patagrande

Infected and need help

71 posts in this topic

laptop was running slow and erratic, ran Malwarebytes pro, it alerted me of firefoxuninstall.exe was trojan and I opted to quarentine.

Symtoms continued, ran CA antivirus which picked up nothing as usual.

monitored applications with task manager and noticed that firefox was opening more than one instance, at one point one instance read Google Virus redirect .

ran MB pro again and it found another trojan, and I do not remember which one it said it was.

Quarentined it and later deleted both.

Ran several MB pro scans, and nothing showed up.

U pdated windows defender which picked up nothing, and later I uninstalled it.

Reading this thread;http://forums.malwarebytes.org/index.php?showtopic=9573

It sounds similar to what I was experiencing.

In preparing to post this new thread, I downloaded DDS.scr to the desktop and disabled MB pro windows firewall, and I snoozed the CA antivirus ( BTW should I get rid of the Ca AV it seams useless, could it be interfering with MB pro?) I tried several times to run DDS and everutime it seamed to run the scan, but never opened a save option panel like it says it should, after waiting up to 10 minutes, I attempetd to close DDS window but any mouse action froze the computer, leaving me no option but to switch off, and restart. after several of these instances I got a message on restart alerting me to reset active desktop, which to my knowledge I do not use. I followed the instructions and the alert disappeared.

I trashed the DDS.scr file and went looking for another download, same thing happened on several ocasions. When looking for the DDS.scr file on the desktop, it was lister as "screen saver" ??

Trashed it again and downled the DDS.com file to desktop again. Same thing happens.

Looks like a terrible start, not to even be able to run DDS and save the txt file to post here.

could there be another script blocking running, elsewhere that I do not know. CA AV was snoozed, MB Pro disabled, and Firewall off.

Please advise

Share this post


Link to post
Share on other sites

Welcome to the forum, see if you can run this:

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

RogueKiller V7.0.4 [02/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: q [Admin rights]

Mode: Scan -- Date : 02/08/2012 13:03:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 10 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N060ATMR04-0 +++++

--- User ---

[MBR] 0adf5cd53fc5266408060a59fd4084b1

[bSP] f480e0ffe868078be7c85b7929977b54 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MK1676GSX USB Device +++++

--- User ---

[MBR] e957d3a208e244ee36c737d24493a619

[bSP] c70c28a74af8e151c08b0bb6bd1ce88b : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 149001 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

ALSO: There are also three items within a folder named RK_Quarantine one being a QuarantineReport.txt file and two other files named,

PhysicalDrive0_User.dat and PhysicalDrive1_User.dat

Share this post


Link to post
Share on other sites
ALSO: There are also three items within a folder named RK_Quarantine one being a QuarantineReport.txt file and two other files named,

PhysicalDrive0_User.dat and PhysicalDrive1_User.dat

That's OK leave it for now.

-------------------------------

See if you can run TDSSKiller:

Please download and run TDSSKiller as outlined in the post below:

http://forums.malwar...howtopic=104821

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Post back the log, MrC

Share this post


Link to post
Share on other sites

13:49:33.0312 3680 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46

13:49:34.0593 3680 ============================================================

13:49:34.0593 3680 Current date / time: 2012/02/08 13:49:34.0593

13:49:34.0593 3680 SystemInfo:

13:49:34.0593 3680

13:49:34.0593 3680 OS Version: 5.1.2600 ServicePack: 3.0

13:49:34.0593 3680 Product type: Workstation

13:49:34.0593 3680 ComputerName: TOUCHEBAG

13:49:34.0593 3680 UserName: q

13:49:34.0593 3680 Windows directory: C:\WINDOWS

13:49:34.0593 3680 System windows directory: C:\WINDOWS

13:49:34.0593 3680 Processor architecture: Intel x86

13:49:34.0593 3680 Number of processors: 1

13:49:34.0593 3680 Page size: 0x1000

13:49:34.0593 3680 Boot type: Normal boot

13:49:34.0593 3680 ============================================================

13:49:40.0015 3680 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:49:40.0140 3680 Drive \Device\Harddisk1\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:49:40.0484 3680 \Device\Harddisk0\DR0:

13:49:40.0500 3680 MBR used

13:49:40.0500 3680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41

13:49:40.0500 3680 \Device\Harddisk1\DR2:

13:49:40.0500 3680 MBR used

13:49:40.0500 3680 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12304A34

13:49:40.0578 3680 Initialize success

13:49:40.0578 3680 ============================================================

13:50:33.0328 0980 ============================================================

13:50:33.0328 0980 Scan started

13:50:33.0328 0980 Mode: Manual; SigCheck; TDLFS;

