Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Open Cloud AV removal failure


  • Please log in to reply
10 replies to this topic

#1 opencloudAVsucks

opencloudAVsucks

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 02 October 2011 - 09:24 PM

Hello, I have recently contracted the Open CLoud Av malware program. I have tried the online walkthrough on this website and when MalwareBytes begins the scan, seconds later the program is terminated. I am very stressed about this because I have read this malware turns into a potential keylogger and I am quite worried. I have little to none knowledge with computers, and I have searched the forums to see if someone had a situation similar to my own and I did find some, except most of the posts have all kinds of crazy code in it that I don't understand at all. I contacted Best Buy and they said it would cost $150 just for a 1 time malware removal. That being said I would greatly appreciate it if someone with knowledge on the subject could assist me with this problem. THanks in advance.

P.s I am running on Windows Vista.

-JAke

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:40 PM

Posted 02 October 2011 - 09:28 PM

Hello,This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.

FixNCR.reg

insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.


If no joy try running SAS... Run SAS even if the MBAM works and post both logs.

Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 opencloudAVsucks

opencloudAVsucks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 02 October 2011 - 10:17 PM

Just a quick question...should I be running these programs in Safe mode?

#4 opencloudAVsucks

opencloudAVsucks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 02 October 2011 - 10:56 PM

Ok I tried to run SAS in safe mode and it did the same exact thing that was happening to MBAM. Right after I begin the scan it abruptly is terminated. Do I have to run RKill before I run the scan? And also since I downloaded that registry file to a disc I just went ahead and acquired the portable scanner version of SAS and put them on the same disc. Is that a problem?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:40 PM

Posted 03 October 2011 - 08:31 PM

Not at all a problem. We will use for now which ever mode they work in.

See if you can run this, then try RKill before MBAM and SAS again.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 opencloudAVsucks

opencloudAVsucks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 03 October 2011 - 09:10 PM

