omdevn

broken.opencommand

16 posts in this topic

Hello omdevn and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please download one of the following and run it:

http://download.bleepingcomputer.com/FixExec/32-bit/FixExec.com

http://download.bleepingcomputer.com/FixExec/32-bit/FixExec.pif

http://download.bleepingcomputer.com/FixExec/32-bit/FixExec.scr

When FixExec has finished running it will create a log on your Windows desktop called FixExec.txt. This log will contain a list of the items that were repaired on your computer. Post it in your next reply.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

Thanks for taking the time and interest in my problem. Though I am a paying customer, I prefer to be guided by you in solving my problem.

Here are the posts which you have asked for:

1. TDSSKiller log

22:01:47.0051 5656 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

22:01:48.0194 5656 ============================================================

22:01:48.0194 5656 Current date / time: 2012/03/19 22:01:48.0194

22:01:48.0195 5656 SystemInfo:

22:01:48.0195 5656

22:01:48.0195 5656 OS Version: 6.1.7601 ServicePack: 1.0

22:01:48.0195 5656 Product type: Workstation

22:01:48.0195 5656 ComputerName: OMDEVA-PC

22:01:48.0195 5656 UserName: Om Deva

22:01:48.0196 5656 Windows directory: C:\Windows

22:01:48.0196 5656 System windows directory: C:\Windows

22:01:48.0196 5656 Processor architecture: Intel x86

22:01:48.0196 5656 Number of processors: 2

22:01:48.0196 5656 Page size: 0x1000

22:01:48.0196 5656 Boot type: Normal boot

22:01:48.0196 5656 ============================================================

22:01:50.0682 5656 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:01:53.0947 5656 Drive \Device\Harddisk2\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

22:01:53.0950 5656 \Device\Harddisk0\DR0:

22:01:54.0189 5656 MBR used

22:01:54.0190 5656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

22:01:54.0190 5656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800

22:01:54.0190 5656 \Device\Harddisk2\DR4:

22:01:54.0191 5656 MBR used

22:01:54.0191 5656 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

22:01:54.0223 5656 Initialize success

22:01:54.0223 5656 ============================================================

22:02:51.0617 9212 ============================================================

22:02:51.0617 9212 Scan started

22:02:51.0617 9212 Mode: Manual; SigCheck; TDLFS;

22:02:51.0617 9212 ============================================================

22:02:52.0521 9212 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

22:02:52.0686 9212 1394ohci - ok

22:02:52.0744 9212 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

22:02:52.0794 9212 ACPI - ok

22:02:52.0829 9212 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

22:02:52.0889 9212 AcpiPmi - ok

22:02:52.0939 9212 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

22:02:53.0033 9212 adp94xx - ok

22:02:53.0138 9212 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

22:02:53.0197 9212 adpahci - ok

22:02:53.0240 9212 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

22:02:53.0302 9212 adpu320 - ok

22:02:53.0381 9212 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

22:02:53.0492 9212 AFD - ok

22:02:53.0526 9212 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

22:02:53.0578 9212 agp440 - ok

22:02:53.0616 9212 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

22:02:53.0664 9212 aic78xx - ok

22:02:53.0704 9212 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

22:02:53.0766 9212 aliide - ok

22:02:53.0803 9212 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

22:02:53.0881 9212 amdagp - ok

22:02:53.0919 9212 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

22:02:53.0965 9212 amdide - ok

22:02:53.0997 9212 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

22:02:54.0096 9212 AmdK8 - ok

22:02:54.0128 9212 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

22:02:54.0185 9212 AmdPPM - ok

22:02:54.0217 9212 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

22:02:54.0287 9212 amdsata - ok

22:02:54.0347 9212 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

22:02:54.0438 9212 amdsbs - ok

22:02:54.0456 9212 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

22:02:54.0500 9212 amdxata - ok

22:02:54.0539 9212 AMP (a7634ad081a97dd792ab261d80eafd84) C:\Windows\system32\Drivers\amp.sys

22:02:54.0798 9212 AMP - ok

22:02:54.0866 9212 AMPSE (839c3a79cb536a2412b4f39e50015e59) C:\Windows\system32\Drivers\ampse.sys

22:02:55.0007 9212 AMPSE - ok

22:02:55.0074 9212 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

22:02:55.0245 9212 AppID - ok

22:02:55.0368 9212 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

22:02:55.0451 9212 arc - ok

22:02:55.0498 9212 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

22:02:55.0555 9212 arcsas - ok

22:02:55.0602 9212 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

22:02:55.0765 9212 AsyncMac - ok

22:02:55.0856 9212 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

22:02:55.0909 9212 atapi - ok

22:02:55.0985 9212 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

22:02:56.0194 9212 b06bdrv - ok

22:02:56.0314 9212 b57nd60x (37c0fdc2b0c7b285910695194bf39826) C:\Windows\system32\DRIVERS\b57nd60x.sys

22:02:56.0439 9212 b57nd60x - ok

22:02:56.0577 9212 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys

22:02:56.0726 9212 BCM43XX - ok

22:02:56.0767 9212 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

22:02:56.0859 9212 Beep - ok

22:02:56.0913 9212 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

22:02:56.0984 9212 blbdrive - ok

22:02:57.0024 9212 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

22:02:57.0108 9212 bowser - ok

22:02:57.0146 9212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:02:57.0194 9212 BrFiltLo - ok

22:02:57.0216 9212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:02:57.0307 9212 BrFiltUp - ok

22:02:57.0362 9212 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

22:02:57.0513 9212 Brserid - ok

22:02:57.0573 9212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

22:02:57.0719 9212 BrSerWdm - ok

22:02:57.0760 9212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:02:57.0809 9212 BrUsbMdm - ok

22:02:57.0833 9212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

22:02:57.0884 9212 BrUsbSer - ok

22:02:57.0919 9212 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

22:02:58.0014 9212 BthEnum - ok

22:02:58.0061 9212 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

22:02:58.0172 9212 BTHMODEM - ok

22:02:58.0250 9212 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

22:02:58.0317 9212 BthPan - ok

22:02:58.0357 9212 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys

22:02:58.0420 9212 BTHPORT - ok

22:02:58.0482 9212 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys

22:02:58.0557 9212 BTHUSB - ok

22:02:58.0596 9212 btwaudio - ok

22:02:58.0633 9212 btwavdt - ok

22:02:58.0663 9212 btwrchid - ok

22:02:58.0723 9212 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

22:02:58.0866 9212 cdfs - ok

22:02:58.0907 9212 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

22:02:58.0961 9212 cdrom - ok

22:02:58.0995 9212 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

22:02:59.0050 9212 circlass - ok

22:02:59.0101 9212 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

22:02:59.0158 9212 CLFS - ok

22:02:59.0199 9212 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

22:02:59.0334 9212 CmBatt - ok

22:02:59.0370 9212 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

22:02:59.0433 9212 cmdide - ok

22:02:59.0484 9212 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

22:02:59.0543 9212 CNG - ok

22:02:59.0576 9212 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

22:02:59.0611 9212 Compbatt - ok

22:02:59.0646 9212 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

22:02:59.0729 9212 CompositeBus - ok

22:02:59.0777 9212 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

22:02:59.0814 9212 crcdisk - ok

22:02:59.0865 9212 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

22:02:59.0977 9212 CSC - ok

22:03:00.0039 9212 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

22:03:00.0220 9212 DfsC - ok

22:03:00.0302 9212 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

22:03:00.0428 9212 discache - ok

22:03:00.0584 9212 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

22:03:00.0682 9212 Disk - ok

22:03:00.0767 9212 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

22:03:00.0825 9212 drmkaud - ok

22:03:00.0881 9212 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

22:03:00.0973 9212 DXGKrnl - ok

22:03:00.0988 9212 eairwnet - ok

22:03:01.0113 9212 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

22:03:01.0302 9212 ebdrv - ok

22:03:01.0442 9212 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys

22:03:01.0535 9212 ElRawDisk - ok

22:03:01.0609 9212 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

22:03:01.0691 9212 elxstor - ok

22:03:01.0723 9212 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

22:03:01.0810 9212 ErrDev - ok

22:03:01.0869 9212 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

22:03:01.0963 9212 exfat - ok

22:03:01.0991 9212 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

22:03:02.0132 9212 fastfat - ok

22:03:02.0239 9212 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

22:03:02.0333 9212 fdc - ok

22:03:02.0375 9212 FeMouWDM (f755065f61393a71cb89b2eb24c8cf00) C:\Windows\system32\DRIVERS\FeMouWDM.sys

