Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIndows firewall turns off by it self, is it a virus/trojan related problem?


  • Please log in to reply
5 replies to this topic

#1 Almendra

Almendra

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 21 February 2012 - 10:07 PM

Hello experts from bleeping,

I am having a problem with my laptop. Its windows and Mcaffee firewalls turns off continuously by itself. I am worried that it may be a virus/trojan related problem. Along with this problem, I have also noticed that my laptop becomes extremely slow every time that the 2 firewalls are off.

I have the following softwares installed in my laptop: malwarebytes (full version), spybot destroyer, hitman pro 3.5, and Mcaffee. I also downloaded long time ago the proventia desktop protection software, which I can't uninstalled at all.

To solve the aforementioned problem I carried out full antispyware and antivirus scanns in normal and safe mode and didn't find any sort of trojan or virus. The only thing that I get while using hitman pro 3.5 is a warning that a file called adbrite.com may be harmful, I tried to delete that file but it is imposible to do it. Could you please provide me with any assistance in this firewall issue??

Thank you very much!!!!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 AM

Posted 21 February 2012 - 10:19 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 21 February 2012 - 10:19 PM.


#3 Almendra

Almendra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 23 February 2012 - 11:57 AM

Thank you Narenxp for your quick response,

These are the logs you asked me:

FOR FSS:

Farbar Service Scanner Version: 22-02-2012
Ran by Administrator (administrator) on 23-02-2012 at 11:42:19
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(11) fssfltr(12) Gpc(7) IPSec(5) mfetdi2k(14) NetBT(6) PSched(8) RFCOMM(10) Tcpip(4)
0x0E00000005000000010000000200000003000000040000000E000000090000000D0000000600000007000000080000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

FOR TDSS KILLER:

At the end of the scan it showed a file that seemed to be suspicious. I selected skip to end the process. I'll be waiting for your answer on how to proceed.