21:58:15.0588 0812 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
21:58:15.0916 0812 ============================================================
21:58:15.0916 0812 Current date / time: 2011/10/03 21:58:15.0915
21:58:15.0916 0812 SystemInfo:
21:58:15.0916 0812
21:58:15.0917 0812 OS Version: 6.0.6002 ServicePack: 2.0
21:58:15.0917 0812 Product type: Workstation
21:58:15.0917 0812 ComputerName: ETHAN-PC
21:58:15.0918 0812 UserName: Jake
21:58:15.0918 0812 Windows directory: C:\Windows
21:58:15.0918 0812 System windows directory: C:\Windows
21:58:15.0918 0812 Processor architecture: Intel x86
21:58:15.0918 0812 Number of processors: 2
21:58:15.0918 0812 Page size: 0x1000
21:58:15.0918 0812 Boot type: Normal boot
21:58:15.0918 0812 ============================================================
21:58:17.0351 0812 Initialize success
21:58:54.0901 3376 ============================================================
21:58:54.0901 3376 Scan started
21:58:54.0901 3376 Mode: Manual;
21:58:54.0901 3376 ============================================================
21:58:55.0446 3376 1cf6efbe (198b4150a32376abd5abca2ff5cc834b) C:\Windows\3203397148:3809022017.exe
21:58:55.0447 3376 Suspicious file (Hidden): C:\Windows\3203397148:3809022017.exe. md5: 198b4150a32376abd5abca2ff5cc834b
21:58:55.0448 3376 1cf6efbe ( HiddenFile.Multi.Generic ) - warning
21:58:55.0448 3376 1cf6efbe - detected HiddenFile.Multi.Generic (1)
21:58:55.0545 3376 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:58:55.0554 3376 ACPI - ok
21:58:55.0609 3376 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:58:55.0623 3376 adp94xx - ok
21:58:55.0660 3376 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:58:55.0671 3376 adpahci - ok
21:58:55.0755 3376 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:58:55.0760 3376 adpu160m - ok
21:58:55.0778 3376 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:58:55.0784 3376 adpu320 - ok
21:58:55.0869 3376 AFD (5bcc1382c2a5ca4a93eae83ab4020dff) C:\Windows\system32\drivers\afd.sys
21:58:55.0874 3376 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 5bcc1382c2a5ca4a93eae83ab4020dff, Fake md5: 3911b972b55fea0478476b2e777b29fa
21:58:55.0877 3376 AFD ( ForgedFile.Multi.Generic ) - warning
21:58:55.0877 3376 AFD - detected ForgedFile.Multi.Generic (1)
21:58:56.0002 3376 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:58:56.0006 3376 agp440 - ok
21:58:56.0063 3376 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:58:56.0067 3376 aic78xx - ok
21:58:56.0104 3376 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:58:56.0107 3376 aliide - ok
21:58:56.0155 3376 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:58:56.0159 3376 amdagp - ok
21:58:56.0188 3376 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:58:56.0190 3376 amdide - ok
21:58:56.0270 3376 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:58:56.0273 3376 AmdK7 - ok
21:58:56.0330 3376 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
21:58:56.0333 3376 AmdK8 - ok
21:58:56.0547 3376 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:58:56.0552 3376 arc - ok
21:58:56.0648 3376 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:58:56.0652 3376 arcsas - ok
21:58:56.0706 3376 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:56.0708 3376 AsyncMac - ok
21:58:56.0810 3376 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:58:56.0812 3376 atapi - ok
21:58:56.0947 3376 BCM43XV (a176653093b28e4deb9f3d81cb4056ec) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:58:56.0982 3376 BCM43XV - ok
21:58:57.0036 3376 BCM43XX (a176653093b28e4deb9f3d81cb4056ec) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:58:57.0060 3376 BCM43XX - ok
21:58:57.0152 3376 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:58:57.0154 3376 Beep - ok
21:58:57.0216 3376 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:58:57.0220 3376 blbdrive - ok
21:58:57.0313 3376 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:58:57.0317 3376 bowser - ok
21:58:57.0402 3376 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:58:57.0406 3376 BrFiltLo - ok
21:58:57.0455 3376 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:58:57.0458 3376 BrFiltUp - ok
21:58:57.0496 3376 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:58:57.0503 3376 Brserid - ok
21:58:57.0532 3376 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:58:57.0536 3376 BrSerWdm - ok
21:58:57.0595 3376 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:58:57.0621 3376 BrUsbMdm - ok
21:58:57.0702 3376 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:58:57.0704 3376 BrUsbSer - ok
21:58:57.0768 3376 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:58:57.0771 3376 BTHMODEM - ok
21:58:57.0798 3376 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:58:57.0801 3376 cdfs - ok
21:58:57.0870 3376 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:58:57.0874 3376 cdrom - ok
21:58:57.0926 3376 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:58:57.0929 3376 circlass - ok
21:58:58.0017 3376 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:58:58.0027 3376 CLFS - ok
21:58:58.0105 3376 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:58:58.0107 3376 CmBatt - ok
21:58:58.0158 3376 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:58:58.0161 3376 cmdide - ok
21:58:58.0224 3376 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
21:58:58.0232 3376 CnxtHdAudService - ok
21:58:58.0256 3376 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:58:58.0259 3376 Compbatt - ok
21:58:58.0296 3376 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:58:58.0299 3376 crcdisk - ok
21:58:58.0341 3376 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:58:58.0344 3376 Crusoe - ok
