 ============================================================
13:49:40.0015 3680 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:49:40.0140 3680 Drive \Device\Harddisk1\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:49:40.0484 3680 \Device\Harddisk0\DR0:
13:49:40.0500 3680 MBR used
13:49:40.0500 3680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
13:49:40.0500 3680 \Device\Harddisk1\DR2:
13:49:40.0500 3680 MBR used
13:49:40.0500 3680 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12304A34
13:49:40.0578 3680 Initialize success
13:49:40.0578 3680 ============================================================
13:50:33.0328 0980 ============================================================
13:50:33.0328 0980 Scan started
13:50:33.0328 0980 Mode: Manual; SigCheck; TDLFS;
13:50:33.0328 0980 ============================================================
13:50:35.0375 0980 Abiosdsk - ok
13:50:35.0390 0980 abp480n5 - ok
13:50:35.0453 0980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:50:45.0515 0980 ACPI - ok
13:50:45.0765 0980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:50:46.0031 0980 ACPIEC - ok
13:50:46.0171 0980 adpu160m - ok
13:50:46.0250 0980 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
13:50:46.0421 0980 aeaudio - ok
13:50:46.0671 0980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:50:46.0937 0980 aec - ok
13:50:47.0031 0980 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:50:47.0328 0980 AFD - ok
13:50:47.0687 0980 AgereSoftModem (e66ae825c42b668a90e67e7e41eeeee7) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:50:47.0953 0980 AgereSoftModem - ok
13:50:48.0109 0980 Aha154x - ok
13:50:48.0140 0980 aic78u2 - ok
13:50:48.0171 0980 aic78xx - ok
13:50:48.0234 0980 AliIde - ok
13:50:48.0421 0980 AMDPCI - ok
13:50:48.0437 0980 amsint - ok
13:50:48.0531 0980 ApfiltrService (63abc55ac880b712b92f6d8e6b4f56ac) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
13:50:48.0750 0980 ApfiltrService - ok
13:50:48.0890 0980 AR5211 (32bf9185a7dc622c00791113d5568662) C:\WINDOWS\system32\DRIVERS\ar5211.sys
13:50:49.0000 0980 AR5211 - ok
13:50:49.0125 0980 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:50:49.0328 0980 Arp1394 - ok
13:50:49.0359 0980 asc - ok
13:50:49.0375 0980 asc3350p - ok
13:50:49.0406 0980 asc3550 - ok
13:50:49.0500 0980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:50:49.0718 0980 AsyncMac - ok
13:50:49.0781 0980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:50:50.0000 0980 atapi - ok
13:50:50.0015 0980 Atdisk - ok
13:50:50.0187 0980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:50:50.0406 0980 Atmarpc - ok
13:50:50.0625 0980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:50:50.0890 0980 audstub - ok
13:50:51.0015 0980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:50:51.0281 0980 Beep - ok
13:50:51.0437 0980 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
13:50:51.0687 0980 Bridge - ok
13:50:51.0781 0980 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
13:50:51.0953 0980 BridgeMP - ok
13:50:52.0093 0980 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\drivers\BsStor.sys
13:50:52.0187 0980 BsStor ( UnsignedFile.Multi.Generic ) - warning
13:50:52.0187 0980 BsStor - detected UnsignedFile.Multi.Generic (1)
13:50:52.0406 0980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:50:52.0609 0980 cbidf2k - ok
13:50:52.0671 0980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:50:52.0890 0980 CCDECODE - ok
13:50:52.0906 0980 cd20xrnt - ok
13:50:53.0093 0980 CdaC15BA (82c4c6a2343b592c4fd590f625a724a9) C:\WINDOWS\System32\drivers\CDAC15BA.SYS
13:50:53.0156 0980 CdaC15BA ( UnsignedFile.Multi.Generic ) - warning
13:50:53.0156 0980 CdaC15BA - detected UnsignedFile.Multi.Generic (1)
13:50:53.0234 0980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:50:53.0437 0980 Cdaudio - ok
13:50:53.0562 0980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:50:53.0812 0980 Cdfs - ok
13:50:53.0984 0980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:50:54.0187 0980 Cdrom - ok
13:50:54.0218 0980 Changer - ok
13:50:54.0328 0980 CIF USB CAMERA Service (6828fb73dd48567ac867e216f65d72f4) C:\WINDOWS\system32\DRIVERS\pfc027.sys
13:50:54.0468 0980 CIF USB CAMERA Service - ok