13:50:33.0328 0980 ============================================================

13:50:35.0375 0980 Abiosdsk - ok

13:50:35.0390 0980 abp480n5 - ok

13:50:35.0453 0980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:50:45.0515 0980 ACPI - ok

13:50:45.0765 0980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:50:46.0031 0980 ACPIEC - ok

13:50:46.0171 0980 adpu160m - ok

13:50:46.0250 0980 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys

13:50:46.0421 0980 aeaudio - ok

13:50:46.0671 0980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:50:46.0937 0980 aec - ok

13:50:47.0031 0980 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:50:47.0328 0980 AFD - ok

13:50:47.0687 0980 AgereSoftModem (e66ae825c42b668a90e67e7e41eeeee7) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

13:50:47.0953 0980 AgereSoftModem - ok

13:50:48.0109 0980 Aha154x - ok

13:50:48.0140 0980 aic78u2 - ok

13:50:48.0171 0980 aic78xx - ok

13:50:48.0234 0980 AliIde - ok

13:50:48.0421 0980 AMDPCI - ok

13:50:48.0437 0980 amsint - ok

13:50:48.0531 0980 ApfiltrService (63abc55ac880b712b92f6d8e6b4f56ac) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

13:50:48.0750 0980 ApfiltrService - ok

13:50:48.0890 0980 AR5211 (32bf9185a7dc622c00791113d5568662) C:\WINDOWS\system32\DRIVERS\ar5211.sys

13:50:49.0000 0980 AR5211 - ok

13:50:49.0125 0980 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

13:50:49.0328 0980 Arp1394 - ok

13:50:49.0359 0980 asc - ok

13:50:49.0375 0980 asc3350p - ok

13:50:49.0406 0980 asc3550 - ok

13:50:49.0500 0980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:50:49.0718 0980 AsyncMac - ok

13:50:49.0781 0980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:50:50.0000 0980 atapi - ok

13:50:50.0015 0980 Atdisk - ok

13:50:50.0187 0980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:50:50.0406 0980 Atmarpc - ok

13:50:50.0625 0980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:50:50.0890 0980 audstub - ok

13:50:51.0015 0980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:50:51.0281 0980 Beep - ok

13:50:51.0437 0980 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

13:50:51.0687 0980 Bridge - ok

13:50:51.0781 0980 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

13:50:51.0953 0980 BridgeMP - ok

13:50:52.0093 0980 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\drivers\BsStor.sys

13:50:52.0187 0980 BsStor ( UnsignedFile.Multi.Generic ) - warning

13:50:52.0187 0980 BsStor - detected UnsignedFile.Multi.Generic (1)

13:50:52.0406 0980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:50:52.0609 0980 cbidf2k - ok

13:50:52.0671 0980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

13:50:52.0890 0980 CCDECODE - ok

13:50:52.0906 0980 cd20xrnt - ok

13:50:53.0093 0980 CdaC15BA (82c4c6a2343b592c4fd590f625a724a9) C:\WINDOWS\System32\drivers\CDAC15BA.SYS

13:50:53.0156 0980 CdaC15BA ( UnsignedFile.Multi.Generic ) - warning

13:50:53.0156 0980 CdaC15BA - detected UnsignedFile.Multi.Generic (1)

13:50:53.0234 0980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:50:53.0437 0980 Cdaudio - ok

13:50:53.0562 0980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:50:53.0812 0980 Cdfs - ok

13:50:53.0984 0980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:50:54.0187 0980 Cdrom - ok

13:50:54.0218 0980 Changer - ok

13:50:54.0328 0980 CIF USB CAMERA Service (6828fb73dd48567ac867e216f65d72f4) C:\WINDOWS\system32\DRIVERS\pfc027.sys

13:50:54.0468 0980 CIF USB CAMERA Service - ok

13:50:54.0640 0980 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

13:50:54.0843 0980 CmBatt - ok

13:50:54.0875 0980 CmdIde - ok

13:50:54.0921 0980 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

13:50:55.0140 0980 Compbatt - ok

13:50:55.0203 0980 Cpqarray - ok

13:50:55.0234 0980 dac2w2k - ok

13:50:55.0265 0980 dac960nt - ok

13:50:55.0343 0980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:50:55.0578 0980 Disk - ok

13:50:55.0781 0980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:50:56.0562 0980 dmboot - ok

13:50:56.0875 0980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:50:57.0109 0980 dmio - ok