21:58:58.0462 3376 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:58:58.0466 3376 DfsC - ok
21:58:58.0564 3376 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:58:58.0568 3376 disk - ok
21:58:58.0708 3376 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:58:58.0725 3376 drmkaud - ok
21:58:58.0815 3376 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:58:58.0835 3376 DXGKrnl - ok
21:58:58.0922 3376 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:58:58.0928 3376 E1G60 - ok
21:58:59.0039 3376 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:58:59.0044 3376 Ecache - ok
21:58:59.0141 3376 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:58:59.0154 3376 elxstor - ok
21:58:59.0229 3376 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:58:59.0231 3376 ErrDev - ok
21:58:59.0377 3376 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:58:59.0382 3376 exfat - ok
21:58:59.0449 3376 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:58:59.0455 3376 fastfat - ok
21:58:59.0531 3376 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:58:59.0534 3376 fdc - ok
21:58:59.0644 3376 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:58:59.0647 3376 FileInfo - ok
21:58:59.0678 3376 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:58:59.0681 3376 Filetrace - ok
21:58:59.0722 3376 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:58:59.0725 3376 flpydisk - ok
21:58:59.0802 3376 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:58:59.0807 3376 FltMgr - ok
21:58:59.0937 3376 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:58:59.0938 3376 Fs_Rec - ok
21:59:00.0046 3376 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:59:00.0050 3376 gagp30kx - ok
21:59:00.0160 3376 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:59:00.0162 3376 GEARAspiWDM - ok
21:59:00.0274 3376 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:59:00.0283 3376 HdAudAddService - ok
21:59:00.0399 3376 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:59:00.0418 3376 HDAudBus - ok
21:59:00.0481 3376 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:59:00.0484 3376 HidBth - ok
21:59:00.0560 3376 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:59:00.0563 3376 HidIr - ok
21:59:00.0639 3376 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:59:00.0641 3376 HidUsb - ok
21:59:00.0744 3376 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:59:00.0747 3376 HpCISSs - ok
21:59:00.0833 3376 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:59:00.0834 3376 HpqKbFiltr - ok
21:59:00.0929 3376 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
21:59:00.0930 3376 HpqRemHid - ok
21:59:01.0067 3376 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:59:01.0113 3376 HSFHWAZL - ok
21:59:01.0367 3376 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:59:01.0396 3376 HSF_DPV - ok
21:59:01.0621 3376 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:59:01.0642 3376 HSXHWAZL - ok
21:59:01.0709 3376 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:59:01.0723 3376 HTTP - ok
21:59:01.0767 3376 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:59:01.0769 3376 i2omp - ok
21:59:01.0856 3376 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:59:01.0859 3376 i8042prt - ok
21:59:01.0911 3376 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:59:01.0921 3376 iaStorV - ok
21:59:01.0984 3376 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:59:01.0987 3376 iirsp - ok
21:59:02.0127 3376 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:59:02.0129 3376 intelide - ok
21:59:02.0197 3376 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:59:02.0200 3376 intelppm - ok
21:59:02.0255 3376 IpInIp - ok
21:59:02.0311 3376 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:59:02.0315 3376 IPMIDRV - ok
21:59:02.0371 3376 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:59:02.0376 3376 IPNAT - ok
21:59:02.0500 3376 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:59:02.0502 3376 IRENUM - ok
21:59:02.0565 3376 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:59:02.0569 3376 isapnp - ok
21:59:02.0630 3376 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:59:02.0636 3376 iScsiPrt - ok
21:59:02.0662 3376 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:59:02.0665 3376 iteatapi - ok
21:59:02.0755 3376 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:59:02.0758 3376 iteraid - ok
21:59:02.0793 3376 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:59:02.0796 3376 kbdclass - ok
21:59:02.0820 3376 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
21:59:02.0823 3376 kbdhid - ok
21:59:02.0905 3376 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:59:02.0921 3376 KSecDD - ok
21:59:03.0060 3376 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:59:03.0064 3376 lltdio - ok
21:59:03.0115 3376 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:59:03.0120 3376 LSI_FC - ok
21:59:03.0148 3376 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:59:03.0152 3376 LSI_SAS - ok
21:59:03.0172 3376 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:59:03.0177 3376 LSI_SCSI - ok
21:59:03.0198 3376 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:59:03.0202 3376 luafv - ok
21:59:03.0251 3376 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:59:03.0253 3376 mdmxsdk - ok
21:59:03.0391 3376 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:59:03.0394 3376 megasas - ok
21:59:03.0507 3376 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:59:03.0522 3376 MegaSR - ok
21:59:03.0609 3376 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:59:03.0611 3376 Modem - ok
21:59:03.0635 3376 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:59:03.0637 3376 monitor - ok