22:03:02.0493 9212 FeMouWDM ( UnsignedFile.Multi.Generic ) - warning

22:03:02.0493 9212 FeMouWDM - detected UnsignedFile.Multi.Generic (1)

22:03:02.0515 9212 FileDisk - ok

22:03:02.0582 9212 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

22:03:02.0697 9212 FileInfo - ok

22:03:02.0760 9212 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

22:03:02.0827 9212 Filetrace - ok

22:03:02.0851 9212 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

22:03:02.0929 9212 flpydisk - ok

22:03:03.0027 9212 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

22:03:03.0078 9212 FltMgr - ok

22:03:03.0114 9212 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

22:03:03.0189 9212 FsDepends - ok

22:03:03.0247 9212 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS

22:03:03.0292 9212 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning

22:03:03.0292 9212 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)

22:03:03.0331 9212 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

22:03:03.0402 9212 Fs_Rec - ok

22:03:03.0447 9212 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

22:03:03.0526 9212 fvevol - ok

22:03:03.0557 9212 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:03:03.0612 9212 gagp30kx - ok

22:03:03.0652 9212 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:03:03.0693 9212 GEARAspiWDM - ok

22:03:03.0746 9212 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

22:03:03.0937 9212 hcw85cir - ok

22:03:04.0026 9212 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

22:03:04.0134 9212 HdAudAddService - ok

22:03:04.0219 9212 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

22:03:04.0291 9212 HDAudBus - ok

22:03:04.0331 9212 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

22:03:04.0468 9212 HidBatt - ok

22:03:04.0514 9212 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

22:03:04.0578 9212 HidBth - ok

22:03:04.0617 9212 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

22:03:04.0691 9212 HidIr - ok

22:03:04.0748 9212 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

22:03:04.0832 9212 HidUsb - ok

22:03:04.0912 9212 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

22:03:04.0965 9212 HpSAMD - ok

22:03:05.0015 9212 HSFHWAZL (7290fb97535c317a237d4c73149c7e2c) C:\Windows\system32\DRIVERS\HSF_HWAZL.sys

22:03:05.0149 9212 HSFHWAZL ( UnsignedFile.Multi.Generic ) - warning

22:03:05.0149 9212 HSFHWAZL - detected UnsignedFile.Multi.Generic (1)

22:03:05.0211 9212 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\Windows\system32\DRIVERS\HSF_DP.sys

22:03:05.0270 9212 HSF_DPV ( UnsignedFile.Multi.Generic ) - warning

22:03:05.0270 9212 HSF_DPV - detected UnsignedFile.Multi.Generic (1)

22:03:05.0328 9212 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

22:03:05.0485 9212 HSXHWAZL - ok

22:03:05.0529 9212 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

22:03:05.0667 9212 HTTP - ok

22:03:05.0726 9212 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys

22:03:05.0931 9212 hwdatacard - ok

22:03:06.0040 9212 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

22:03:06.0071 9212 hwpolicy - ok

22:03:06.0115 9212 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys

22:03:06.0193 9212 hwusbfake - ok

22:03:06.0271 9212 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

22:03:06.0372 9212 i8042prt - ok

22:03:06.0434 9212 iaStor (f989555f1662581032cce1578a8ff28e) C:\Windows\system32\DRIVERS\iaStor.sys

22:03:06.0495 9212 iaStor - ok

22:03:06.0554 9212 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

22:03:06.0611 9212 iaStorV - ok

22:03:06.0786 9212 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

22:03:07.0072 9212 igfx - ok

22:03:07.0187 9212 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

22:03:07.0241 9212 iirsp - ok

22:03:07.0311 9212 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

22:03:07.0356 9212 intelide - ok

22:03:07.0389 9212 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

22:03:07.0473 9212 intelppm - ok

22:03:07.0537 9212 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:03:07.0659 9212 IpFilterDriver - ok

22:03:07.0778 9212 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

22:03:07.0872 9212 IPMIDRV - ok

22:03:07.0918 9212 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

22:03:08.0009 9212 IPNAT - ok

22:03:08.0146 9212 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

22:03:08.0220 9212 IRENUM - ok

22:03:08.0327 9212 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

22:03:08.0408 9212 isapnp - ok

22:03:08.0452 9212 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

22:03:08.0528 9212 iScsiPrt - ok

22:03:08.0569 9212 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

22:03:08.0631 9212 kbdclass - ok

22:03:08.0667 9212 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

22:03:08.0722 9212 kbdhid - ok

22:03:08.0770 9212 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

22:03:08.0826 9212 KSecDD - ok

22:03:08.0865 9212 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

22:03:08.0964 9212 KSecPkg - ok

22:03:09.0041 9212 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

22:03:09.0153 9212 lltdio - ok

22:03:09.0224 9212 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:03:09.0302 9212 LSI_FC - ok

22:03:09.0322 9212 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:03:09.0381 9212 LSI_SAS - ok

22:03:09.0408 9212 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:03:09.0474 9212 LSI_SAS2 - ok

22:03:09.0508 9212 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:03:09.0575 9212 LSI_SCSI - ok

22:03:09.0598 9212 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

22:03:09.0706 9212 luafv - ok

22:03:09.0745 9212 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

22:03:09.0782 9212 MBAMProtector - ok

22:03:09.0835 9212 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys

22:03:09.0935 9212 mcdbus ( UnsignedFile.Multi.Generic ) - warning

22:03:09.0935 9212 mcdbus - detected UnsignedFile.Multi.Generic (1)

22:03:10.0009 9212 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

22:03:10.0116 9212 mdmxsdk - ok

22:03:10.0171 9212 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

22:03:10.0229 9212 megasas - ok

22:03:10.0270 9212 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

22:03:10.0343 9212 MegaSR - ok

22:03:10.0399 9212 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

22:03:10.0512 9212 Modem - ok

22:03:10.0560 9212 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

22:03:10.0646 9212 monitor - ok

22:03:10.0760 9212 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

22:03:10.0811 9212 mouclass - ok

22:03:10.0853 9212 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys

22:03:10.0872 9212 moufiltr ( UnsignedFile.Multi.Generic ) - warning

22:03:10.0872 9212 moufiltr - detected UnsignedFile.Multi.Generic (1)

22:03:10.0911 9212 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

22:03:10.0968 9212 mouhid - ok

22:03:11.0008 9212 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

22:03:11.0112 9212 mountmgr - ok

22:03:11.0261 9212 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

22:03:11.0381 9212 MpFilter - ok

22:03:11.0480 9212 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

22:03:11.0586 9212 mpio - ok

22:03:11.0747 9212 MpKsl5b4ac7bc (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A000D8F-418D-4BF8-B386-9B6C2D30DDB8}\MpKsl5b4ac7bc.sys

22:03:11.0806 9212 MpKsl5b4ac7bc - ok

22:03:11.0908 9212 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

22:03:12.0000 9212 MpNWMon - ok

22:03:12.0059 9212 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

22:03:12.0179 9212 mpsdrv - ok

22:03:12.0270 9212 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

22:03:12.0432 9212 MRxDAV - ok

22:03:12.0568 9212 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:03:12.0670 9212 mrxsmb - ok

22:03:12.0725 9212 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:03:12.0790 9212 mrxsmb10 - ok

22:03:12.0848 9212 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:03:12.0970 9212 mrxsmb20 - ok