13:50:54.0640 0980 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:50:54.0843 0980 CmBatt - ok
13:50:54.0875 0980 CmdIde - ok
13:50:54.0921 0980 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:50:55.0140 0980 Compbatt - ok
13:50:55.0203 0980 Cpqarray - ok
13:50:55.0234 0980 dac2w2k - ok
13:50:55.0265 0980 dac960nt - ok
13:50:55.0343 0980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:50:55.0578 0980 Disk - ok
13:50:55.0781 0980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:50:56.0562 0980 dmboot - ok
13:50:56.0875 0980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:50:57.0109 0980 dmio - ok
13:50:57.0375 0980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:50:57.0625 0980 dmload - ok
13:50:58.0093 0980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:50:58.0359 0980 DMusic - ok
13:50:58.0484 0980 dpti2o - ok
13:50:58.0578 0980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:50:58.0828 0980 drmkaud - ok
13:50:59.0015 0980 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:50:59.0171 0980 E100B - ok
13:50:59.0328 0980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:50:59.0562 0980 Fastfat - ok
13:50:59.0687 0980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:50:59.0875 0980 Fdc - ok
13:51:00.0000 0980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:51:00.0265 0980 Fips - ok
13:51:00.0359 0980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:51:00.0609 0980 Flpydisk - ok
13:51:00.0687 0980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:51:00.0890 0980 FltMgr - ok
13:51:00.0953 0980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:51:01.0140 0980 Fs_Rec - ok
13:51:01.0218 0980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:51:01.0437 0980 Ftdisk - ok
13:51:01.0578 0980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:51:01.0812 0980 Gpc - ok
13:51:01.0937 0980 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:51:02.0156 0980 HidUsb - ok
13:51:02.0187 0980 hpn - ok
13:51:02.0296 0980 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:51:02.0546 0980 HPZid412 - ok
13:51:02.0703 0980 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:51:02.0812 0980 HPZipr12 - ok
13:51:02.0843 0980 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:51:02.0937 0980 HPZius12 - ok
13:51:03.0000 0980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:51:03.0187 0980 HTTP - ok
13:51:03.0218 0980 i2omgmt - ok
13:51:03.0250 0980 i2omp - ok
13:51:03.0296 0980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:51:03.0546 0980 i8042prt - ok
13:51:03.0625 0980 ialm (759a944aa02f686ec069e6ff5b5636d8) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:51:05.0187 0980 ialm - ok
13:51:05.0687 0980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:51:05.0921 0980 Imapi - ok
13:51:06.0156 0980 ini910u - ok
13:51:06.0359 0980 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:51:06.0609 0980 IntelIde - ok
13:51:06.0687 0980 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:51:06.0859 0980 intelppm - ok
13:51:07.0015 0980 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:51:07.0296 0980 ip6fw - ok
13:51:07.0359 0980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:51:07.0578 0980 IpFilterDriver - ok
13:51:07.0781 0980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:51:08.0000 0980 IpInIp - ok
13:51:08.0062 0980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:51:08.0281 0980 IpNat - ok
13:51:08.0343 0980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:51:08.0531 0980 IPSec - ok
13:51:08.0609 0980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:51:08.0843 0980 IRENUM - ok
13:51:08.0937 0980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:51:09.0109 0980 isapnp - ok
13:51:09.0218 0980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:51:09.0406 0980 Kbdclass - ok
13:51:09.0484 0980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:51:09.0656 0980 kmixer - ok
13:51:09.0750 0980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:51:09.0906 0980 KSecDD - ok
13:51:10.0125 0980 lbrtfdc - ok
13:51:10.0250 0980 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:51:10.0921 0980 MBAMProtector - ok
13:51:11.0156 0980 MDC8021X (4fe6172e2fa816c6f55b31e99784fc33) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
13:51:11.0203 0980 MDC8021X ( UnsignedFile.Multi.Generic ) - warning