11:43:57.0500 6824 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
11:43:58.0968 6824 ============================================================
11:43:58.0968 6824 Current date / time: 2012/02/23 11:43:58.0968
11:43:58.0968 6824 SystemInfo:
11:43:58.0968 6824
11:43:58.0968 6824 OS Version: 5.1.2600 ServicePack: 3.0
11:43:58.0968 6824 Product type: Workstation
11:43:58.0968 6824 ComputerName: GLV
11:43:58.0968 6824 UserName: Administrator
11:43:58.0968 6824 Windows directory: C:\WINDOWS
11:43:58.0968 6824 System windows directory: C:\WINDOWS
11:43:58.0968 6824 Processor architecture: Intel x86
11:43:58.0968 6824 Number of processors: 2
11:43:58.0968 6824 Page size: 0x1000
11:43:58.0968 6824 Boot type: Normal boot
11:43:58.0968 6824 ============================================================
11:44:00.0218 6824 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:44:00.0218 6824 \Device\Harddisk0\DR0:
11:44:00.0234 6824 MBR used
11:44:00.0234 6824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A17F07E
11:44:00.0234 6824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3A182F7E, BlocksNum 0x201CC3
11:44:00.0343 6824 Initialize success
11:44:00.0343 6824 ============================================================
11:44:16.0625 6540 ============================================================
11:44:16.0625 6540 Scan started
11:44:16.0625 6540 Mode: Manual; TDLFS;
11:44:16.0625 6540 ============================================================
11:44:17.0093 6540 Abiosdsk - ok
11:44:17.0156 6540 abp480n5 - ok
11:44:17.0218 6540 Accelerometer (6c2e405d98e6342a9d66a2493e7ab15e) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
11:44:17.0218 6540 Accelerometer - ok
11:44:17.0390 6540 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:44:17.0390 6540 ACPI - ok
11:44:17.0578 6540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:44:17.0578 6540 ACPIEC - ok
11:44:17.0828 6540 ADIHdAudAddService (ff60db2aca88543c025eacba25cee5c1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:44:17.0828 6540 ADIHdAudAddService - ok
11:44:18.0000 6540 adpu160m - ok
11:44:18.0062 6540 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
11:44:18.0109 6540 AEAudio - ok
11:44:18.0312 6540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:44:18.0312 6540 aec - ok
11:44:18.0484 6540 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:44:18.0500 6540 AFD - ok
11:44:18.0687 6540 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:44:18.0687 6540 AgereSoftModem - ok
11:44:18.0828 6540 Aha154x - ok
11:44:18.0828 6540 aic78u2 - ok
11:44:18.0843 6540 aic78xx - ok
11:44:18.0906 6540 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:44:18.0906 6540 AliIde - ok
11:44:19.0015 6540 amsint - ok
11:44:19.0093 6540 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:44:19.0093 6540 Arp1394 - ok
11:44:19.0218 6540 asc - ok
11:44:19.0265 6540 asc3350p - ok
11:44:19.0281 6540 asc3550 - ok
11:44:19.0359 6540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:44:19.0375 6540 AsyncMac - ok
11:44:19.0546 6540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:44:19.0546 6540 atapi - ok
11:44:19.0562 6540 Atdisk - ok
11:44:19.0578 6540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:44:19.0593 6540 Atmarpc - ok
11:44:19.0765 6540 ATSwpWDF (a9f9d1d24441889beb1aa2b917457e23) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
11:44:19.0765 6540 ATSwpWDF - ok
11:44:19.0968 6540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:44:19.0984 6540 audstub - ok
11:44:20.0203 6540 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:44:20.0203 6540 b57w2k - ok
11:44:20.0375 6540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:44:20.0375 6540 Beep - ok
11:44:20.0562 6540 black (a0d62e5f0999678ede84dc22757edce9) C:\WINDOWS\system32\drivers\BlackCat.sys
11:44:20.0562 6540 black - ok
11:44:20.0781 6540 btaudio (5bcf6090b825def29065bdbd59691dbe) C:\WINDOWS\system32\drivers\btaudio.sys
11:44:20.0781 6540 btaudio - ok
11:44:20.0953 6540 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
11:44:20.0953 6540 BTDriver - ok
11:44:21.0000 6540 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
11:44:21.0000 6540 BthEnum - ok
11:44:21.0203 6540 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
11:44:21.0218 6540 BTHMODEM - ok
11:44:21.0359 6540 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:44:21.0359 6540 BthPan - ok
11:44:21.0593 6540 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
11:44:21.0593 6540 BTHPORT - ok
11:44:21.0781 6540 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
11:44:21.0781 6540 BTHUSB - ok
11:44:21.0953 6540 BTKRNL (ef5e0de0a7ca2977a9255f36f4d915ab) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:44:21.0953 6540 BTKRNL - ok
11:44:22.0125 6540 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:44:22.0140 6540 BTWDNDIS - ok
11:44:22.0343 6540 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
11:44:22.0343 6540 BTWUSB - ok
11:44:22.0453 6540 catchme - ok
11:44:22.0703 6540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:44:22.0703 6540 cbidf2k - ok