22:03:13.0067 9212 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

22:03:13.0126 9212 msahci - ok

22:03:13.0166 9212 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

22:03:13.0209 9212 msdsm - ok

22:03:13.0283 9212 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

22:03:13.0363 9212 Msfs - ok

22:03:13.0392 9212 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

22:03:13.0468 9212 mshidkmdf - ok

22:03:13.0508 9212 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

22:03:13.0552 9212 msisadrv - ok

22:03:13.0596 9212 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

22:03:13.0693 9212 MSKSSRV - ok

22:03:13.0735 9212 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

22:03:13.0804 9212 MSPCLOCK - ok

22:03:13.0823 9212 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

22:03:13.0899 9212 MSPQM - ok

22:03:13.0930 9212 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

22:03:14.0032 9212 MsRPC - ok

22:03:14.0075 9212 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

22:03:14.0136 9212 mssmbios - ok

22:03:14.0178 9212 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

22:03:14.0245 9212 MSTEE - ok

22:03:14.0280 9212 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

22:03:14.0345 9212 MTConfig - ok

22:03:14.0390 9212 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

22:03:14.0457 9212 Mup - ok

22:03:14.0555 9212 MxEFUF (7f8529d104ad6120d081a41dad26ec22) C:\Windows\system32\DRIVERS\MxEFUF32.sys

22:03:14.0641 9212 MxEFUF - ok

22:03:14.0694 9212 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

22:03:14.0745 9212 NativeWifiP - ok

22:03:14.0807 9212 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

22:03:14.0874 9212 NDIS - ok

22:03:14.0960 9212 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

22:03:15.0059 9212 NdisCap - ok

22:03:15.0123 9212 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

22:03:15.0207 9212 NdisTapi - ok

22:03:15.0273 9212 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

22:03:15.0386 9212 Ndisuio - ok

22:03:15.0484 9212 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

22:03:15.0598 9212 NdisWan - ok

22:03:15.0633 9212 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

22:03:15.0709 9212 NDProxy - ok

22:03:15.0755 9212 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

22:03:15.0835 9212 NetBIOS - ok

22:03:15.0876 9212 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

22:03:15.0986 9212 NetBT - ok

22:03:16.0178 9212 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

22:03:16.0225 9212 nfrd960 - ok

22:03:16.0278 9212 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

22:03:16.0333 9212 NisDrv - ok

22:03:16.0384 9212 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

22:03:16.0724 9212 Npfs - ok

22:03:16.0767 9212 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

22:03:16.0841 9212 nsiproxy - ok

22:03:16.0913 9212 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

22:03:17.0183 9212 Ntfs - ok

22:03:17.0211 9212 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

22:03:17.0285 9212 Null - ok

22:03:17.0331 9212 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

22:03:17.0416 9212 nvraid - ok

22:03:17.0452 9212 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

22:03:17.0539 9212 nvstor - ok

22:03:17.0584 9212 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

22:03:17.0629 9212 nv_agp - ok

22:03:17.0674 9212 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

22:03:17.0738 9212 ohci1394 - ok

22:03:17.0828 9212 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

22:03:17.0896 9212 Parport - ok

22:03:17.0933 9212 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

22:03:18.0001 9212 partmgr - ok

22:03:18.0035 9212 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

22:03:18.0121 9212 Parvdm - ok

22:03:18.0190 9212 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

22:03:18.0237 9212 pci - ok

22:03:18.0275 9212 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

22:03:18.0311 9212 pciide - ok

22:03:18.0353 9212 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

22:03:18.0400 9212 pcmcia - ok

22:03:18.0437 9212 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

22:03:18.0513 9212 pcw - ok

22:03:18.0569 9212 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

22:03:18.0690 9212 PEAUTH - ok

22:03:18.0805 9212 pelmouse (b754843441eccf1df3a2064a020fc63e) C:\Windows\system32\DRIVERS\pelmouse.sys

22:03:18.0932 9212 pelmouse - ok

22:03:18.0979 9212 pelps2m (7252c75a4820a25740b8eb170d02511a) C:\Windows\system32\DRIVERS\pelps2m.sys

22:03:19.0036 9212 pelps2m - ok

22:03:19.0269 9212 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

22:03:19.0398 9212 PptpMiniport - ok

22:03:19.0446 9212 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

22:03:19.0541 9212 Processor - ok

22:03:19.0619 9212 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

22:03:19.0766 9212 Psched - ok

22:03:19.0845 9212 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

22:03:20.0002 9212 ql2300 - ok

22:03:20.0129 9212 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

22:03:20.0226 9212 ql40xx - ok

22:03:20.0304 9212 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

22:03:20.0382 9212 QWAVEdrv - ok

22:03:20.0483 9212 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

22:03:20.0583 9212 RasAcd - ok

22:03:20.0642 9212 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:03:20.0783 9212 RasAgileVpn - ok

22:03:20.0897 9212 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:03:21.0005 9212 Rasl2tp - ok

22:03:21.0047 9212 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

22:03:21.0121 9212 RasPppoe - ok

22:03:21.0159 9212 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

22:03:21.0277 9212 RasSstp - ok

22:03:21.0327 9212 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

22:03:21.0428 9212 rdbss - ok

22:03:21.0489 9212 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

22:03:21.0567 9212 rdpbus - ok

22:03:21.0612 9212 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:03:21.0696 9212 RDPCDD - ok

22:03:21.0782 9212 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

22:03:21.0971 9212 RDPDR - ok

22:03:22.0110 9212 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

22:03:22.0179 9212 RDPENCDD - ok

22:03:22.0258 9212 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

22:03:22.0343 9212 RDPREFMP - ok

22:03:22.0467 9212 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

22:03:22.0634 9212 RdpVideoMiniport - ok

22:03:22.0800 9212 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys

22:03:22.0993 9212 RDPWD - ok

22:03:23.0142 9212 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

22:03:23.0282 9212 rdyboost - ok

22:03:23.0349 9212 Reader_1000 (060587f7921896424ef0263d63002d84) C:\Windows\system32\DRIVERS\usbic1k.sys

22:03:23.0413 9212 Reader_1000 - ok

22:03:23.0495 9212 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

22:03:23.0554 9212 RFCOMM - ok

22:03:23.0593 9212 rimmptsk (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys

22:03:23.0707 9212 rimmptsk - ok

22:03:23.0795 9212 rimsptsk (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys

22:03:23.0879 9212 rimsptsk - ok

22:03:23.0944 9212 risdptsk (ac6a2051e0f40cc59a3389c82616c16b) C:\Windows\system32\DRIVERS\risdptsk.sys

22:03:24.0046 9212 risdptsk - ok

22:03:24.0127 9212 rismxdp (3f400c3ccd0818858602ddb37b5de719) C:\Windows\system32\DRIVERS\rixdptsk.sys

22:03:24.0199 9212 rismxdp - ok

22:03:24.0357 9212 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

22:03:24.0470 9212 rspndr - ok

22:03:24.0534 9212 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

22:03:24.0679 9212 s3cap - ok

22:03:24.0771 9212 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

22:03:24.0836 9212 sbp2port - ok

22:03:24.0895 9212 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

22:03:24.0969 9212 scfilter - ok

22:03:25.0038 9212 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

22:03:25.0102 9212 sdbus - ok

22:03:25.0162 9212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:03:25.0239 9212 secdrv - ok

22:03:25.0317 9212 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

22:03:25.0371 9212 Serenum - ok

22:03:25.0410 9212 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

22:03:25.0554 9212 Serial - ok

22:03:25.0626 9212 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

22:03:25.0711 9212 sermouse - ok

22:03:25.0984 9212 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

22:03:26.0092 9212 sffdisk - ok

22:03:26.0214 9212 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

22:03:26.0286 9212 sffp_mmc - ok

22:03:26.0351 9212 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

22:03:26.0436 9212 sffp_sd - ok

22:03:26.0527 9212 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

22:03:26.0602 9212 sfloppy - ok

22:03:26.0817 9212 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

22:03:26.0873 9212 sisagp - ok

22:03:26.0932 9212 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:03:26.0983 9212 SiSRaid2 - ok