13:51:11.0203 0980 MDC8021X - detected UnsignedFile.Multi.Generic (1)
13:51:11.0281 0980 meiudf (766a1d242f4390ddf1243084898a20c9) C:\WINDOWS\system32\Drivers\meiudf.sys
13:51:11.0343 0980 meiudf ( UnsignedFile.Multi.Generic ) - warning
13:51:11.0343 0980 meiudf - detected UnsignedFile.Multi.Generic (1)
13:51:11.0437 0980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:51:11.0625 0980 mnmdd - ok
13:51:11.0703 0980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:51:11.0921 0980 Modem - ok
13:51:11.0968 0980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:51:12.0156 0980 Mouclass - ok
13:51:12.0187 0980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:51:12.0375 0980 MountMgr - ok
13:51:12.0500 0980 mraid35x - ok
13:51:12.0546 0980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:51:13.0015 0980 MRxDAV - ok
13:51:13.0343 0980 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:51:13.0765 0980 MRxSmb - ok
13:51:14.0265 0980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:51:14.0515 0980 Msfs - ok
13:51:14.0656 0980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:51:15.0078 0980 MSKSSRV - ok
13:51:16.0140 0980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:51:16.0390 0980 MSPCLOCK - ok
13:51:16.0546 0980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:51:16.0734 0980 MSPQM - ok
13:51:16.0859 0980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:51:17.0062 0980 mssmbios - ok
13:51:17.0156 0980 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:51:17.0375 0980 MSTEE - ok
13:51:17.0437 0980 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:51:17.0515 0980 Mup - ok
13:51:17.0578 0980 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:51:17.0750 0980 NABTSFEC - ok
13:51:18.0093 0980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:51:18.0281 0980 NDIS - ok
13:51:18.0328 0980 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:51:18.0515 0980 NdisIP - ok
13:51:18.0562 0980 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:51:18.0640 0980 NdisTapi - ok
13:51:18.0687 0980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:51:18.0890 0980 Ndisuio - ok
13:51:18.0953 0980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:51:19.0250 0980 NdisWan - ok
13:51:19.0375 0980 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:51:19.0484 0980 NDProxy - ok
13:51:19.0671 0980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:51:19.0859 0980 NetBIOS - ok
13:51:19.0937 0980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:51:20.0125 0980 NetBT - ok
13:51:20.0218 0980 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
13:51:20.0265 0980 Netdevio ( UnsignedFile.Multi.Generic ) - warning
13:51:20.0265 0980 Netdevio - detected UnsignedFile.Multi.Generic (1)
13:51:20.0359 0980 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:51:20.0578 0980 NIC1394 - ok
13:51:20.0625 0980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:51:20.0812 0980 Npfs - ok
13:51:20.0953 0980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:51:21.0234 0980 Ntfs - ok
13:51:21.0343 0980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:51:21.0593 0980 Null - ok
13:51:21.0656 0980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:51:21.0828 0980 NwlnkFlt - ok
13:51:21.0984 0980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:51:22.0156 0980 NwlnkFwd - ok
13:51:22.0187 0980 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:51:22.0359 0980 ohci1394 - ok
13:51:22.0453 0980 PalmUSBD - ok
13:51:22.0531 0980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:51:22.0718 0980 Parport - ok
13:51:22.0812 0980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:51:23.0015 0980 PartMgr - ok
13:51:23.0156 0980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:51:23.0328 0980 ParVdm - ok
13:51:23.0359 0980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:51:23.0593 0980 PCI - ok
13:51:23.0625 0980 PCIDump - ok
13:51:23.0750 0980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:51:23.0968 0980 PCIIde - ok
13:51:24.0109 0980 pciSd (221068851f8fd7d8d581738123196ee3) C:\WINDOWS\system32\DRIVERS\tossdpci.sys
13:51:24.0234 0980 pciSd - ok
13:51:24.0296 0980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:51:24.0500 0980 Pcmcia - ok