21:59:03.0662 3376 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:59:03.0686 3376 mouclass - ok
21:59:03.0703 3376 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:59:03.0705 3376 mouhid - ok
21:59:03.0738 3376 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:59:03.0746 3376 MountMgr - ok
21:59:03.0859 3376 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:59:03.0866 3376 MpFilter - ok
21:59:03.0928 3376 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:59:03.0933 3376 mpio - ok
21:59:04.0026 3376 MpKsl14f5bb92 - ok
21:59:04.0043 3376 MpKsl1aad0f59 - ok
21:59:04.0060 3376 MpKsl239e3aee - ok
21:59:04.0077 3376 MpKsl263d7e85 - ok
21:59:04.0093 3376 MpKsl2e985709 - ok
21:59:04.0110 3376 MpKsl561c54fa - ok
21:59:04.0126 3376 MpKsl5bfe5040 - ok
21:59:04.0143 3376 MpKsl65cecec3 - ok
21:59:04.0160 3376 MpKsl6b366847 - ok
21:59:04.0174 3376 MpKsl7c3c844d - ok
21:59:04.0191 3376 MpKsl8aed6c1d - ok
21:59:04.0215 3376 MpKsla239cbb4 - ok
21:59:04.0232 3376 MpKslc32de1d9 - ok
21:59:04.0251 3376 MpKsldc49817b - ok
21:59:04.0277 3376 MpKslfabedbf3 - ok
21:59:04.0375 3376 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:59:04.0378 3376 MpNWMon - ok
21:59:04.0425 3376 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:59:04.0429 3376 mpsdrv - ok
21:59:04.0489 3376 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:59:04.0492 3376 Mraid35x - ok
21:59:04.0552 3376 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:59:04.0557 3376 MRxDAV - ok
21:59:04.0647 3376 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:59:04.0653 3376 mrxsmb - ok
21:59:04.0713 3376 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:59:04.0721 3376 mrxsmb10 - ok
21:59:04.0745 3376 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:59:04.0750 3376 mrxsmb20 - ok
21:59:04.0790 3376 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:59:04.0793 3376 msahci - ok
21:59:04.0817 3376 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:59:04.0822 3376 msdsm - ok
21:59:04.0922 3376 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:59:04.0925 3376 Msfs - ok
21:59:04.0960 3376 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:59:04.0963 3376 msisadrv - ok
21:59:05.0023 3376 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:59:05.0026 3376 MSKSSRV - ok
21:59:05.0171 3376 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:59:05.0174 3376 MSPCLOCK - ok
21:59:05.0205 3376 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:59:05.0207 3376 MSPQM - ok
21:59:05.0260 3376 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:59:05.0268 3376 MsRPC - ok
21:59:05.0300 3376 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:59:05.0302 3376 mssmbios - ok
21:59:05.0337 3376 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:59:05.0340 3376 MSTEE - ok
21:59:05.0449 3376 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:59:05.0452 3376 Mup - ok
21:59:05.0570 3376 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:59:05.0577 3376 NativeWifiP - ok
21:59:05.0650 3376 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:59:05.0667 3376 NDIS - ok
21:59:05.0795 3376 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:59:05.0798 3376 NdisTapi - ok
21:59:05.0839 3376 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:59:05.0842 3376 Ndisuio - ok
21:59:05.0923 3376 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:59:05.0927 3376 NdisWan - ok
21:59:05.0994 3376 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:59:05.0997 3376 NDProxy - ok
21:59:06.0046 3376 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:59:06.0049 3376 NetBIOS - ok
21:59:06.0109 3376 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:59:06.0116 3376 netbt - ok
21:59:06.0180 3376 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:59:06.0184 3376 nfrd960 - ok
21:59:06.0252 3376 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:59:06.0256 3376 NisDrv - ok
21:59:06.0363 3376 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:59:06.0366 3376 Npfs - ok
21:59:06.0423 3376 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:59:06.0426 3376 nsiproxy - ok
21:59:06.0538 3376 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:59:06.0572 3376 Ntfs - ok
21:59:06.0668 3376 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:59:06.0671 3376 ntrigdigi - ok
21:59:06.0706 3376 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:59:06.0708 3376 Null - ok
21:59:06.0803 3376 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:59:06.0854 3376 NVENETFD - ok
21:59:06.0960 3376 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
21:59:06.0963 3376 NVHDA - ok
21:59:07.0406 3376 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:59:07.0755 3376 nvlddmkm - ok
21:59:07.0929 3376 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:59:07.0934 3376 nvraid - ok
21:59:08.0006 3376 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
21:59:08.0008 3376 nvsmu - ok
21:59:08.0061 3376 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:59:08.0065 3376 nvstor - ok
21:59:08.0113 3376 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:59:08.0119 3376 nv_agp - ok
21:59:08.0180 3376 NwlnkFlt - ok
21:59:08.0202 3376 NwlnkFwd - ok
21:59:08.0261 3376 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:59:08.0266 3376 ohci1394 - ok
21:59:08.0310 3376 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:59:08.0315 3376 Parport - ok
21:59:08.0354 3376 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:59:08.0358 3376 partmgr - ok
21:59:08.0389 3376 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:59:08.0392 3376 Parvdm - ok
21:59:08.0514 3376 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:59:08.0521 3376 pci - ok