22:03:27.0017 9212 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

22:03:27.0093 9212 SiSRaid4 - ok

22:03:27.0153 9212 skbdrv (e1e2af1a12bfb0bf4e7f78616ba17560) C:\Windows\system32\DRIVERS\skbdrv.sys

22:03:27.0232 9212 skbdrv - ok

22:03:27.0279 9212 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

22:03:27.0381 9212 Smb - ok

22:03:27.0464 9212 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys

22:03:27.0560 9212 snapman - ok

22:03:27.0614 9212 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

22:03:27.0655 9212 spldr - ok

22:03:27.0780 9212 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

22:03:27.0884 9212 srv - ok

22:03:27.0967 9212 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

22:03:28.0048 9212 srv2 - ok

22:03:28.0162 9212 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

22:03:28.0309 9212 SrvHsfHDA - ok

22:03:28.0376 9212 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

22:03:28.0482 9212 SrvHsfV92 - ok

22:03:28.0539 9212 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

22:03:28.0616 9212 SrvHsfWinac - ok

22:03:28.0667 9212 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

22:03:28.0754 9212 srvnet - ok

22:03:28.0841 9212 ssm_bus (9ece19a1a4f4896597c3bb840fbfa721) C:\Windows\system32\DRIVERS\ssm_bus.sys

22:03:28.0916 9212 ssm_bus - ok

22:03:28.0950 9212 ssm_mdfl (8e93a17a5253999a0e7c332f475699dc) C:\Windows\system32\DRIVERS\ssm_mdfl.sys

22:03:28.0993 9212 ssm_mdfl - ok

22:03:29.0037 9212 ssm_mdm (c0ba1357c63deacf3b3ccf4b989fef06) C:\Windows\system32\DRIVERS\ssm_mdm.sys

22:03:29.0116 9212 ssm_mdm - ok

22:03:29.0215 9212 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

22:03:29.0265 9212 stexstor - ok

22:03:29.0343 9212 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys

22:03:29.0452 9212 STHDA - ok

22:03:29.0617 9212 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

22:03:29.0686 9212 storflt - ok

22:03:29.0745 9212 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

22:03:29.0800 9212 storvsc - ok

22:03:29.0842 9212 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

22:03:29.0877 9212 swenum - ok

22:03:29.0927 9212 Synth3dVsc - ok

22:03:30.0093 9212 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

22:03:30.0261 9212 Tcpip - ok

22:03:30.0379 9212 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

22:03:30.0480 9212 TCPIP6 - ok

22:03:30.0602 9212 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

22:03:30.0693 9212 tcpipreg - ok

22:03:30.0759 9212 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

22:03:30.0848 9212 TDPIPE - ok

22:03:30.0931 9212 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys

22:03:31.0033 9212 tdrpman - ok

22:03:31.0081 9212 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

22:03:31.0138 9212 TDTCP - ok

22:03:31.0178 9212 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

22:03:31.0305 9212 tdx - ok

22:03:31.0356 9212 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

22:03:31.0420 9212 TermDD - ok

22:03:31.0550 9212 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys

22:03:31.0605 9212 tifsfilter - ok

22:03:31.0649 9212 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys

22:03:31.0842 9212 timounter - ok

22:03:31.0903 9212 token1k (4c6f22f1c86b508aefe1386d7d6797c0) C:\Windows\system32\DRIVERS\eps1k.sys

22:03:31.0982 9212 token1k - ok

22:03:32.0156 9212 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:03:32.0259 9212 tssecsrv - ok

22:03:32.0327 9212 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

22:03:32.0457 9212 TsUsbFlt - ok

22:03:32.0569 9212 tsusbhub - ok

22:03:32.0677 9212 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

22:03:32.0769 9212 tunnel - ok

22:03:32.0827 9212 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

22:03:32.0883 9212 uagp35 - ok

22:03:32.0943 9212 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

22:03:33.0026 9212 udfs - ok

22:03:33.0168 9212 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

22:03:33.0246 9212 uliagpkx - ok

22:03:33.0294 9212 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

22:03:33.0352 9212 umbus - ok

22:03:33.0403 9212 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

22:03:33.0484 9212 UmPass - ok

22:03:33.0608 9212 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

22:03:33.0685 9212 USBAAPL - ok

22:03:33.0733 9212 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

22:03:33.0828 9212 usbccgp - ok

22:03:33.0882 9212 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

22:03:33.0941 9212 usbcir - ok

22:03:34.0004 9212 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

22:03:34.0089 9212 usbehci - ok

22:03:34.0146 9212 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

22:03:34.0237 9212 usbhub - ok

22:03:34.0340 9212 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

22:03:34.0395 9212 usbohci - ok

22:03:34.0458 9212 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

22:03:34.0528 9212 usbprint - ok

22:03:34.0591 9212 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:03:34.0708 9212 USBSTOR - ok

22:03:34.0758 9212 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

22:03:34.0837 9212 usbuhci - ok

22:03:34.0934 9212 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

22:03:34.0993 9212 vdrvroot - ok

22:03:35.0083 9212 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

22:03:35.0140 9212 vga - ok

22:03:35.0173 9212 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

22:03:35.0261 9212 VgaSave - ok

22:03:35.0295 9212 VGPU - ok

22:03:35.0355 9212 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

22:03:35.0411 9212 vhdmp - ok

22:03:35.0482 9212 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

22:03:35.0538 9212 viaagp - ok

22:03:35.0591 9212 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

22:03:35.0657 9212 ViaC7 - ok

22:03:35.0705 9212 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

22:03:35.0835 9212 viaide - ok

22:03:35.0999 9212 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

22:03:36.0107 9212 vmbus - ok

22:03:36.0153 9212 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

22:03:36.0223 9212 VMBusHID - ok

22:03:36.0299 9212 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

22:03:36.0369 9212 volmgr - ok

22:03:36.0431 9212 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

22:03:36.0487 9212 volmgrx - ok

22:03:36.0575 9212 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

22:03:36.0644 9212 volsnap - ok

22:03:36.0760 9212 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

22:03:36.0862 9212 vsmraid - ok

22:03:36.0927 9212 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

22:03:36.0988 9212 vwifibus - ok

22:03:37.0057 9212 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

22:03:37.0179 9212 vwififlt - ok

22:03:37.0218 9212 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

22:03:37.0262 9212 vwifimp - ok

22:03:37.0345 9212 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

22:03:37.0444 9212 WacomPen - ok

22:03:37.0502 9212 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:03:37.0601 9212 WANARP - ok

22:03:37.0622 9212 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:03:37.0714 9212 Wanarpv6 - ok

22:03:37.0969 9212 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

22:03:38.0021 9212 Wd - ok

22:03:38.0072 9212 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

22:03:38.0148 9212 Wdf01000 - ok

22:03:38.0319 9212 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

22:03:38.0381 9212 WfpLwf - ok

22:03:38.0422 9212 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

22:03:38.0459 9212 WIMMount - ok

22:03:38.0562 9212 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\Windows\system32\DRIVERS\HSF_CNXT.sys

22:03:38.0629 9212 winachsf - ok

22:03:39.0063 9212 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

22:03:39.0160 9212 WinUsb - ok

22:03:39.0263 9212 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

22:03:39.0319 9212 WmiAcpi - ok

22:03:39.0502 9212 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

22:03:39.0641 9212 ws2ifsl - ok

22:03:39.0795 9212 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

22:03:39.0920 9212 WudfPf - ok

22:03:39.0980 9212 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:03:40.0140 9212 WUDFRd - ok

22:03:40.0260 9212 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys

22:03:40.0378 9212 XAudio - ok

22:03:40.0554 9212 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:03:40.0774 9212 \Device\Harddisk0\DR0 - ok