13:51:24.0562 0980 PDCOMP - ok
13:51:24.0593 0980 PDFRAME - ok
13:51:24.0609 0980 PDRELI - ok
13:51:24.0640 0980 PDRFRAME - ok
13:51:24.0687 0980 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
13:51:24.0718 0980 PenClass ( UnsignedFile.Multi.Generic ) - warning
13:51:24.0718 0980 PenClass - detected UnsignedFile.Multi.Generic (1)
13:51:24.0781 0980 perc2 - ok
13:51:24.0812 0980 perc2hib - ok
13:51:24.0921 0980 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
13:51:24.0968 0980 pfc ( UnsignedFile.Multi.Generic ) - warning
13:51:24.0968 0980 pfc - detected UnsignedFile.Multi.Generic (1)
13:51:25.0078 0980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:51:25.0296 0980 PptpMiniport - ok
13:51:25.0343 0980 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:51:25.0562 0980 Processor - ok
13:51:25.0609 0980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:51:25.0812 0980 PSched - ok
13:51:25.0953 0980 PTHDRBUS (ec53153f4feafd0f2b0bf15529e7b4d4) C:\WINDOWS\system32\DRIVERS\PTHDRBUS.sys
13:51:25.0984 0980 PTHDRBUS - ok
13:51:26.0156 0980 PTHDRMDM (58cff43f7f11b481df8690b6b98ef4d2) C:\WINDOWS\system32\DRIVERS\PTHDRMDM.sys
13:51:26.0203 0980 PTHDRMDM - ok
13:51:26.0281 0980 PTHDRVSP (5dcaff1304d02a27df9a46b2e8a920cd) C:\WINDOWS\system32\DRIVERS\PTHDRVSP.sys
13:51:26.0312 0980 PTHDRVSP - ok
13:51:26.0375 0980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:51:26.0546 0980 Ptilink - ok
13:51:26.0656 0980 PxHelp20 (352cf968df88760fef225c3fbe7184a7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
13:51:26.0703 0980 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
13:51:26.0703 0980 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
13:51:26.0734 0980 ql1080 - ok
13:51:26.0765 0980 Ql10wnt - ok
13:51:26.0796 0980 ql12160 - ok
13:51:26.0812 0980 ql1240 - ok
13:51:26.0843 0980 ql1280 - ok
13:51:26.0921 0980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:51:27.0109 0980 RasAcd - ok
13:51:27.0234 0980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:51:27.0437 0980 Rasl2tp - ok
13:51:27.0609 0980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:51:27.0812 0980 RasPppoe - ok
13:51:27.0875 0980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:51:28.0046 0980 Raspti - ok
13:51:28.0109 0980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:51:28.0281 0980 Rdbss - ok
13:51:28.0328 0980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:51:28.0515 0980 RDPCDD - ok
13:51:28.0640 0980 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:51:28.0734 0980 RDPWD - ok
13:51:28.0812 0980 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:51:29.0015 0980 redbook - ok
13:51:29.0281 0980 RTL8023xp (6164f7cff5bd381fda94badc417832c6) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:51:29.0390 0980 RTL8023xp - ok
13:51:29.0453 0980 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:51:29.0640 0980 rtl8139 - ok
13:51:29.0718 0980 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
13:51:29.0781 0980 s1018bus - ok
13:51:29.0859 0980 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
13:51:29.0906 0980 s1018mdfl - ok
13:51:29.0984 0980 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
13:51:30.0015 0980 s1018mdm - ok
13:51:30.0078 0980 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
13:51:30.0218 0980 s1018mgmt - ok
13:51:30.0359 0980 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
13:51:30.0390 0980 s1018nd5 - ok
13:51:30.0437 0980 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
13:51:30.0484 0980 s1018obex - ok
13:51:30.0531 0980 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
13:51:30.0562 0980 s1018unic - ok
13:51:30.0656 0980 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys
13:51:30.0671 0980 s125bus - ok
13:51:30.0750 0980 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
13:51:30.0796 0980 s125mdfl - ok
13:51:30.0859 0980 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys
13:51:30.0890 0980 s125mdm - ok
13:51:30.0968 0980 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
13:51:31.0015 0980 s125mgmt - ok
13:51:31.0093 0980 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys
13:51:31.0125 0980 s125obex - ok
13:51:31.0328 0980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:51:31.0531 0980 Secdrv - ok