21:59:08.0562 3376 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:59:08.0564 3376 pciide - ok
21:59:08.0607 3376 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:59:08.0614 3376 pcmcia - ok
21:59:08.0741 3376 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:59:08.0769 3376 PEAUTH - ok
21:59:08.0938 3376 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:59:08.0941 3376 PptpMiniport - ok
21:59:08.0970 3376 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
21:59:08.0973 3376 Processor - ok
21:59:09.0060 3376 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:59:09.0066 3376 PSched - ok
21:59:09.0119 3376 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
21:59:09.0123 3376 PxHelp20 - ok
21:59:09.0376 3376 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:59:09.0408 3376 ql2300 - ok
21:59:09.0487 3376 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:59:09.0492 3376 ql40xx - ok
21:59:09.0537 3376 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:59:09.0540 3376 QWAVEdrv - ok
21:59:09.0567 3376 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:59:09.0570 3376 RasAcd - ok
21:59:09.0594 3376 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:59:09.0598 3376 Rasl2tp - ok
21:59:09.0666 3376 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:59:09.0670 3376 RasPppoe - ok
21:59:09.0721 3376 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:59:09.0724 3376 RasSstp - ok
21:59:09.0826 3376 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:59:09.0834 3376 rdbss - ok
21:59:09.0865 3376 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:59:09.0867 3376 RDPCDD - ok
21:59:09.0921 3376 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:59:09.0931 3376 rdpdr - ok
21:59:09.0946 3376 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:59:09.0950 3376 RDPENCDD - ok
21:59:10.0012 3376 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:59:10.0020 3376 RDPWD - ok
21:59:10.0177 3376 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
21:59:10.0180 3376 RimUsb - ok
21:59:10.0222 3376 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
21:59:10.0224 3376 RimVSerPort - ok
21:59:10.0260 3376 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
21:59:10.0262 3376 ROOTMODEM - ok
21:59:10.0492 3376 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:59:10.0496 3376 rspndr - ok
21:59:10.0534 3376 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
21:59:10.0538 3376 RTSTOR - ok
21:59:10.0689 3376 SASDIFSV (39763504067962108505bff25f024345) C:\Users\JAKE~1.ETH\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS
21:59:10.0691 3376 SASDIFSV - ok
21:59:10.0710 3376 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Users\JAKE~1.ETH\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS
21:59:10.0713 3376 SASKUTIL - ok
21:59:10.0799 3376 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:59:10.0803 3376 sbp2port - ok
21:59:10.0867 3376 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:59:10.0871 3376 secdrv - ok
21:59:10.0927 3376 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:59:10.0930 3376 Serenum - ok
21:59:10.0985 3376 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:59:10.0989 3376 Serial - ok
21:59:11.0027 3376 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:59:11.0030 3376 sermouse - ok
21:59:11.0103 3376 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:59:11.0105 3376 sffdisk - ok
21:59:11.0200 3376 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:59:11.0204 3376 sffp_mmc - ok
21:59:11.0230 3376 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:59:11.0233 3376 sffp_sd - ok
21:59:11.0267 3376 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:59:11.0271 3376 sfloppy - ok
21:59:11.0323 3376 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:59:11.0327 3376 sisagp - ok
21:59:11.0361 3376 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:59:11.0367 3376 SiSRaid2 - ok
21:59:11.0387 3376 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:59:11.0392 3376 SiSRaid4 - ok
21:59:11.0587 3376 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:59:11.0592 3376 Smb - ok
21:59:11.0733 3376 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:59:11.0736 3376 spldr - ok
21:59:11.0788 3376 SQTECH905C - ok
21:59:11.0849 3376 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:59:11.0861 3376 srv - ok
21:59:11.0948 3376 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:59:11.0955 3376 srv2 - ok
21:59:11.0995 3376 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:59:12.0000 3376 srvnet - ok
21:59:12.0066 3376 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:59:12.0068 3376 swenum - ok
21:59:12.0102 3376 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:59:12.0106 3376 Symc8xx - ok
21:59:12.0179 3376 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:59:12.0183 3376 Sym_hi - ok
21:59:12.0211 3376 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:59:12.0214 3376 Sym_u3 - ok
21:59:12.0281 3376 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
21:59:12.0289 3376 SynTP - ok
21:59:12.0411 3376 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
21:59:12.0438 3376 Tcpip - ok
21:59:12.0567 3376 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
21:59:12.0584 3376 Tcpip6 - ok
21:59:12.0616 3376 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
21:59:12.0620 3376 tcpipreg - ok
21:59:12.0704 3376 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:59:12.0733 3376 TDPIPE - ok
21:59:12.0769 3376 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:59:12.0773 3376 TDTCP - ok
21:59:12.0832 3376 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:59:12.0836 3376 tdx - ok