13:50:57.0375 0980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:50:57.0625 0980 dmload - ok

13:50:58.0093 0980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:50:58.0359 0980 DMusic - ok

13:50:58.0484 0980 dpti2o - ok

13:50:58.0578 0980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:50:58.0828 0980 drmkaud - ok

13:50:59.0015 0980 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:50:59.0171 0980 E100B - ok

13:50:59.0328 0980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:50:59.0562 0980 Fastfat - ok

13:50:59.0687 0980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

13:50:59.0875 0980 Fdc - ok

13:51:00.0000 0980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:51:00.0265 0980 Fips - ok

13:51:00.0359 0980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

13:51:00.0609 0980 Flpydisk - ok

13:51:00.0687 0980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:51:00.0890 0980 FltMgr - ok

13:51:00.0953 0980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:51:01.0140 0980 Fs_Rec - ok

13:51:01.0218 0980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:51:01.0437 0980 Ftdisk - ok

13:51:01.0578 0980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:51:01.0812 0980 Gpc - ok

13:51:01.0937 0980 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:51:02.0156 0980 HidUsb - ok

13:51:02.0187 0980 hpn - ok

13:51:02.0296 0980 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

13:51:02.0546 0980 HPZid412 - ok

13:51:02.0703 0980 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

13:51:02.0812 0980 HPZipr12 - ok

13:51:02.0843 0980 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

13:51:02.0937 0980 HPZius12 - ok

13:51:03.0000 0980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:51:03.0187 0980 HTTP - ok

13:51:03.0218 0980 i2omgmt - ok

13:51:03.0250 0980 i2omp - ok

13:51:03.0296 0980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:51:03.0546 0980 i8042prt - ok

13:51:03.0625 0980 ialm (759a944aa02f686ec069e6ff5b5636d8) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

13:51:05.0187 0980 ialm - ok

13:51:05.0687 0980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:51:05.0921 0980 Imapi - ok

13:51:06.0156 0980 ini910u - ok

13:51:06.0359 0980 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:51:06.0609 0980 IntelIde - ok

13:51:06.0687 0980 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:51:06.0859 0980 intelppm - ok

13:51:07.0015 0980 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:51:07.0296 0980 ip6fw - ok

13:51:07.0359 0980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:51:07.0578 0980 IpFilterDriver - ok

13:51:07.0781 0980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:51:08.0000 0980 IpInIp - ok

13:51:08.0062 0980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:51:08.0281 0980 IpNat - ok

13:51:08.0343 0980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:51:08.0531 0980 IPSec - ok

13:51:08.0609 0980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:51:08.0843 0980 IRENUM - ok

13:51:08.0937 0980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:51:09.0109 0980 isapnp - ok

13:51:09.0218 0980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:51:09.0406 0980 Kbdclass - ok

13:51:09.0484 0980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:51:09.0656 0980 kmixer - ok

13:51:09.0750 0980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:51:09.0906 0980 KSecDD - ok

13:51:10.0125 0980 lbrtfdc - ok

13:51:10.0250 0980 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

13:51:10.0921 0980 MBAMProtector - ok

13:51:11.0156 0980 MDC8021X (4fe6172e2fa816c6f55b31e99784fc33) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

13:51:11.0203 0980 MDC8021X ( UnsignedFile.Multi.Generic ) - warning

13:51:11.0203 0980 MDC8021X - detected UnsignedFile.Multi.Generic (1)

13:51:11.0281 0980 meiudf (766a1d242f4390ddf1243084898a20c9) C:\WINDOWS\system32\Drivers\meiudf.sys

13:51:11.0343 0980 meiudf ( UnsignedFile.Multi.Generic ) - warning

13:51:11.0343 0980 meiudf - detected UnsignedFile.Multi.Generic (1)

13:51:11.0437 0980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:51:11.0625 0980 mnmdd - ok

13:51:11.0703 0980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:51:11.0921 0980 Modem - ok

13:51:11.0968 0980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:51:12.0156 0980 Mouclass - ok

13:51:12.0187 0980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:51:12.0375 0980 MountMgr - ok

13:51:12.0500 0980 mraid35x - ok

13:51:12.0546 0980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:51:13.0015 0980 MRxDAV - ok

13:51:13.0343 0980 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:51:13.0765 0980 MRxSmb - ok

13:51:14.0265 0980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:51:14.0515 0980 Msfs - ok

13:51:14.0656 0980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:51:15.0078 0980 MSKSSRV - ok

13:51:16.0140 0980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:51:16.0390 0980 MSPCLOCK - ok