13:51:31.0671 0980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:51:31.0843 0980 Serial - ok
13:51:31.0875 0980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:51:32.0078 0980 Sfloppy - ok
13:51:32.0109 0980 Simbad - ok
13:51:32.0187 0980 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:51:32.0390 0980 SLIP - ok
13:51:32.0500 0980 smwdm (f343cbf87cf8952701aa2062bdbf2bba) C:\WINDOWS\system32\drivers\smwdm.sys
13:51:32.0640 0980 smwdm - ok
13:51:32.0812 0980 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
13:51:33.0031 0980 SONYPVU1 - ok
13:51:33.0171 0980 Sparrow - ok
13:51:33.0234 0980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:51:33.0437 0980 splitter - ok
13:51:33.0500 0980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:51:33.0734 0980 sr - ok
13:51:34.0125 0980 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:51:34.0328 0980 Srv - ok
13:51:34.0421 0980 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:51:34.0640 0980 streamip - ok
13:51:34.0703 0980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:51:34.0906 0980 swenum - ok
13:51:35.0093 0980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:51:35.0312 0980 swmidi - ok
13:51:35.0500 0980 symc810 - ok
13:51:35.0515 0980 symc8xx - ok
13:51:35.0578 0980 SymEvent - ok
13:51:35.0593 0980 sym_hi - ok
13:51:35.0625 0980 sym_u3 - ok
13:51:35.0671 0980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:51:35.0859 0980 sysaudio - ok
13:51:35.0968 0980 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\System32\drivers\TBiosDrv.sys
13:51:36.0000 0980 TBiosDrv ( UnsignedFile.Multi.Generic ) - warning
13:51:36.0000 0980 TBiosDrv - detected UnsignedFile.Multi.Generic (1)
13:51:36.0109 0980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:51:36.0265 0980 Tcpip - ok
13:51:36.0406 0980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:51:36.0750 0980 TDPIPE - ok
13:51:36.0796 0980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:51:37.0000 0980 TDTCP - ok
13:51:37.0140 0980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:51:37.0375 0980 TermDD - ok
13:51:37.0421 0980 TosIde - ok
13:51:37.0484 0980 tossmbnt (b3b20cd6ab0c9ef8feef9fbbe04f1cb2) C:\WINDOWS\system32\drivers\tossmbnt.sys
13:51:37.0515 0980 tossmbnt ( UnsignedFile.Multi.Generic ) - warning
13:51:37.0515 0980 tossmbnt - detected UnsignedFile.Multi.Generic (1)
13:51:37.0609 0980 tsdhd (f85667bb084499da23397892974c1bdc) C:\WINDOWS\system32\DRIVERS\tsdhd.sys
13:51:37.0671 0980 tsdhd ( UnsignedFile.Multi.Generic ) - warning
13:51:37.0671 0980 tsdhd - detected UnsignedFile.Multi.Generic (1)
13:51:37.0750 0980 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
13:51:37.0906 0980 TVALZ ( UnsignedFile.Multi.Generic ) - warning
13:51:37.0906 0980 TVALZ - detected UnsignedFile.Multi.Generic (1)
13:51:38.0109 0980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:51:38.0281 0980 Udfs - ok
13:51:38.0296 0980 ultra - ok
13:51:38.0375 0980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:51:38.0578 0980 Update - ok
13:51:38.0625 0980 USBAAPL - ok
13:51:38.0703 0980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:51:38.0906 0980 usbccgp - ok
13:51:38.0953 0980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:51:39.0140 0980 usbehci - ok
13:51:39.0171 0980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:51:39.0359 0980 usbhub - ok
13:51:39.0515 0980 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:51:39.0687 0980 usbprint - ok
13:51:39.0734 0980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:51:40.0000 0980 usbscan - ok
13:51:40.0093 0980 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:51:40.0312 0980 USBSTOR - ok
13:51:40.0343 0980 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:51:40.0515 0980 usbuhci - ok
13:51:40.0593 0980 VET-FILT (e6287f6c77e71adfc6badb106cd30e7d) C:\WINDOWS\system32\drivers\VET-FILT.sys
13:51:40.0625 0980 VET-FILT - ok
13:51:40.0656 0980 VET-REC (cb98d6c1ade8a891cbbfd9beb1774f48) C:\WINDOWS\system32\drivers\VET-REC.sys
13:51:40.0671 0980 VET-REC - ok
13:51:40.0734 0980 VETEBOOT (c079f80582c31728029f3efcdfeaf221) C:\WINDOWS\system32\drivers\VETEBOOT.sys
13:51:40.0781 0980 VETEBOOT - ok
13:51:40.0968 0980 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys
13:51:41.0109 0980 VETEFILE - ok