21:59:12.0888 3376 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:59:12.0892 3376 TermDD - ok
21:59:13.0033 3376 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:59:13.0037 3376 tssecsrv - ok
21:59:13.0083 3376 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:59:13.0086 3376 tunmp - ok
21:59:13.0143 3376 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:59:13.0145 3376 tunnel - ok
21:59:13.0195 3376 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:59:13.0200 3376 uagp35 - ok
21:59:13.0285 3376 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:59:13.0294 3376 udfs - ok
21:59:13.0418 3376 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:59:13.0422 3376 uliagpkx - ok
21:59:13.0501 3376 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:59:13.0510 3376 uliahci - ok
21:59:13.0536 3376 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:59:13.0542 3376 UlSata - ok
21:59:13.0574 3376 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:59:13.0579 3376 ulsata2 - ok
21:59:13.0608 3376 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:59:13.0611 3376 umbus - ok
21:59:13.0726 3376 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys
21:59:13.0730 3376 USBAAPL - ok
21:59:13.0842 3376 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:59:13.0853 3376 usbaudio - ok
21:59:13.0920 3376 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:59:13.0925 3376 usbccgp - ok
21:59:14.0021 3376 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:59:14.0026 3376 usbcir - ok
21:59:14.0131 3376 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:59:14.0134 3376 usbehci - ok
21:59:14.0197 3376 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:59:14.0205 3376 usbhub - ok
21:59:14.0261 3376 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:59:14.0264 3376 usbohci - ok
21:59:14.0343 3376 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:59:14.0345 3376 usbprint - ok
21:59:14.0430 3376 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:59:14.0434 3376 usbscan - ok
21:59:14.0505 3376 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:59:14.0509 3376 USBSTOR - ok
21:59:14.0571 3376 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:59:14.0574 3376 usbuhci - ok
21:59:14.0690 3376 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:59:14.0693 3376 vga - ok
21:59:14.0753 3376 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:59:14.0756 3376 VgaSave - ok
21:59:14.0789 3376 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:59:14.0793 3376 viaagp - ok
21:59:14.0829 3376 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:59:14.0832 3376 ViaC7 - ok
21:59:14.0877 3376 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:59:14.0880 3376 viaide - ok
21:59:14.0905 3376 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:59:14.0909 3376 volmgr - ok
21:59:15.0005 3376 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:59:15.0015 3376 volmgrx - ok
21:59:15.0121 3376 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
21:59:15.0129 3376 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
21:59:15.0132 3376 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
21:59:15.0132 3376 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
21:59:15.0273 3376 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:59:15.0279 3376 vsmraid - ok
21:59:15.0364 3376 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:59:15.0367 3376 WacomPen - ok
21:59:15.0456 3376 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:15.0459 3376 Wanarp - ok
21:59:15.0482 3376 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:15.0484 3376 Wanarpv6 - ok
21:59:15.0537 3376 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:59:15.0540 3376 Wd - ok
21:59:15.0585 3376 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:59:15.0603 3376 Wdf01000 - ok
21:59:15.0744 3376 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:59:15.0764 3376 winachsf - ok
21:59:15.0871 3376 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:59:15.0873 3376 WmiAcpi - ok
21:59:16.0038 3376 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:59:16.0041 3376 WpdUsb - ok
21:59:16.0095 3376 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:59:16.0098 3376 ws2ifsl - ok
21:59:16.0222 3376 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:59:16.0251 3376 WUDFRd - ok
21:59:16.0350 3376 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
21:59:16.0353 3376 XAudio - ok
21:59:16.0421 3376 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
21:59:16.0461 3376 \Device\Harddisk0\DR0 - ok
21:59:16.0471 3376 Boot (0x1200) (af4aa81c3496a1cc1c3b0fff445839d4) \Device\Harddisk0\DR0\Partition0
21:59:16.0473 3376 \Device\Harddisk0\DR0\Partition0 - ok
21:59:16.0489 3376 Boot (0x1200) (37a24ebb97177e529bcba67369d3fce8) \Device\Harddisk0\DR0\Partition1
21:59:16.0492 3376 \Device\Harddisk0\DR0\Partition1 - ok
21:59:16.0498 3376 ============================================================
21:59:16.0498 3376 Scan finished
21:59:16.0498 3376 ============================================================
21:59:16.0531 3948 Detected object count: 3
21:59:16.0531 3948 Actual detected object count: 3
22:00:27.0657 3948 1cf6efbe ( HiddenFile.Multi.Generic ) - skipped by user
22:00:27.0658 3948 1cf6efbe ( HiddenFile.Multi.Generic ) - User select action: Skip
22:00:27.0658 3948 AFD ( ForgedFile.Multi.Generic ) - skipped by user
22:00:27.0659 3948 AFD ( ForgedFile.Multi.Generic ) - User select action: Skip
22:00:32.0144 3948 Backup copy found, using it..
22:00:32.0181 3948 C:\Windows\system32\drivers\volsnap.sys - will be cured on reboot
22:00:32.0181 3948 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
22:00:38.0520 0656 Deinitialize success