22:03:40.0780 9212 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR4

22:03:41.0330 9212 \Device\Harddisk2\DR4 - ok

22:03:41.0338 9212 Boot (0x1200) (4cdc623637fb1c10d4e8fc7c5ca627f2) \Device\Harddisk0\DR0\Partition0

22:03:41.0340 9212 \Device\Harddisk0\DR0\Partition0 - ok

22:03:41.0352 9212 Boot (0x1200) (86d208db654d50496b867be03d81e74d) \Device\Harddisk0\DR0\Partition1

22:03:41.0355 9212 \Device\Harddisk0\DR0\Partition1 - ok

22:03:41.0360 9212 Boot (0x1200) (e2e49918a7164dfecb8ef4db0b7603fb) \Device\Harddisk2\DR4\Partition0

22:03:41.0363 9212 \Device\Harddisk2\DR4\Partition0 - ok

22:03:41.0368 9212 ============================================================

22:03:41.0368 9212 Scan finished

22:03:41.0368 9212 ============================================================

22:03:41.0398 9008 Detected object count: 6

22:03:41.0398 9008 Actual detected object count: 6

22:06:46.0973 9008 FeMouWDM ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:46.0973 9008 FeMouWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:06:46.0976 9008 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:46.0976 9008 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:06:46.0983 9008 HSFHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:46.0983 9008 HSFHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:06:46.0984 9008 HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:46.0984 9008 HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:06:46.0986 9008 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:46.0987 9008 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:06:46.0989 9008 moufiltr ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:46.0989 9008 moufiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:08:15.0366 10108 Deinitialize success

----------------------------------------------------

2. Malwarebytes' Anti-Malware log

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.19.04

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Om Deva :: OMDEVA-PC [administrator]

Protection: Enabled

19-Mar-12 22:10:21

mbam-log-2012-03-19 (22-10-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 182337

Time elapsed: 18 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

----------------------------------------------------

3. a new fresh DDS log file

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Om Deva at 10:31:29 on 2012-03-20

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.855 [GMT 5.5:30]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\aestsrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\FsUsbExService.Exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Perfios\perfios_winsvc.exe

C:\Program Files\Airtel NetXpert\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Airtel NetXpert\bin\tgsrvc.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Airtel NetXpert\bin\sprtcmd.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\r3proxy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Hide My IP\HideMyIP.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\WUDFHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hide My IP\HideMyIpSrv.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\taskmgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\program files\real\realplayer\RealPlay.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [HideMyIP] c:\program files\hide my ip\HideMyIP.exe

uRun: [Google Update] "c:\users\om deva\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\drivermax.exe" -agent

uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\drivermax.exe" -RESTART

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Mouse Suite 98 Daemon] ico.EXE

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [innovativeMemoryOptimizer] c:\program files\innovative solutions\innovative system optimizer - version 4\MemoryOptimizer.exe

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [NPSStartup]

mRun: [netxpert] "c:\program files\airtel netxpert\bin\sprtcmd.exe" /P netxpert

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Fellowes Proxy] c:\windows\system32\r3proxy.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\omdeva~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\users\omdeva~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\windows\system32\HMIPCore.dll

LSP: c:\windows\system32\iavlsp.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7A511D57-6A8D-448B-8D3F-419488EC3A50} : DhcpNameServer = 192.168.1.1

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\om deva\appdata\roaming\mozilla\firefox\profiles\0jmy17v4.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\om deva\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2012-3-13 108544]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-3-8 20392]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl01203030;MpKsl01203030;c:\programdata\microsoft\microsoft antimalware\definition updates\{1a000d8f-418d-4bf8-b386-9b6c2d30ddb8}\MpKsl01203030.sys [2012-3-20 29904]

R1 MpKsl5b4ac7bc;MpKsl5b4ac7bc;c:\programdata\microsoft\microsoft antimalware\definition updates\{1a000d8f-418d-4bf8-b386-9b6c2d30ddb8}\MpKsl5b4ac7bc.sys [2012-3-19 29904]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\sigmatel\c-major audio\wdm\AEstSrv.exe [2012-2-22 73728]

R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [2011-9-28 138048]

R2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [2012-2-9 1189184]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-3-6 238952]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2012-2-9 722616]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-9 652360]

R2 Perfios_Service;Perfios_Service;c:\program files\perfios\perfios_winsvc.exe [2010-8-26 122368]

R2 sprtsvc_netxpert;SupportSoft Sprocket Service (netxpert);c:\program files\airtel netxpert\bin\sprtsvc.exe [2012-3-8 206120]

R2 tgsrvc_netxpert;SupportSoft Repair Service (netxpert);c:\program files\airtel netxpert\bin\tgsrvc.exe [2012-3-8 185640]

R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2011-9-28 97088]

R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2011-9-28 97088]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-2-9 361000]

R3 FeMouWDM;Fellowes Mouse Driver;c:\windows\system32\drivers\FeMouWDM.sys [2012-3-13 12672]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-3-6 36608]

R3 HideMyIpSRV;HideMyIpSRV;c:\program files\hide my ip\HideMyIpSrv.exe [2012-2-9 3249512]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-9 20464]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 Reader_1000;USB SmartCard Reader Device 1000 ;c:\windows\system32\drivers\usbic1k.SYS [2007-4-25 12672]

R3 skbdrv;Encassa CoDefender;c:\windows\system32\drivers\skbdrv.sys [2012-2-10 52528]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-9 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-9 136176]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2012-2-12 103040]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-19 129976]

S3 pelps2m;PS/2 Mouse Filter Driver;c:\windows\system32\drivers\pelps2m.sys [2012-2-9 40448]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-2-10 15872]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

S3 token1k;usb driver for epass1k;c:\windows\system32\drivers\eps1k.sys [2007-4-25 26368]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-10 52224]

S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2011-9-28 142144]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-9 1343400]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-03-20 04:52:01 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1a000d8f-418d-4bf8-b386-9b6c2d30ddb8}\MpKsl01203030.sys

2012-03-19 08:28:09 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-03-19 08:27:54 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-03-19 08:27:53 145960 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-03-19 08:16:32 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1a000d8f-418d-4bf8-b386-9b6c2d30ddb8}\MpKsl5b4ac7bc.sys

2012-03-19 02:47:09 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1a000d8f-418d-4bf8-b386-9b6c2d30ddb8}\mpengine.dll

2012-03-18 07:57:06 -------- d-----w- c:\program files\MagicISO

2012-03-16 03:02:43 -------- d-----w- c:\program files\iPod

2012-03-16 02:48:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-03-16 02:48:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-03-16 02:48:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-03-16 02:48:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-03-16 02:48:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-03-16 02:48:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-03-16 02:48:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-03-16 02:46:04 -------- d-----w- c:\users\om deva\appdata\local\Diagnostics

2012-03-15 00:20:47 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 00:20:45 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 23:55:53 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 23:55:51 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 03:17:06 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 03:17:06 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 03:17:05 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 03:17:03 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-03-14 03:17:03 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 03:17:02 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 03:17:02 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 12:10:46 -------- d-----w- c:\program files\IDT

2012-03-13 12:09:07 915968 ----a-w- c:\windows\system32\stapo.dll

2012-03-13 12:09:07 495104 ----a-w- c:\windows\system32\stapi32.dll

2012-03-13 12:09:07 328704 ----a-w- c:\windows\system32\stcplx.dll

2012-03-13 12:09:05 176128 ----a-w- c:\windows\system32\st326233.dll

2012-03-13 12:07:14 98304 ----a-w- c:\windows\system32\r3proxy.exe

2012-03-13 12:07:14 2387968 ----a-w- c:\windows\system32\FEzPtCPL.dll

2012-03-13 12:07:14 12672 ----a-w- c:\windows\system32\drivers\FeMouWDM.sys

2012-03-13 12:07:13 131072 ----a-w- c:\windows\system32\language.dll

2012-03-13 12:06:50 90112 ----a-w- c:\windows\system32\femouse.dll

2012-03-13 11:55:21 140288 ----a-w- c:\windows\system32\igfxtvcx.dll

2012-03-13 11:30:36 985472 ----a-w- c:\windows\system32\drivers\HSF_DP.sys

2012-03-13 11:30:36 210688 ----a-w- c:\windows\system32\drivers\HSF_HWAZL.sys

2012-03-13 11:30:35 738360 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys

2012-03-13 11:29:47 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2012-03-13 11:28:56 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2012-03-13 11:27:31 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2012-03-13 11:22:55 108544 ----a-w- c:\windows\system32\drivers\MxEFUF32.sys

2012-03-13 11:20:28 4703232 ----a-w- c:\windows\system32\drivers\BCMWL63.SYS

2012-03-13 11:16:13 -------- d-----w- C:\Intel

2012-03-13 11:12:47 81920 ----a-w- c:\windows\system32\igfxCoIn_v2226.dll

2012-03-13 11:12:45 208896 ----a-w- c:\windows\system32\iglhsip32.dll

2012-03-13 11:12:44 147456 ----a-w- c:\windows\system32\iglhcp32.dll

2012-03-13 11:12:43 874048 ----a-w- c:\windows\system32\igkrng575.bin

2012-03-13 11:12:39 86528 ----a-w- c:\windows\system32\igfxresn.lrc

2012-03-13 11:12:37 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-03-13 11:12:36 104796 ----a-w- c:\windows\system32\igfcg575m.bin

2012-03-13 11:12:30 127868 ----a-w- c:\windows\system32\igcompkrng575.bin

2012-03-13 11:12:25 3157784 ----a-w- c:\windows\system32\GfxUI.exe

2012-03-13 11:12:25 120320 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-03-13 11:12:24 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2012-03-12 14:52:31 -------- d-----w- c:\program files\common files\xing shared

2012-03-09 06:34:01 -------- d-----w- c:\users\om deva\appdata\local\Jaksta_Technologies_Pty_L

2012-03-09 06:30:25 -------- d-----w- c:\program files\Applian Technologies

2012-03-09 06:29:15 -------- d-----w- c:\programdata\Applian

2012-03-08 04:24:42 -------- d-----w- c:\program files\common files\SupportSoft

2012-03-08 04:22:56 -------- d-----w- c:\users\om deva\appdata\local\SupportSoft

2012-03-08 04:22:55 -------- d-----w- c:\program files\Airtel NetXpert

2012-03-08 03:06:49 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

2012-03-08 03:05:33 -------- d-----w- c:\program files\MSXML 4.0

2012-03-07 13:36:47 -------- d-----w- c:\program files\Perfios

2012-03-06 17:37:39 12416 ----a-w- c:\windows\system32\drivers\ssm_whnt.sys

2012-03-06 17:37:39 12416 ----a-w- c:\windows\system32\drivers\ssm_wh.sys

2012-03-06 17:37:38 14848 ----a-w- c:\windows\system32\drivers\ssm_mdfl.sys

2012-03-06 17:37:38 132608 ----a-w- c:\windows\system32\drivers\ssm_mdm.sys

2012-03-06 17:37:38 12544 ----a-w- c:\windows\system32\drivers\ssm_cmnt.sys

2012-03-06 17:37:38 12544 ----a-w- c:\windows\system32\drivers\ssm_cm.sys

2012-03-06 17:37:38 104448 ----a-w- c:\windows\system32\drivers\ssm_bus.sys

2012-03-06 17:33:03 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys

2012-03-06 17:33:03 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe

2012-03-06 17:33:02 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll

2012-03-06 17:31:54 -------- d-----w- c:\users\om deva\appdata\roaming\Samsung

2012-03-06 17:29:35 -------- d-----w- c:\program files\MarkAny

2012-03-06 17:26:45 -------- d-----w- c:\program files\Samsung

2012-03-06 17:24:23 -------- d-----w- c:\programdata\Samsung

2012-03-06 17:23:01 -------- d-----w- c:\users\om deva\appdata\local\Downloaded Installations

2012-03-06 13:10:23 86016 ------w- c:\windows\unvise32.exe

2012-03-06 13:10:11 -------- d-----w- c:\program files\Bandwidth Monitor Pro

2012-03-06 12:43:36 737280 ----a-w- c:\windows\iun6002.exe

2012-03-05 13:29:37 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

2012-03-05 13:29:36 29552 ----a-w- c:\windows\system32\mdimon.dll

2012-02-28 08:26:48 -------- d-----w- c:\users\om deva\appdata\roaming\Foxit Software

2012-02-22 10:15:26 73728 ----a-w- c:\windows\system32\AEstSrv.exe

2012-02-22 10:15:23 647168 ----a-w- c:\windows\system32\aestecap.dll

2012-02-22 10:15:22 53248 ----a-w- c:\windows\system32\aestaren.dll

2012-02-22 10:15:22 131072 ----a-w- c:\windows\system32\aestacap.dll

2012-02-22 10:15:21 1601536 ----a-w- c:\windows\system32\stlang.dll

2012-02-22 10:15:21 102400 ----a-w- c:\windows\system32\stacsv.exe

2012-02-22 10:15:20 4947968 ----a-w- c:\windows\system32\stacgui.cpl

2012-02-22 10:08:42 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys

2012-02-22 10:08:34 146944 ----a-w- c:\windows\system32\st325614.dll

2012-02-22 10:08:33 45568 ----a-w- c:\windows\system32\ctppld.dll

2012-02-22 10:08:32 492544 ----a-w- c:\windows\system32\ctapo32.dll

2012-02-22 10:08:23 -------- d-----w- c:\program files\SigmaTel

2012-02-22 09:45:59 -------- d-----w- c:\users\om deva\My Installables

2012-02-21 06:57:37 -------- d-----w- c:\programdata\Ilium Software

2012-02-21 03:41:06 -------- d-----w- c:\windows\WindowsMobile

2012-02-20 20:15:08 14744 ----a-w- c:\users\om deva\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll

2012-02-20 06:08:56 -------- d-----w- c:\programdata\boost_interprocess

2012-02-20 06:05:31 -------- d-----w- c:\program files\MediaFire Express

2012-02-20 06:05:20 -------- d-----w- c:\users\om deva\appdata\local\MediaFire Express

.

==================== Find3M ====================

.

2012-03-12 17:01:56 1608 ----a-w- c:\windows\fonts\JayHo.ttf

2012-03-06 17:35:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-22 12:08:10 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-15 05:31:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 05:31:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-02-11 06:41:28 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2012-02-11 06:41:28 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2012-02-11 06:41:24 132224 ----a-w- c:\windows\system32\drivers\snapman.sys

2012-02-11 06:41:16 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2012-02-11 06:06:32 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-02-11 06:06:31 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-02-10 05:21:53 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-02-09 07:11:36 74703 ----a-w- c:\windows\system32\mfc45.dll

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-12 00:19:16 4448256 ----a-w- c:\windows\system32\GPhotos.scr

2012-01-06 06:21:24 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-01-06 06:21:16 11776 ----a-w- c:\windows\system32\smrgdf.exe

2012-01-06 05:59:06 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll

2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl

.

============= FINISH: 10:35:36.10 ===============

Share this post


Link to post
Share on other sites

Sorry for the oversight. Here it is:

FixExec by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about FixExec can be found at this link:

http://www.bleepingcomputer.com/download/windows/utilities/fixexec

Program started at: 03/19/2012 09:57:46 PM in x86 mode.

Windows Version: Windows 7

Checking for processes to terminate before fixing executable associations.

* No processes found to kill.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Program finished at: 03/19/2012 09:58:07 PM

Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)

Share this post


Link to post
Share on other sites

Thanks for the query. I feel that my system is doing well.

You have to confirm my feelings after going through the latest Full Scan report of MalwareBytes:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.20.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Om Deva :: OMDEVA-PC [administrator]

Protection: Enabled

20-Mar-12 23:03:09

mbam-log-2012-03-20 (23-03-09).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 312208

Time elapsed: 3 hour(s), 50 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Completed the task of manually deleting DDS, FixExec and TDSSKiller.