13:51:41.0187 0980 VETFDDNT (05bdabe6664f48c54a6d3c538c8f2cc1) C:\WINDOWS\system32\drivers\VETFDDNT.sys
13:51:41.0218 0980 VETFDDNT - ok
13:51:41.0312 0980 VETMONNT (f5897ff7eb733670f92e798ef5358b88) C:\WINDOWS\system32\drivers\VETMONNT.sys
13:51:41.0359 0980 VETMONNT - ok
13:51:41.0406 0980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:51:41.0609 0980 VgaSave - ok
13:51:41.0625 0980 ViaIde - ok
13:51:41.0671 0980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:51:41.0875 0980 VolSnap - ok
13:51:42.0031 0980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:51:42.0234 0980 Wanarp - ok
13:51:42.0265 0980 wanatw - ok
13:51:42.0296 0980 WDICA - ok
13:51:42.0359 0980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:51:42.0515 0980 wdmaud - ok
13:51:42.0671 0980 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:51:42.0781 0980 WpdUsb - ok
13:51:42.0875 0980 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:51:43.0093 0980 WSTCODEC - ok
13:51:43.0203 0980 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:51:43.0312 0980 WudfPf - ok
13:51:43.0421 0980 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:51:43.0500 0980 WudfRd - ok
13:51:43.0593 0980 {6080A529-897E-4629-A488-ABA0C29B635E} (4ff040fe3099d578131cf62e3b822e0d) C:\WINDOWS\system32\drivers\ialmsbw.sys
13:51:43.0687 0980 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:51:43.0812 0980 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (9623fe5a34823ef8be6ba55cb52222e8) C:\WINDOWS\system32\drivers\ialmkchw.sys
13:51:43.0875 0980 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:51:43.0953 0980 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (4acdbb1e48986863b34e696b479f7455) C:\WINDOWS\system32\drivers\wA301a.sys
13:51:44.0015 0980 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok
13:51:44.0046 0980 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
13:51:44.0203 0980 \Device\Harddisk0\DR0 - ok
13:51:44.0531 0980 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
13:51:44.0718 0980 \Device\Harddisk1\DR2 - ok
13:51:44.0734 0980 Boot (0x1200) (d19a914923dc1a2705b4986dc29c862b) \Device\Harddisk0\DR0\Partition0
13:51:44.0734 0980 \Device\Harddisk0\DR0\Partition0 - ok
13:51:44.0750 0980 Boot (0x1200) (21ec954a5786d40d26a51d98708d7bb5) \Device\Harddisk1\DR2\Partition0
13:51:44.0750 0980 \Device\Harddisk1\DR2\Partition0 - ok
13:51:44.0750 0980 ============================================================
13:51:44.0750 0980 Scan finished
13:51:44.0750 0980 ============================================================
13:51:44.0875 3380 Detected object count: 12
13:51:44.0875 3380 Actual detected object count: 12
13:54:13.0906 3380 BsStor ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0906 3380 BsStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0906 3380 CdaC15BA ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0906 3380 CdaC15BA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0906 3380 MDC8021X ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0906 3380 MDC8021X ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0906 3380 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0906 3380 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0906 3380 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0906 3380 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0906 3380 PenClass ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0906 3380 PenClass ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0921 3380 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0921 3380 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0921 3380 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0921 3380 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0921 3380 TBiosDrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0921 3380 TBiosDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0921 3380 tossmbnt ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0921 3380 tossmbnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0921 3380 tsdhd ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0921 3380 tsdhd ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:13.0921 3380 TVALZ ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:13.0921 3380 TVALZ ( UnsignedFile.Multi.Generic ) - User select action: Skip