11:44:22.0859 6540 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:44:22.0859 6540 CCDECODE - ok
11:44:22.0968 6540 cd20xrnt - ok
11:44:23.0031 6540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:44:23.0031 6540 Cdaudio - ok
11:44:23.0203 6540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:44:23.0203 6540 Cdfs - ok
11:44:23.0421 6540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:44:23.0421 6540 Cdrom - ok
11:44:23.0640 6540 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
11:44:23.0640 6540 cfwids - ok
11:44:23.0843 6540 Changer - ok
11:44:24.0046 6540 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:44:24.0046 6540 CmBatt - ok
11:44:24.0281 6540 CmdIde - ok
11:44:24.0640 6540 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:44:24.0640 6540 Compbatt - ok
11:44:24.0875 6540 Cpqarray - ok
11:44:25.0093 6540 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
11:44:25.0250 6540 CVirtA - ok
11:44:25.0468 6540 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
11:44:25.0468 6540 CVPNDRVA - ok
11:44:25.0640 6540 dac2w2k - ok
11:44:25.0859 6540 dac960nt - ok
11:44:26.0125 6540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:44:26.0140 6540 Disk - ok
11:44:26.0484 6540 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:44:26.0500 6540 dmboot - ok
11:44:26.0734 6540 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:44:26.0734 6540 dmio - ok
11:44:26.0984 6540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:44:26.0984 6540 dmload - ok
11:44:27.0203 6540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:44:27.0218 6540 DMusic - ok
11:44:27.0515 6540 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
11:44:27.0531 6540 DNE - ok
11:44:27.0718 6540 dpti2o - ok
11:44:27.0953 6540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:44:27.0968 6540 drmkaud - ok
11:44:28.0312 6540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:44:28.0312 6540 Fastfat - ok
11:44:28.0500 6540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:44:28.0500 6540 Fdc - ok
11:44:28.0703 6540 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:44:28.0718 6540 Fips - ok
11:44:29.0015 6540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:44:29.0015 6540 Flpydisk - ok
11:44:29.0265 6540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:44:29.0265 6540 FltMgr - ok
11:44:29.0484 6540 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
11:44:29.0484 6540 fssfltr - ok
11:44:29.0703 6540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:44:29.0703 6540 Fs_Rec - ok
11:44:29.0984 6540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:44:29.0984 6540 Ftdisk - ok
11:44:30.0218 6540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:44:30.0218 6540 GEARAspiWDM - ok
11:44:30.0421 6540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:44:30.0437 6540 Gpc - ok
11:44:30.0640 6540 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
11:44:30.0671 6540 HBtnKey - ok
11:44:30.0875 6540 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:44:30.0890 6540 HDAudBus - ok
11:44:31.0093 6540 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:44:31.0093 6540 HidUsb - ok
11:44:31.0156 6540 hpdskflt (e8a95df23097bca840814d42f2ee5164) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
11:44:31.0156 6540 hpdskflt - ok
11:44:31.0296 6540 hpn - ok
11:44:31.0359 6540 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
11:44:31.0406 6540 HpqKbFiltr - ok
11:44:31.0609 6540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:44:31.0609 6540 HTTP - ok
11:44:31.0765 6540 i2omgmt - ok
11:44:31.0828 6540 i2omp - ok
11:44:31.0875 6540 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:44:31.0890 6540 i8042prt - ok
11:44:32.0296 6540 ialm (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:44:32.0328 6540 ialm - ok
11:44:32.0484 6540 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:44:32.0484 6540 iaStor - ok
11:44:32.0718 6540 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
11:44:32.0718 6540 IFXTPM - ok
11:44:32.0921 6540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:44:32.0921 6540 Imapi - ok
11:44:33.0093 6540 ini910u - ok
11:44:33.0265 6540 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:44:33.0265 6540 IntelIde - ok
11:44:33.0453 6540 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:44:33.0453 6540 intelppm - ok
11:44:33.0593 6540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:44:33.0593 6540 Ip6Fw - ok
11:44:33.0687 6540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:44:33.0687 6540 IpFilterDriver - ok
11:44:33.0843 6540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:44:33.0843 6540 IpInIp - ok
11:44:34.0000 6540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:44:34.0000 6540 IpNat - ok
11:44:34.0218 6540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:44:34.0218 6540 IPSec - ok
11:44:34.0375 6540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:44:34.0375 6540 IRENUM - ok
11:44:34.0531 6540 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:44:34.0531 6540 isapnp - ok
11:44:34.0593 6540 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:44:34.0625 6540 Kbdclass - ok