13:51:16.0546 0980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:51:16.0734 0980 MSPQM - ok

13:51:16.0859 0980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:51:17.0062 0980 mssmbios - ok

13:51:17.0156 0980 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

13:51:17.0375 0980 MSTEE - ok

13:51:17.0437 0980 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:51:17.0515 0980 Mup - ok

13:51:17.0578 0980 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

13:51:17.0750 0980 NABTSFEC - ok

13:51:18.0093 0980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:51:18.0281 0980 NDIS - ok

13:51:18.0328 0980 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

13:51:18.0515 0980 NdisIP - ok

13:51:18.0562 0980 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:51:18.0640 0980 NdisTapi - ok

13:51:18.0687 0980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:51:18.0890 0980 Ndisuio - ok

13:51:18.0953 0980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:51:19.0250 0980 NdisWan - ok

13:51:19.0375 0980 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:51:19.0484 0980 NDProxy - ok

13:51:19.0671 0980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:51:19.0859 0980 NetBIOS - ok

13:51:19.0937 0980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:51:20.0125 0980 NetBT - ok

13:51:20.0218 0980 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

13:51:20.0265 0980 Netdevio ( UnsignedFile.Multi.Generic ) - warning

13:51:20.0265 0980 Netdevio - detected UnsignedFile.Multi.Generic (1)

13:51:20.0359 0980 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

13:51:20.0578 0980 NIC1394 - ok

13:51:20.0625 0980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:51:20.0812 0980 Npfs - ok

13:51:20.0953 0980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:51:21.0234 0980 Ntfs - ok

13:51:21.0343 0980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:51:21.0593 0980 Null - ok

13:51:21.0656 0980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:51:21.0828 0980 NwlnkFlt - ok

13:51:21.0984 0980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:51:22.0156 0980 NwlnkFwd - ok

13:51:22.0187 0980 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

13:51:22.0359 0980 ohci1394 - ok

13:51:22.0453 0980 PalmUSBD - ok

13:51:22.0531 0980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:51:22.0718 0980 Parport - ok

13:51:22.0812 0980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:51:23.0015 0980 PartMgr - ok

13:51:23.0156 0980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:51:23.0328 0980 ParVdm - ok

13:51:23.0359 0980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:51:23.0593 0980 PCI - ok

13:51:23.0625 0980 PCIDump - ok

13:51:23.0750 0980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:51:23.0968 0980 PCIIde - ok

13:51:24.0109 0980 pciSd (221068851f8fd7d8d581738123196ee3) C:\WINDOWS\system32\DRIVERS\tossdpci.sys

13:51:24.0234 0980 pciSd - ok

13:51:24.0296 0980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

13:51:24.0500 0980 Pcmcia - ok

13:51:24.0562 0980 PDCOMP - ok

13:51:24.0593 0980 PDFRAME - ok

13:51:24.0609 0980 PDRELI - ok

13:51:24.0640 0980 PDRFRAME - ok

13:51:24.0687 0980 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys

13:51:24.0718 0980 PenClass ( UnsignedFile.Multi.Generic ) - warning

13:51:24.0718 0980 PenClass - detected UnsignedFile.Multi.Generic (1)

13:51:24.0781 0980 perc2 - ok

13:51:24.0812 0980 perc2hib - ok

13:51:24.0921 0980 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys

13:51:24.0968 0980 pfc ( UnsignedFile.Multi.Generic ) - warning

13:51:24.0968 0980 pfc - detected UnsignedFile.Multi.Generic (1)

13:51:25.0078 0980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:51:25.0296 0980 PptpMiniport - ok

13:51:25.0343 0980 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

13:51:25.0562 0980 Processor - ok

13:51:25.0609 0980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:51:25.0812 0980 PSched - ok

13:51:25.0953 0980 PTHDRBUS (ec53153f4feafd0f2b0bf15529e7b4d4) C:\WINDOWS\system32\DRIVERS\PTHDRBUS.sys

13:51:25.0984 0980 PTHDRBUS - ok

13:51:26.0156 0980 PTHDRMDM (58cff43f7f11b481df8690b6b98ef4d2) C:\WINDOWS\system32\DRIVERS\PTHDRMDM.sys

13:51:26.0203 0980 PTHDRMDM - ok

13:51:26.0281 0980 PTHDRVSP (5dcaff1304d02a27df9a46b2e8a920cd) C:\WINDOWS\system32\DRIVERS\PTHDRVSP.sys