I have gone through the malware prevention tips at the suggested site. I shall implement the tips given therein.

Thank you for all the help in securing my system from malware.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

This topic re-opened per request of omdevn.

@omdevn

I am quite surprised to hear you say the issue returned, given that you had just advised us the issue was done with.

a) Post a copy of the latest MBAM scan log.

b) Do not use pc for any outside purpose.

c) Run a fresh run of DDS and copy & paste those logs.

d) Allow time for review of your logs & a response.

Share this post


Link to post
Share on other sites

I am sorry for bothering you with my problem once again.

Even I was surprised to see the issue cropping up again after I performed a quick scan with Malwarebytes yesterday (22-Mar-2012). It shows 2 Registry Data Items which were promptly quarantined. I wish to know how this is happening and how to get rid of these registry entries.

Here is the MBAM scan log:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.22.03

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Om Deva :: OMDEVA-PC [administrator]

Protection: Enabled

22-Mar-12 21:03:58

mbam-log-2012-03-22 (21-03-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 183891

Time elapsed: 16 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

This is the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Om Deva at 14:22:24 on 2012-03-23

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.813 [GMT 5.5:30]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\FsUsbExService.Exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Perfios\perfios_winsvc.exe

C:\Program Files\Airtel NetXpert\bin\sprtsvc.exe

C:\Program Files\Airtel NetXpert\bin\sprtcmd.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Airtel NetXpert\bin\tgsrvc.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Hide My IP\HideMyIP.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Hide My IP\HideMyIpSrv.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\WUDFHost.exe

C:\Program Files\TeamViewer\Version7\tv_w32.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe

C:\Windows\System32\taskmgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [HideMyIP] c:\program files\hide my ip\HideMyIP.exe

uRun: [Google Update] "c:\users\om deva\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\drivermax.exe" -agent

uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\drivermax.exe" -RESTART

mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Mouse Suite 98 Daemon] ico.EXE

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [NPSStartup]

mRun: [netxpert] "c:\program files\airtel netxpert\bin\sprtcmd.exe" /P netxpert

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Fellowes Proxy] c:\windows\system32\r3proxy.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [sMRequiresRestart]

StartupFolder: c:\users\omdeva~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\users\omdeva~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\windows\system32\HMIPCore.dll

LSP: c:\windows\system32\iavlsp.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7A511D57-6A8D-448B-8D3F-419488EC3A50} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C6B1B7EA-81F1-40B7-9D7C-4CDD9A2BB155} : DhcpNameServer = 192.168.1.1

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\om deva\appdata\roaming\mozilla\firefox\profiles\0jmy17v4.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\om deva\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [2011-9-28 138048]

R2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [2012-2-9 1189184]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-2-9 361000]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

regfile=NOTEPAD.EXE %1

scrfile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-03-23 08:40:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-23 06:52:56 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c823277-8e22-4e6e-9f94-55268eea3b00}\offreg.dll

2012-03-23 06:52:56 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c823277-8e22-4e6e-9f94-55268eea3b00}\MpKslb6b96e65.sys

2012-03-23 06:50:24 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c823277-8e22-4e6e-9f94-55268eea3b00}\mpengine.dll

2012-03-21 06:59:46 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys

2012-03-21 06:59:29 -------- d-----w- c:\program files\TeamViewer

2012-03-20 09:57:17 -------- d-----w- c:\program files\common files\PCSuite

2012-03-20 09:56:44 -------- d-----w- c:\program files\common files\Nokia

2012-03-20 09:56:29 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-03-20 09:55:59 -------- d-----w- c:\program files\PC Connectivity Solution

2012-03-20 09:54:55 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2012-03-20 09:54:52 -------- d-----w- c:\program files\Nokia

2012-03-19 08:28:09 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-03-19 08:27:54 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-03-19 08:27:53 145960 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-03-18 07:57:06 -------- d-----w- c:\program files\MagicISO

2012-03-16 03:02:43 -------- d-----w- c:\program files\iPod

2012-03-16 02:48:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-03-16 02:48:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-03-16 02:48:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-03-16 02:48:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-03-16 02:48:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-03-16 02:48:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-03-16 02:48:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-03-16 02:46:04 -------- d-----w- c:\users\om deva\appdata\local\Diagnostics

2012-03-15 00:20:47 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 00:20:45 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 23:55:53 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 23:55:51 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 03:17:06 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 03:17:06 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 03:17:05 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 03:17:03 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-03-14 03:17:03 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 03:17:02 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 03:17:02 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 12:10:46 -------- d-----w- c:\program files\IDT

2012-03-13 12:09:07 915968 ----a-w- c:\windows\system32\stapo.dll

2012-03-13 12:09:07 495104 ----a-w- c:\windows\system32\stapi32.dll

2012-03-13 12:09:07 328704 ----a-w- c:\windows\system32\stcplx.dll

2012-03-13 12:09:05 176128 ----a-w- c:\windows\system32\st326233.dll

2012-03-13 12:07:14 98304 ----a-w- c:\windows\system32\r3proxy.exe

2012-03-13 12:07:14 2387968 ----a-w- c:\windows\system32\FEzPtCPL.dll

2012-03-13 12:07:14 12672 ----a-w- c:\windows\system32\drivers\FeMouWDM.sys

2012-03-13 12:07:13 131072 ----a-w- c:\windows\system32\language.dll

2012-03-13 12:06:50 90112 ----a-w- c:\windows\system32\femouse.dll

2012-03-13 11:55:21 140288 ----a-w- c:\windows\system32\igfxtvcx.dll

2012-03-13 11:30:36 985472 ----a-w- c:\windows\system32\drivers\HSF_DP.sys

2012-03-13 11:30:36 210688 ----a-w- c:\windows\system32\drivers\HSF_HWAZL.sys

2012-03-13 11:30:35 738360 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys

2012-03-13 11:29:47 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2012-03-13 11:28:56 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2012-03-13 11:27:31 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2012-03-13 11:22:55 108544 ----a-w- c:\windows\system32\drivers\MxEFUF32.sys

2012-03-13 11:20:28 4703232 ----a-w- c:\windows\system32\drivers\BCMWL63.SYS

2012-03-13 11:16:13 -------- d-----w- C:\Intel

2012-03-13 11:12:47 81920 ----a-w- c:\windows\system32\igfxCoIn_v2226.dll

2012-03-13 11:12:45 208896 ----a-w- c:\windows\system32\iglhsip32.dll

2012-03-13 11:12:44 147456 ----a-w- c:\windows\system32\iglhcp32.dll

2012-03-13 11:12:43 874048 ----a-w- c:\windows\system32\igkrng575.bin

2012-03-13 11:12:39 86528 ----a-w- c:\windows\system32\igfxresn.lrc

2012-03-13 11:12:37 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-03-13 11:12:36 104796 ----a-w- c:\windows\system32\igfcg575m.bin

2012-03-13 11:12:30 127868 ----a-w- c:\windows\system32\igcompkrng575.bin

2012-03-13 11:12:25 3157784 ----a-w- c:\windows\system32\GfxUI.exe

2012-03-13 11:12:25 120320 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-03-13 11:12:24 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2012-03-12 14:52:31 -------- d-----w- c:\program files\common files\xing shared

2012-03-09 06:34:01 -------- d-----w- c:\users\om deva\appdata\local\Jaksta_Technologies_Pty_L