11:44:34.0890 6540 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:44:34.0890 6540 kbdhid - ok
11:44:35.0078 6540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:44:35.0078 6540 kmixer - ok
11:44:35.0343 6540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:44:35.0343 6540 KSecDD - ok
11:44:35.0531 6540 lbrtfdc - ok
11:44:35.0718 6540 MakoNT (dffaaa01a8c2ee03778a758420c7e78e) C:\WINDOWS\system32\drivers\isskboep.sys
11:44:35.0718 6540 MakoNT - ok
11:44:35.0921 6540 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:44:35.0921 6540 MBAMProtector - ok
11:44:36.0000 6540 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
11:44:36.0000 6540 mfeapfk - ok
11:44:36.0234 6540 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
11:44:36.0234 6540 mfeavfk - ok
11:44:36.0593 6540 mfeavfk01 - ok
11:44:36.0796 6540 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
11:44:36.0796 6540 mfebopk - ok
11:44:37.0031 6540 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
11:44:37.0046 6540 mfefirek - ok
11:44:37.0218 6540 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
11:44:37.0218 6540 mfehidk - ok
11:44:37.0406 6540 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
11:44:37.0406 6540 mfendisk - ok
11:44:37.0406 6540 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
11:44:37.0406 6540 mfendiskmp - ok
11:44:38.0078 6540 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
11:44:38.0093 6540 mferkdet - ok
11:44:38.0312 6540 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
11:44:38.0312 6540 mfetdi2k - ok
11:44:38.0500 6540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:44:38.0500 6540 mnmdd - ok
11:44:38.0671 6540 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:44:38.0671 6540 Modem - ok
11:44:38.0859 6540 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:44:38.0859 6540 Mouclass - ok
11:44:39.0046 6540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:44:39.0046 6540 mouhid - ok
11:44:39.0234 6540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:44:39.0234 6540 MountMgr - ok
11:44:39.0406 6540 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
11:44:39.0531 6540 MQAC - ok
11:44:39.0656 6540 mraid35x - ok
11:44:39.0750 6540 MREMP50 - ok
11:44:39.0765 6540 MREMP50a64 - ok
11:44:39.0765 6540 MREMPR5 - ok
11:44:39.0765 6540 MRENDIS5 - ok
11:44:39.0781 6540 MRESP50 - ok
11:44:39.0781 6540 MRESP50a64 - ok
11:44:39.0937 6540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:44:39.0937 6540 MRxDAV - ok
11:44:40.0078 6540 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:44:40.0078 6540 MRxSmb - ok
11:44:40.0312 6540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:44:40.0312 6540 Msfs - ok
11:44:40.0468 6540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:44:40.0484 6540 MSKSSRV - ok
11:44:40.0875 6540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:44:40.0890 6540 MSPCLOCK - ok
11:44:41.0375 6540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:44:41.0390 6540 MSPQM - ok
11:44:41.0625 6540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:44:41.0625 6540 mssmbios - ok
11:44:41.0828 6540 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:44:41.0828 6540 MSTEE - ok
11:44:41.0890 6540 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:44:41.0890 6540 Mup - ok
11:44:42.0140 6540 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:44:42.0156 6540 NABTSFEC - ok
11:44:42.0421 6540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:44:42.0453 6540 NDIS - ok
11:44:42.0593 6540 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:44:42.0593 6540 NdisIP - ok
11:44:42.0703 6540 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:44:42.0703 6540 NdisTapi - ok
11:44:42.0875 6540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:44:42.0890 6540 Ndisuio - ok
11:44:43.0078 6540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:44:43.0093 6540 NdisWan - ok
11:44:43.0281 6540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:44:43.0281 6540 NDProxy - ok
11:44:43.0359 6540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:44:43.0359 6540 NetBIOS - ok
11:44:43.0562 6540 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:44:43.0562 6540 NetBT - ok
11:44:43.0937 6540 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
11:44:43.0953 6540 NETw5x32 - ok
11:44:44.0156 6540 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:44:44.0156 6540 NIC1394 - ok
11:44:44.0359 6540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:44:44.0359 6540 Npfs - ok
11:44:44.0578 6540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:44:44.0578 6540 Ntfs - ok
11:44:44.0796 6540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:44:44.0796 6540 Null - ok
11:44:44.0968 6540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:44:44.0968 6540 NwlnkFlt - ok
11:44:45.0531 6540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:44:45.0531 6540 NwlnkFwd - ok
11:44:45.0703 6540 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:44:45.0703 6540 ohci1394 - ok
11:44:45.0906 6540 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:44:45.0921 6540 Parport - ok