#6 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 08 February 2012 - 05:04 PM

While looking for the Report, I noticed a file named pagefile.sy it is next to pagefile.sys.
I suspect this was leftover from having a CA tech get into my computer ( while hustling me for cash ) I have found other such files, but the date looks to be from when I got Sytem restore.

#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 08 February 2012 - 05:19 PM

Don't worry about that for now, lets see if you can run ComboFix:

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 08 February 2012 - 05:30 PM

will get right to it, thanks Charlie.

#9 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 08 February 2012 - 06:58 PM

ComboFix, froze twice. The yellow cursor froze, and it never got to where it is supposed to change the clock.
I had to switch it off, and restart.

I printed the instructions, and followed them to a T.

During the first attempt, I ask that CA anti virus, which I had put to znooze for 90 minutes had to be unistalled. I had allready disabbled MB Pro and the windows firewall.

It went through the windows recovery console installation, and started the scan, and after about 6 minutes the cursor froze, I left it alone for 46 minutes, but it was obvious nothing was happening.

I wonder if my IDSl modem has a hardware firewall, could this be causing the freeze, how can I find out.

It kind of felt like what the DDS did, when it looked to have scaned, but when it tried to write the report if froze.

I tried running it a second time but the same happened.

I think maybe DDS did not work because CA antivirus was installed.

Please advise what to do next

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 08 February 2012 - 07:04 PM

Try it in safe mode, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 08 February 2012 - 08:01 PM

It froze in safe mode also.

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 08 February 2012 - 08:07 PM

Download aswMBR to your desktop.
http://public.avast....erek/aswMBR.exe
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 08 February 2012 - 08:14 PM

Firewall off and MB Pro off correct?

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 08 February 2012 - 08:42 PM

It doesn't have to be, but what ever works, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 08 February 2012 - 09:58 PM

Here is the report for C: drive.