13:51:26.0312 0980 PTHDRVSP - ok

13:51:26.0375 0980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:51:26.0546 0980 Ptilink - ok

13:51:26.0656 0980 PxHelp20 (352cf968df88760fef225c3fbe7184a7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

13:51:26.0703 0980 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

13:51:26.0703 0980 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

13:51:26.0734 0980 ql1080 - ok

13:51:26.0765 0980 Ql10wnt - ok

13:51:26.0796 0980 ql12160 - ok

13:51:26.0812 0980 ql1240 - ok

13:51:26.0843 0980 ql1280 - ok

13:51:26.0921 0980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:51:27.0109 0980 RasAcd - ok

13:51:27.0234 0980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:51:27.0437 0980 Rasl2tp - ok

13:51:27.0609 0980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:51:27.0812 0980 RasPppoe - ok

13:51:27.0875 0980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:51:28.0046 0980 Raspti - ok

13:51:28.0109 0980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:51:28.0281 0980 Rdbss - ok

13:51:28.0328 0980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:51:28.0515 0980 RDPCDD - ok

13:51:28.0640 0980 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

13:51:28.0734 0980 RDPWD - ok

13:51:28.0812 0980 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:51:29.0015 0980 redbook - ok

13:51:29.0281 0980 RTL8023xp (6164f7cff5bd381fda94badc417832c6) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

13:51:29.0390 0980 RTL8023xp - ok

13:51:29.0453 0980 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

13:51:29.0640 0980 rtl8139 - ok

13:51:29.0718 0980 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys

13:51:29.0781 0980 s1018bus - ok

13:51:29.0859 0980 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys

13:51:29.0906 0980 s1018mdfl - ok

13:51:29.0984 0980 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys

13:51:30.0015 0980 s1018mdm - ok

13:51:30.0078 0980 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys

13:51:30.0218 0980 s1018mgmt - ok

13:51:30.0359 0980 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys

13:51:30.0390 0980 s1018nd5 - ok

13:51:30.0437 0980 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys

13:51:30.0484 0980 s1018obex - ok

13:51:30.0531 0980 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys

13:51:30.0562 0980 s1018unic - ok

13:51:30.0656 0980 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys

13:51:30.0671 0980 s125bus - ok

13:51:30.0750 0980 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys

13:51:30.0796 0980 s125mdfl - ok

13:51:30.0859 0980 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys

13:51:30.0890 0980 s125mdm - ok

13:51:30.0968 0980 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys

13:51:31.0015 0980 s125mgmt - ok

13:51:31.0093 0980 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys

13:51:31.0125 0980 s125obex - ok

13:51:31.0328 0980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:51:31.0531 0980 Secdrv - ok

13:51:31.0671 0980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

13:51:31.0843 0980 Serial - ok

13:51:31.0875 0980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

13:51:32.0078 0980 Sfloppy - ok

13:51:32.0109 0980 Simbad - ok

13:51:32.0187 0980 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

13:51:32.0390 0980 SLIP - ok

13:51:32.0500 0980 smwdm (f343cbf87cf8952701aa2062bdbf2bba) C:\WINDOWS\system32\drivers\smwdm.sys

13:51:32.0640 0980 smwdm - ok

13:51:32.0812 0980 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

13:51:33.0031 0980 SONYPVU1 - ok

13:51:33.0171 0980 Sparrow - ok

13:51:33.0234 0980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:51:33.0437 0980 splitter - ok

13:51:33.0500 0980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:51:33.0734 0980 sr - ok

13:51:34.0125 0980 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:51:34.0328 0980 Srv - ok

13:51:34.0421 0980 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

13:51:34.0640 0980 streamip - ok

13:51:34.0703 0980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:51:34.0906 0980 swenum - ok

13:51:35.0093 0980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:51:35.0312 0980 swmidi - ok

13:51:35.0500 0980 symc810 - ok

13:51:35.0515 0980 symc8xx - ok

13:51:35.0578 0980 SymEvent - ok

13:51:35.0593 0980 sym_hi - ok

13:51:35.0625 0980 sym_u3 - ok

13:51:35.0671 0980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:51:35.0859 0980 sysaudio - ok

13:51:35.0968 0980 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\System32\drivers\TBiosDrv.sys

13:51:36.0000 0980 TBiosDrv ( UnsignedFile.Multi.Generic ) - warning

13:51:36.0000 0980 TBiosDrv - detected UnsignedFile.Multi.Generic (1)

13:51:36.0109 0980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:51:36.0265 0980 Tcpip - ok