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:40 PM

Posted 03 October 2011 - 09:17 PM

Good,now reboot and run a scan with MalwareBytes and SAS. Please post those logs and tell me how it's running.

Edited by boopme, 04 October 2011 - 01:57 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 opencloudAVsucks

opencloudAVsucks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 04 October 2011 - 07:07 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7862

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/4/2011 7:51:46 AM
mbam-log-2011-10-04 (07-51-46).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 491127
Time elapsed: 3 hour(s), 16 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Ethan\AppData\Local\Temp\ykjop_dz.exe.part (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\Jake\AppData\Local\Temp\ywusqkigec (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\Users\Jake\AppData\LocalLow\Sun\Java\deployment\cache\6.0\4\7239db44-466b8298 (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3\7017a743-500920cb (Trojan.Exploit.Drop) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.10353859499303486.exe (Trojan.Exploit.Drop) -> Quarantined and deleted successfully.
c:\Windows\Temp\intrau3.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.


??The log section in SAS seems to be empty?? Although the SAS scan did run and complete, and I did proceed to remove the infected files. As of right now, there is no more Open CLoud pop-ups/notifications, and everything seems to be running smoothly. Is this a good sign?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:40 PM

Posted 04 October 2011 - 02:02 PM

Yes it is. Looks like we beat it. Sometimes this happens with SAS and it comes back after a shut down and reboot. Also it sometimes shows up in the Admin or other user account.

Let's be sure we got everything before we mop up.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 opencloudAVsucks

opencloudAVsucks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 04 October 2011 - 11:32 PM

C:\Users\Ethan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\330b3de5-4fe6d147 probably a variant of Win32/Agent.DVSSYWD trojan deleted - quarantined
C:\Users\Jake\AppData\Local\Temp\jar_cache392873230577337143.tmp a variant of J2ME/Agent.AA trojan deleted - quarantined
C:\Users\Others\AppData\Local\Mozilla\Firefox\Profiles\553709hx.default\Cache\67B07F7Cd01 PDF/Exploit.Pidief.PFL.Gen trojan deleted - quarantined
C:\Windows\$NtUninstallKB3255$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B93R38HI\update0310[1].exe a variant of Win32/Kryptik.TOA trojan cleaned by deleting - quarantined
C:\Windows\$NtUninstallKB3255$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKLLT03R\f7a46[1].pdf JS/Exploit.Pdfka.PEM trojan cleaned by deleting - quarantined
C:\Windows\$NtUninstallKB3255$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R61E46BO\c359b[1].pdf JS/Exploit.Pdfka.PEM trojan cleaned by deleting - quarantined
C:\Windows\Temp\E80D.tmp a variant of Win32/Kryptik.TOA trojan cleaned by deleting - quarantined

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:40 PM

Posted 05 October 2011 - 12:23 PM

Good lets clean out the TEMP folder as it has infections and mop up.

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users