11:44:46.0109 6540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:44:46.0109 6540 PartMgr - ok
11:44:46.0328 6540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:44:46.0328 6540 ParVdm - ok
11:44:46.0484 6540 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:44:46.0484 6540 PCI - ok
11:44:46.0609 6540 PCIDump - ok
11:44:46.0671 6540 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:44:46.0671 6540 PCIIde - ok
11:44:46.0812 6540 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:44:46.0812 6540 Pcmcia - ok
11:44:46.0828 6540 PDCOMP - ok
11:44:46.0828 6540 PDFRAME - ok
11:44:46.0843 6540 PDRELI - ok
11:44:46.0859 6540 PDRFRAME - ok
11:44:46.0875 6540 perc2 - ok
11:44:46.0875 6540 perc2hib - ok
11:44:46.0937 6540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:44:46.0937 6540 PptpMiniport - ok
11:44:47.0140 6540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:44:47.0140 6540 PSched - ok
11:44:47.0343 6540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:44:47.0343 6540 Ptilink - ok
11:44:47.0531 6540 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:44:47.0531 6540 PxHelp20 - ok
11:44:47.0671 6540 ql1080 - ok
11:44:47.0687 6540 Ql10wnt - ok
11:44:47.0687 6540 ql12160 - ok
11:44:47.0703 6540 ql1240 - ok
11:44:47.0718 6540 ql1280 - ok
11:44:47.0765 6540 rap (b82a399376ead113ed4c0d4df721e7b5) C:\WINDOWS\system32\drivers\RapDrv.sys
11:44:47.0765 6540 rap - ok
11:44:47.0968 6540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:44:47.0968 6540 RasAcd - ok
11:44:48.0171 6540 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:44:48.0171 6540 Rasirda - ok
11:44:48.0359 6540 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:44:48.0375 6540 Rasl2tp - ok
11:44:48.0562 6540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:44:48.0562 6540 RasPppoe - ok
11:44:48.0750 6540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:44:48.0750 6540 Raspti - ok
11:44:48.0937 6540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:44:48.0937 6540 Rdbss - ok
11:44:49.0109 6540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:44:49.0125 6540 RDPCDD - ok
11:44:49.0296 6540 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:44:49.0296 6540 rdpdr - ok
11:44:49.0359 6540 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:44:49.0359 6540 RDPWD - ok
11:44:49.0546 6540 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:44:49.0546 6540 redbook - ok
11:44:49.0609 6540 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
11:44:49.0609 6540 RFCOMM - ok
11:44:49.0843 6540 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
11:44:49.0843 6540 RMCAST - ok
11:44:50.0062 6540 RsvLock (3beefe509c414f3a6e55e5c7c4024581) C:\WINDOWS\system32\drivers\RsvLock.sys
11:44:50.0062 6540 RsvLock - ok
11:44:50.0265 6540 SafeBoot (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\WINDOWS\system32\drivers\SafeBoot.sys
11:44:50.0265 6540 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9
11:44:50.0265 6540 SafeBoot ( LockedFile.Multi.Generic ) - warning
11:44:50.0265 6540 SafeBoot - detected LockedFile.Multi.Generic (1)
11:44:50.0421 6540 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:44:50.0421 6540 SASDIFSV - ok
11:44:50.0468 6540 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
11:44:50.0546 6540 SASENUM - ok
11:44:50.0687 6540 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
11:44:50.0687 6540 SASKUTIL - ok
11:44:50.0875 6540 SbAlg (52dcde2d1787217e15ffdca1cbf8cce9) C:\WINDOWS\system32\drivers\SbAlg.sys
11:44:50.0875 6540 SbAlg - ok
11:44:51.0046 6540 SbFsLock (69a5af9ce49a0982e7ae7c7d62bdb2b1) C:\WINDOWS\system32\drivers\SbFsLock.sys
11:44:51.0046 6540 SbFsLock - ok
11:44:51.0109 6540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:44:51.0125 6540 Secdrv - ok
11:44:51.0296 6540 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:44:51.0296 6540 serenum - ok
11:44:51.0515 6540 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:44:51.0531 6540 Serial - ok
11:44:51.0718 6540 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
11:44:51.0734 6540 SFAUDIO - ok
11:44:51.0890 6540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:44:51.0906 6540 Sfloppy - ok
11:44:52.0031 6540 Simbad - ok
11:44:52.0250 6540 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:44:52.0250 6540 SLIP - ok
11:44:52.0406 6540 SMC2862W (389361ab493b381bd78d7d85c2fae6d2) C:\WINDOWS\system32\DRIVERS\2862WICB.sys
11:44:52.0406 6540 SMC2862W - ok
11:44:52.0562 6540 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:44:52.0609 6540 SMCIRDA - ok
11:44:52.0750 6540 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
11:44:52.0750 6540 SNP2UVC - ok
11:44:52.0875 6540 Sparrow - ok
11:44:52.0953 6540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:44:52.0953 6540 splitter - ok
11:44:53.0156 6540 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:44:53.0156 6540 sr - ok
11:44:53.0375 6540 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:44:53.0390 6540 Srv - ok
11:44:53.0562 6540 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
11:44:53.0609 6540 StillCam - ok
11:44:53.0812 6540 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:44:53.0812 6540 streamip - ok