13:51:36.0406 0980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:51:36.0750 0980 TDPIPE - ok

13:51:36.0796 0980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:51:37.0000 0980 TDTCP - ok

13:51:37.0140 0980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:51:37.0375 0980 TermDD - ok

13:51:37.0421 0980 TosIde - ok

13:51:37.0484 0980 tossmbnt (b3b20cd6ab0c9ef8feef9fbbe04f1cb2) C:\WINDOWS\system32\drivers\tossmbnt.sys

13:51:37.0515 0980 tossmbnt ( UnsignedFile.Multi.Generic ) - warning

13:51:37.0515 0980 tossmbnt - detected UnsignedFile.Multi.Generic (1)

13:51:37.0609 0980 tsdhd (f85667bb084499da23397892974c1bdc) C:\WINDOWS\system32\DRIVERS\tsdhd.sys

13:51:37.0671 0980 tsdhd ( UnsignedFile.Multi.Generic ) - warning

13:51:37.0671 0980 tsdhd - detected UnsignedFile.Multi.Generic (1)

13:51:37.0750 0980 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS

13:51:37.0906 0980 TVALZ ( UnsignedFile.Multi.Generic ) - warning

13:51:37.0906 0980 TVALZ - detected UnsignedFile.Multi.Generic (1)

13:51:38.0109 0980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:51:38.0281 0980 Udfs - ok

13:51:38.0296 0980 ultra - ok

13:51:38.0375 0980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:51:38.0578 0980 Update - ok

13:51:38.0625 0980 USBAAPL - ok

13:51:38.0703 0980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:51:38.0906 0980 usbccgp - ok

13:51:38.0953 0980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:51:39.0140 0980 usbehci - ok

13:51:39.0171 0980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:51:39.0359 0980 usbhub - ok

13:51:39.0515 0980 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:51:39.0687 0980 usbprint - ok

13:51:39.0734 0980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:51:40.0000 0980 usbscan - ok

13:51:40.0093 0980 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:51:40.0312 0980 USBSTOR - ok

13:51:40.0343 0980 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:51:40.0515 0980 usbuhci - ok

13:51:40.0593 0980 VET-FILT (e6287f6c77e71adfc6badb106cd30e7d) C:\WINDOWS\system32\drivers\VET-FILT.sys

13:51:40.0625 0980 VET-FILT - ok

13:51:40.0656 0980 VET-REC (cb98d6c1ade8a891cbbfd9beb1774f48) C:\WINDOWS\system32\drivers\VET-REC.sys

13:51:40.0671 0980 VET-REC - ok

13:51:40.0734 0980 VETEBOOT (c079f80582c31728029f3efcdfeaf221) C:\WINDOWS\system32\drivers\VETEBOOT.sys

13:51:40.0781 0980 VETEBOOT - ok

13:51:40.0968 0980 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys

13:51:41.0109 0980 VETEFILE - ok

13:51:41.0187 0980 VETFDDNT (05bdabe6664f48c54a6d3c538c8f2cc1) C:\WINDOWS\system32\drivers\VETFDDNT.sys

13:51:41.0218 0980 VETFDDNT - ok

13:51:41.0312 0980 VETMONNT (f5897ff7eb733670f92e798ef5358b88) C:\WINDOWS\system32\drivers\VETMONNT.sys

13:51:41.0359 0980 VETMONNT - ok

13:51:41.0406 0980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:51:41.0609 0980 VgaSave - ok

13:51:41.0625 0980 ViaIde - ok

13:51:41.0671 0980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:51:41.0875 0980 VolSnap - ok

13:51:42.0031 0980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:51:42.0234 0980 Wanarp - ok

13:51:42.0265 0980 wanatw - ok

13:51:42.0296 0980 WDICA - ok

13:51:42.0359 0980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:51:42.0515 0980 wdmaud - ok

13:51:42.0671 0980 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

13:51:42.0781 0980 WpdUsb - ok

13:51:42.0875 0980 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

13:51:43.0093 0980 WSTCODEC - ok

13:51:43.0203 0980 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:51:43.0312 0980 WudfPf - ok

13:51:43.0421 0980 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:51:43.0500 0980 WudfRd - ok

13:51:43.0593 0980 {6080A529-897E-4629-A488-ABA0C29B635E} (4ff040fe3099d578131cf62e3b822e0d) C:\WINDOWS\system32\drivers\ialmsbw.sys