2012-03-09 06:30:25 -------- d-----w- c:\program files\Applian Technologies

2012-03-09 06:29:15 -------- d-----w- c:\programdata\Applian

2012-03-08 04:24:42 -------- d-----w- c:\program files\common files\SupportSoft

2012-03-08 04:22:56 -------- d-----w- c:\users\om deva\appdata\local\SupportSoft

2012-03-08 04:22:55 -------- d-----w- c:\program files\Airtel NetXpert

2012-03-08 03:06:49 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

2012-03-08 03:05:33 -------- d-----w- c:\program files\MSXML 4.0

2012-03-07 13:36:47 -------- d-----w- c:\program files\Perfios

2012-03-06 17:37:39 12416 ----a-w- c:\windows\system32\drivers\ssm_whnt.sys

2012-03-06 17:37:39 12416 ----a-w- c:\windows\system32\drivers\ssm_wh.sys

2012-03-06 17:37:38 14848 ----a-w- c:\windows\system32\drivers\ssm_mdfl.sys

2012-03-06 17:37:38 132608 ----a-w- c:\windows\system32\drivers\ssm_mdm.sys

2012-03-06 17:37:38 12544 ----a-w- c:\windows\system32\drivers\ssm_cmnt.sys

2012-03-06 17:37:38 12544 ----a-w- c:\windows\system32\drivers\ssm_cm.sys

2012-03-06 17:37:38 104448 ----a-w- c:\windows\system32\drivers\ssm_bus.sys

2012-03-06 17:33:03 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys

2012-03-06 17:33:03 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe

2012-03-06 17:33:02 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll

2012-03-06 17:31:54 -------- d-----w- c:\users\om deva\appdata\roaming\Samsung

2012-03-06 17:29:35 -------- d-----w- c:\program files\MarkAny

2012-03-06 17:26:45 -------- d-----w- c:\program files\Samsung

2012-03-06 17:24:23 -------- d-----w- c:\programdata\Samsung

2012-03-06 17:23:01 -------- d-----w- c:\users\om deva\appdata\local\Downloaded Installations

2012-03-06 13:10:23 86016 ------w- c:\windows\unvise32.exe

2012-03-06 13:10:11 -------- d-----w- c:\program files\Bandwidth Monitor Pro

2012-03-06 12:43:36 737280 ----a-w- c:\windows\iun6002.exe

2012-03-05 13:29:37 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

2012-03-05 13:29:36 29552 ----a-w- c:\windows\system32\mdimon.dll

2012-02-28 08:26:48 -------- d-----w- c:\users\om deva\appdata\roaming\Foxit Software

2012-02-22 10:15:26 73728 ----a-w- c:\windows\system32\AEstSrv.exe

2012-02-22 10:15:23 647168 ----a-w- c:\windows\system32\aestecap.dll

2012-02-22 10:15:22 53248 ----a-w- c:\windows\system32\aestaren.dll

2012-02-22 10:15:22 131072 ----a-w- c:\windows\system32\aestacap.dll

2012-02-22 10:15:21 1601536 ----a-w- c:\windows\system32\stlang.dll

2012-02-22 10:15:21 102400 ----a-w- c:\windows\system32\stacsv.exe

2012-02-22 10:15:20 4947968 ----a-w- c:\windows\system32\stacgui.cpl

2012-02-22 10:08:42 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys

2012-02-22 10:08:34 146944 ----a-w- c:\windows\system32\st325614.dll

2012-02-22 10:08:33 45568 ----a-w- c:\windows\system32\ctppld.dll

2012-02-22 10:08:32 492544 ----a-w- c:\windows\system32\ctapo32.dll

2012-02-22 10:08:23 -------- d-----w- c:\program files\SigmaTel

2012-02-22 09:45:59 -------- d-----w- c:\users\om deva\My Installables

.

==================== Find3M ====================

.

2012-03-12 17:01:56 1608 ----a-w- c:\windows\fonts\JayHo.ttf

2012-03-06 17:35:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-22 12:08:10 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-15 05:31:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 05:31:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-02-11 06:41:28 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2012-02-11 06:41:28 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2012-02-11 06:41:24 132224 ----a-w- c:\windows\system32\drivers\snapman.sys

2012-02-11 06:41:16 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2012-02-11 06:06:32 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-02-11 06:06:31 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-02-10 05:21:53 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-02-09 07:11:36 74703 ----a-w- c:\windows\system32\mfc45.dll

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-12 00:19:16 4448256 ----a-w- c:\windows\system32\GPhotos.scr

2012-01-06 06:21:24 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-01-06 06:21:16 11776 ----a-w- c:\windows\system32\smrgdf.exe

2012-01-06 05:59:06 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll

2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: ST932032 rev.SD03 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: >>UNKNOWN [0x82C1C000]<< >>UNKNOWN [0x833C0000]<< >>UNKNOWN [0x88DE4000]<< >>UNKNOWN [0x88C00000]<< >>UNKNOWN [0x8302E000]<<

_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }

1 ntkrnlpa!IofCallDriver[0x82C5355A] -> \Device\Harddisk0\DR0[0x8726F5A8]

\Driver\Disk[0x8726EB78] -> IRP_MJ_CREATE -> 0x833C439F

3 [0x833C459E] -> ntkrnlpa!IofCallDriver[0x82C5355A] -> \Device\Ide\IAAStorageDevice-0[0x8580F028]

\Driver\iaStor[0x8578FB48] -> IRP_MJ_CREATE -> 0x88C230F8

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 14:24:32.69 ===============

This is the Attack.txt file:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 09-Feb-12 12:13:14

System Uptime: 23-Mar-12 07:54:15 (7 hours ago)

.

Motherboard: Dell Inc. | | 0TT347

Processor: Intel® Core2 Duo CPU T5270 @ 1.40GHz | Microprocessor | 1386/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 162.718 GiB free.

D: is CDROM ()

F: is CDROM (UDF)

G: is FIXED (NTFS) - 466 GiB total, 254.548 GiB free.

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP138: 23-Mar-12 12:28:23 - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 4.62

Acronis Disk Director Suite

Acronis True Image Home

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Advanced Task Manager for Windows Vista & Windows XP

Advanced Uninstaller PRO - Version 9

Airtel NetXpert 3.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVSDK5

Beyond Compare Version 3.3.4

Bonjour

CanSecure-Retail

Carbon Folder

Conexant HDA D330 MDC V.92 Modem

Daily Planner Journal 5.6

DriverMax 6

EssentialPIM

eWallet 7.2

Foxit Reader 5.1

Google Calendar Sync

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hide My IP 5.3

iCloud

Innovative System Optimizer - version 4

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

iolo technologies' System Mechanic Professional

iTunes

Java Auto Updater

Java 6 Update 31

Kensington SlimBlade Driver

Magic ISO Maker v5.5 (build 0273)

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.60.1.1000

MediaFire Express (beta)

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mobile Partner

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVC90_x86

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nokia Connectivity Cable Driver

Nokia PC Suite

OpenOffice.org 3.3

PC Connectivity Solution

Perfios SmartUpdate

Picasa 3

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RICOH Media Driver ver.2.07.01.04

RICOH R5U8xx Media Driver ver.3.62.02

RoboTask Lite 3.0

Safari

Samsung New PC Studio

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

SigmaTel Audio

StarToken

TeamViewer 7

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 2.0.1

Windows Driver Package - Nokia Modem (02/25/2011 4.7)

Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Mobile Device Center

Windows Mobile Device Center Driver Update

.

==== Event Viewer Messages From Past Week ========

.

23-Mar-12 11:55:03, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

23-Mar-12 07:55:43, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831

23-Mar-12 07:55:27, Error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).

23-Mar-12 07:55:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eairwnet FileDisk

22-Mar-12 20:50:40, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

22-Mar-12 12:13:09, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume I:.

22-Mar-12 11:55:38, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

22-Mar-12 11:55:38, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites
I am sorry for bothering you with my problem once again.

Even I was surprised to see the issue cropping up again after I performed a quick scan with Malwarebytes yesterday (22-Mar-2012). It shows 2 Registry Data Items which were promptly quarantined. I wish to know how this is happening and how to get rid of these registry entries.

The MBAM run fixed that issue. The log showed

Quarantined and repaired successfully.

One cannot tell how the issue originated. Maybe you got & ran something out of the ordinary.

Share this post


Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.