I will run a scan on an external, which I removed to see if it help combofix complete a scan.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 17:18:01
-----------------------------
17:18:01.953 OS Version: Windows 5.1.2600 Service Pack 3
17:18:01.953 Number of processors: 1 586 0x209
17:18:01.953 ComputerName: TOUCHEBAG UserName: q
17:18:02.375 Initialize success
17:19:57.781 AVAST engine defs: 12020801
17:20:16.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:20:16.531 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
17:20:16.562 Disk 0 MBR read successfully
17:20:16.562 Disk 0 MBR scan
17:20:16.671 Disk 0 unknown MBR code
17:20:16.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
17:20:16.671 Disk 0 scanning sectors +117210240
17:20:17.031 Disk 0 scanning C:\WINDOWS\system32\drivers
17:20:35.265 Service scanning
17:20:37.609 Modules scanning
17:20:50.125 Disk 0 trace - called modules:
17:20:50.156 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:20:50.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863ce908]
17:20:50.187 3 CLASSPNP.SYS[f77dffd7] -> nt!IofCallDriver -> \Device\00000076[0x863d0f18]
17:20:50.187 5 ACPI.sys[f7736620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86344030]
17:20:51.125 AVAST engine scan C:\WINDOWS
17:21:08.312 AVAST engine scan C:\WINDOWS\system32
17:24:06.484 AVAST engine scan C:\WINDOWS\system32\drivers
17:24:29.046 AVAST engine scan C:\Documents and Settings\q
18:30:28.687 Verifying
18:30:38.812 Disk 0 Windows 501 MBR fixed successfully
18:52:35.921 AVAST engine scan C:\Documents and Settings\All Users
18:53:05.125 Scan finished successfully
18:53:30.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\q\Desktop\MBR.dat"
18:53:30.281 The log file has been saved successfully to "C:\Documents and Settings\q\Desktop\aswMBR.txt"

#16 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 09 February 2012 - 08:05 AM

F Drive

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 19:36:27
-----------------------------
19:36:27.718 OS Version: Windows 5.1.2600 Service Pack 3
19:36:27.718 Number of processors: 1 586 0x209
19:36:27.765 ComputerName: TOUCHEBAG UserName: q
19:36:29.218 Initialize success
19:36:47.843 AVAST engine defs: 12020801
19:38:07.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:38:07.437 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
19:38:07.468 Disk 0 MBR read successfully
19:38:07.468 Disk 0 MBR scan
19:38:07.609 Disk 0 Windows XP default MBR code
19:38:07.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
19:38:07.609 Disk 0 scanning sectors +117210240
19:38:07.984 Disk 0 scanning C:\WINDOWS\system32\drivers
19:38:25.359 Service scanning
19:38:26.765 Modules scanning
19:38:39.421 Disk 0 trace - called modules:
19:38:39.453 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:38:39.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863cf908]
19:38:39.453 3 CLASSPNP.SYS[f77dffd7] -> nt!IofCallDriver -> \Device\00000076[0x863d0f18]
19:38:39.468 5 ACPI.sys[f7736620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86344030]
19:38:40.718 AVAST engine scan F:\
20:33:16.640 Scan finished successfully
21:28:18.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\q\Desktop\MBR.dat"
21:28:18.890 The log file has been saved successfully to "C:\Documents and Settings\q\Desktop\aswMBRF.txt"


Also I tried DDS again and it froze just like it did in the begining

#17 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 09 February 2012 - 08:10 AM

I noticed there are 7 instances of svchost.exe running at all times, is this normal.

#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,178 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 February 2012 - 08:33 AM

Yes that is possible.

-----------------------------

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).


Click Start --> Run, and enter this command exactly as shown: (or Press the Windows logo key + R to bring up the "run box")


"%userprofile%\desktop\sega.com" /killall


See if it will run successfully now. Stop it after half an hour of no activity.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 09 February 2012 - 10:27 AM

Good morning Charlie,

I deleted the copy of CF, but there is also a folder with the computer icon, within C: drive called ComboFix, inside is this:

FILES STORED ON THIS COMPUTER

Shared Documents
q's documents

HARD DISK DRIVES

Local Disk C:
ET (F:)

DEVICES AND REMOVABLE STORAGE

DVD/CDRW


What should I do with this

#20 patagrande

patagrande

    New Member

  • Members
  • Pip
  • 40 posts

Posted 09 February 2012 - 10:30 AM

Also there are times when there many instances of Plugin container.exe running what is this doing.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users