13:51:43.0687 0980 {6080A529-897E-4629-A488-ABA0C29B635E} - ok

13:51:43.0812 0980 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (9623fe5a34823ef8be6ba55cb52222e8) C:\WINDOWS\system32\drivers\ialmkchw.sys

13:51:43.0875 0980 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok

13:51:43.0953 0980 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (4acdbb1e48986863b34e696b479f7455) C:\WINDOWS\system32\drivers\wA301a.sys

13:51:44.0015 0980 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok

13:51:44.0046 0980 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0

13:51:44.0203 0980 \Device\Harddisk0\DR0 - ok

13:51:44.0531 0980 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2

13:51:44.0718 0980 \Device\Harddisk1\DR2 - ok

13:51:44.0734 0980 Boot (0x1200) (d19a914923dc1a2705b4986dc29c862b) \Device\Harddisk0\DR0\Partition0

13:51:44.0734 0980 \Device\Harddisk0\DR0\Partition0 - ok

13:51:44.0750 0980 Boot (0x1200) (21ec954a5786d40d26a51d98708d7bb5) \Device\Harddisk1\DR2\Partition0

13:51:44.0750 0980 \Device\Harddisk1\DR2\Partition0 - ok

13:51:44.0750 0980 ============================================================

13:51:44.0750 0980 Scan finished

13:51:44.0750 0980 ============================================================

13:51:44.0875 3380 Detected object count: 12

13:51:44.0875 3380 Actual detected object count: 12

13:54:13.0906 3380 BsStor ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0906 3380 BsStor ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0906 3380 CdaC15BA ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0906 3380 CdaC15BA ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0906 3380 MDC8021X ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0906 3380 MDC8021X ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0906 3380 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0906 3380 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0906 3380 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0906 3380 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0906 3380 PenClass ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0906 3380 PenClass ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0921 3380 pfc ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0921 3380 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0921 3380 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0921 3380 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0921 3380 TBiosDrv ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0921 3380 TBiosDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0921 3380 tossmbnt ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0921 3380 tossmbnt ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0921 3380 tsdhd ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0921 3380 tsdhd ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:54:13.0921 3380 TVALZ ( UnsignedFile.Multi.Generic ) - skipped by user

13:54:13.0921 3380 TVALZ ( UnsignedFile.Multi.Generic ) - User select action: Skip

Share this post


Link to post
Share on other sites

While looking for the Report, I noticed a file named pagefile.sy it is next to pagefile.sys.

I suspect this was leftover from having a CA tech get into my computer ( while hustling me for cash ) I have found other such files, but the date looks to be from when I got Sytem restore.

Share this post


Link to post
Share on other sites

Don't worry about that for now, lets see if you can run ComboFix:

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Share this post


Link to post
Share on other sites

ComboFix, froze twice. The yellow cursor froze, and it never got to where it is supposed to change the clock.

I had to switch it off, and restart.

I printed the instructions, and followed them to a T.

During the first attempt, I ask that CA anti virus, which I had put to znooze for 90 minutes had to be unistalled. I had allready disabbled MB Pro and the windows firewall.

It went through the windows recovery console installation, and started the scan, and after about 6 minutes the cursor froze, I left it alone for 46 minutes, but it was obvious nothing was happening.

I wonder if my IDSl modem has a hardware firewall, could this be causing the freeze, how can I find out.

It kind of felt like what the DDS did, when it looked to have scaned, but when it tried to write the report if froze.

I tried running it a second time but the same happened.

I think maybe DDS did not work because CA antivirus was installed.

Please advise what to do next

Share this post


Link to post
Share on other sites

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Share this post


Link to post
Share on other sites

It doesn't have to be, but what ever works, MrC

Share this post


Link to post
Share on other sites

Here is the report for C: drive.

I will run a scan on an external, which I removed to see if it help combofix complete a scan.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software

Run date: 2012-02-08 17:18:01

-----------------------------

17:18:01.953 OS Version: Windows 5.1.2600 Service Pack 3

17:18:01.953 Number of processors: 1 586 0x209

17:18:01.953 ComputerName: TOUCHEBAG UserName: q

17:18:02.375 Initialize success

17:19:57.781 AVAST engine defs: 12020801

17:20:16.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

17:20:16.531 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3

17:20:16.562 Disk 0 MBR read successfully

17:20:16.562 Disk 0 MBR scan

17:20:16.671 Disk 0 unknown MBR code

17:20:16.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63

17:20:16.671 Disk 0 scanning sectors +117210240

17:20:17.031 Disk 0 scanning C:\WINDOWS\system32\drivers

17:20:35.265 Service scanning

17:20:37.609 Modules scanning

17:20:50.125 Disk 0 trace - called modules:

17:20:50.156 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

17:20:50.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863ce908]

17:20:50.187 3 CLASSPNP.SYS[f77dffd7] -> nt!IofCallDriver -> \Device\00000076[0x863d0f18]

17:20:50.187 5 ACPI.sys[f7736620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86344030]

17:20:51.125 AVAST engine scan C:\WINDOWS

17:21:08.312 AVAST engine scan C:\WINDOWS\system32

17:24:06.484 AVAST engine scan C:\WINDOWS\system32\drivers

17:24:29.046 AVAST engine scan C:\Documents and Settings\q

18:30:28.687 Verifying

18:30:38.812 Disk 0 Windows 501 MBR fixed successfully

18:52:35.921 AVAST engine scan C:\Documents and Settings\All Users

18:53:05.125 Scan finished successfully

18:53:30.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\q\Desktop\MBR.dat"

18:53:30.281 The log file has been saved successfully to "C:\Documents and Settings\q\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

F Drive

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software

Run date: 2012-02-08 19:36:27

-----------------------------

19:36:27.718 OS Version: Windows 5.1.2600 Service Pack 3

19:36:27.718 Number of processors: 1 586 0x209

19:36:27.765 ComputerName: TOUCHEBAG UserName: q

19:36:29.218 Initialize success

19:36:47.843 AVAST engine defs: 12020801

19:38:07.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

19:38:07.437 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3

19:38:07.468 Disk 0 MBR read successfully

19:38:07.468 Disk 0 MBR scan

19:38:07.609 Disk 0 Windows XP default MBR code

19:38:07.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63

19:38:07.609 Disk 0 scanning sectors +117210240

19:38:07.984 Disk 0 scanning C:\WINDOWS\system32\drivers

19:38:25.359 Service scanning

19:38:26.765 Modules scanning

19:38:39.421 Disk 0 trace - called modules:

19:38:39.453 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

19:38:39.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863cf908]

19:38:39.453 3 CLASSPNP.SYS[f77dffd7] -> nt!IofCallDriver -> \Device\00000076[0x863d0f18]

19:38:39.468 5 ACPI.sys[f7736620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86344030]

19:38:40.718 AVAST engine scan F:\

20:33:16.640 Scan finished successfully

21:28:18.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\q\Desktop\MBR.dat"

21:28:18.890 The log file has been saved successfully to "C:\Documents and Settings\q\Desktop\aswMBRF.txt"

Also I tried DDS again and it froze just like it did in the begining

Share this post


Link to post
Share on other sites

I noticed there are 7 instances of svchost.exe running at all times, is this normal.

Share this post


Link to post
Share on other sites

Yes that is possible.

-----------------------------

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (or Press the Windows logo key + R to bring up the "run box")

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

MrC

Share this post


Link to post
Share on other sites

Good morning Charlie,

I deleted the copy of CF, but there is also a folder with the computer icon, within C: drive called ComboFix, inside is this:

FILES STORED ON THIS COMPUTER

Shared Documents

q's documents

HARD DISK DRIVES

Local Disk C:

ET (F:)

DEVICES AND REMOVABLE STORAGE

DVD/CDRW

What should I do with this

Share this post


Link to post
Share on other sites

Also there are times when there many instances of Plugin container.exe running what is this doing.

Share this post


Link to post
Share on other sites

Please relax and just do what I ask, don't worry about other things right now.

Just delete your copy of ComboFix that is on your desktop, download a fresh copy to your desktop and before save it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (or Press the Windows logo key + R to bring up the "run box")

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

MrC

Share this post


Link to post
Share on other sites

When I download the new copy, I rename it sega.com but an .exe is added at the end when it shows on the desktop. I tried chaging from the default choice of "application" to the only other one " ALL Files" but it does the same, I can only rename, delete the .exe after it is on the desktop. Is this OK

Share this post


Link to post
Share on other sites

Delete the ComboFix you downloaded, now you have to rename it before you save it

Download Combofix but rename it to sega.com before saving it to your desktop.

You can't rename it after you have saved it.

MrC

Share this post


Link to post
Share on other sites

Cannot do that, after clicking on the download link, I get the save box, there are only two options on the drop down menu for file type.

The default is "application" I tried renameing the file sega.com and click to save to desktop, but by the time it shows up on the desktop, it has an .exe at the end.

The only other oprion on the dropdown menu is "ALL Files" and the same happens, it does le me write segao.com, but it shows up as sega.com.exe on the desktop

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.