11:44:53.0968 6540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:44:53.0968 6540 swenum - ok
11:44:54.0125 6540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:44:54.0140 6540 swmidi - ok
11:44:54.0296 6540 symc810 - ok
11:44:54.0296 6540 symc8xx - ok
11:44:54.0312 6540 sym_hi - ok
11:44:54.0328 6540 sym_u3 - ok
11:44:54.0390 6540 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:44:54.0390 6540 SynTP - ok
11:44:54.0593 6540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:44:54.0593 6540 sysaudio - ok
11:44:54.0781 6540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:44:54.0781 6540 Tcpip - ok
11:44:54.0968 6540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:44:54.0968 6540 TDPIPE - ok
11:44:55.0109 6540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:44:55.0125 6540 TDTCP - ok
11:44:55.0281 6540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:44:55.0296 6540 TermDD - ok
11:44:55.0312 6540 TosIde - ok
11:44:55.0359 6540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:44:55.0359 6540 Udfs - ok
11:44:55.0468 6540 ultra - ok
11:44:55.0546 6540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:44:55.0546 6540 Update - ok
11:44:55.0781 6540 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:44:55.0781 6540 usbaudio - ok
11:44:55.0921 6540 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:44:55.0921 6540 usbccgp - ok
11:44:56.0031 6540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:44:56.0031 6540 usbehci - ok
11:44:56.0281 6540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:44:56.0281 6540 usbhub - ok
11:44:56.0453 6540 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:44:56.0453 6540 usbprint - ok
11:44:56.0625 6540 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:44:56.0625 6540 usbscan - ok
11:44:56.0828 6540 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:44:56.0843 6540 USBSTOR - ok
11:44:56.0875 6540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:44:56.0890 6540 usbuhci - ok
11:44:57.0046 6540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:44:57.0046 6540 VgaSave - ok
11:44:57.0250 6540 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:44:57.0250 6540 ViaIde - ok
11:44:57.0421 6540 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:44:57.0421 6540 VolSnap - ok
11:44:57.0625 6540 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
11:44:57.0625 6540 vsdatant - ok
11:44:57.0828 6540 wacmoumonitor (8724531219ae3f9e3729012b61dce527) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
11:44:57.0828 6540 wacmoumonitor - ok
11:44:58.0000 6540 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
11:44:58.0000 6540 wacommousefilter - ok
11:44:58.0078 6540 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
11:44:58.0078 6540 wacomvhid - ok
11:44:58.0484 6540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:44:58.0484 6540 Wanarp - ok
11:44:58.0703 6540 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:44:58.0703 6540 Wdf01000 - ok
11:44:58.0859 6540 WDICA - ok
11:44:58.0921 6540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:44:58.0937 6540 wdmaud - ok
11:44:59.0125 6540 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:44:59.0140 6540 WmiAcpi - ok
11:44:59.0203 6540 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:44:59.0203 6540 WpdUsb - ok
11:44:59.0390 6540 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
11:44:59.0390 6540 WsAudio_DeviceS(1) - ok
11:44:59.0578 6540 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
11:44:59.0578 6540 WsAudio_DeviceS(2) - ok
11:44:59.0765 6540 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
11:44:59.0765 6540 WsAudio_DeviceS(3) - ok
11:44:59.0984 6540 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
11:44:59.0984 6540 WsAudio_DeviceS(4) - ok
11:45:00.0171 6540 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
11:45:00.0171 6540 WsAudio_DeviceS(5) - ok
11:45:00.0390 6540 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:45:00.0406 6540 WSTCODEC - ok
11:45:00.0578 6540 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:45:00.0578 6540 WudfPf - ok
11:45:00.0734 6540 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:45:00.0734 6540 WudfRd - ok
11:45:00.0781 6540 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk0\DR0
11:45:01.0359 6540 \Device\Harddisk0\DR0 - ok
11:45:01.0359 6540 Boot (0x1200) (4a177dd932801643631d97c3866f7950) \Device\Harddisk0\DR0\Partition0
11:45:01.0359 6540 \Device\Harddisk0\DR0\Partition0 - ok
11:45:01.0406 6540 Boot (0x1200) (46f039318c93b816cfecc83c76389b82) \Device\Harddisk0\DR0\Partition1
11:45:01.0406 6540 \Device\Harddisk0\DR0\Partition1 - ok
11:45:01.0406 6540 ============================================================
11:45:01.0406 6540 Scan finished
11:45:01.0406 6540 ============================================================
11:45:01.0421 2044 Detected object count: 1
11:45:01.0421 2044 Actual detected object count: 1
11:45:39.0609 2044 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
11:45:39.0609 2044 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip


-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

FOR ASWMBR

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-23 11:46:31
-----------------------------
11:46:31.031 OS Version: Windows 5.1.2600 Service Pack 3
11:46:31.031 Number of processors: 2 586 0x170A
11:46:31.031 ComputerName: GLV UserName:
11:46:32.468 Initialze error 0
11:51:40.062 AVAST engine defs: 12022300
11:51:58.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:51:58.093 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
11:51:58.140 Disk 0 MBR read successfully
11:51:58.156 Disk 0 MBR scan
11:51:58.250 Disk 0 unknown MBR code
11:51:58.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 475902 MB offset 63
11:51:58.375 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 1027 MB offset 974663550
11:51:58.390 Disk 0 scanning sectors +976768065
11:51:58.453 Disk 0 scanning C:\WINDOWS\system32\drivers
11:51:58.468 Service scanning
11:51:59.437 Modules scanning
11:52:01.515 Disk 0 trace - called modules:
11:52:01.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
11:52:01.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8bad0ab8]
11:52:01.921 3 CLASSPNP.SYS[f74f7fd7] -> nt!IofCallDriver -> [0x8bb0c658]
11:52:01.937 5 hpdskflt.sys[f771833d] -> nt!IofCallDriver -> \Device\000000bf[0x8ba1df18]
11:52:01.953 7 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b455030]
11:52:02.718 AVAST engine scan C:\WINDOWS
11:52:03.296 AVAST engine scan C:\WINDOWS\system32
11:52:04.109 AVAST engine scan C:\WINDOWS\system32\drivers
11:52:04.656 AVAST engine scan C:\Documents and Settings\Administrator
11:52:04.921 AVAST engine scan C:\Documents and Settings\All Users
11:52:04.953 Scan finished successfully
11:52:15.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
11:52:15.171 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

I look forward to hearing from you. Thanks for your help!!! :thumbup2:

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 AM

Posted 23 February 2012 - 12:37 PM

That looks clean

Probably windows firewall issue is blocking mcafee firewall to turn on

Download

Firewall fixit

Run the fixit,restart the PC

Download

Dial-a-fix


Extract and launch the dial-a-fix icon

Click on the tick mark at the bottom

Uncheck empty temp folders and adjust time options

Click on GO option

Allow it to run

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Let me know the issues you face after this

good luck

#5 Almendra

Almendra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 29 February 2012 - 02:01 PM

Hello Narenxp,

I downloaded all the 4 softwares you indicated me. I run firewall fixit and had to remove mcafee so that it could run. After I did that, I tried to uninstall Proventia Desktop protection, but it seems that there are still some traces of this software in my laptop. Thus, the software was not able to repair the firewall settings. Do you have any suggestions on how to delete the Proventia software's traces?

The Dial-a-fix software didn't run appropriately, after run it, it was stocked in some process.

The ESET software gave me the following results:

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgfz5fn4.default\extensions\{1c9cd1db-228c-4436-b62a-5d913c856082}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgfz5fn4.default\extensions\{1c9cd1db-228c-4436-b62a-5d913c856082}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgfz5fn4.default\extensions\{5d090472-950a-4fea-b655-2bca4b018fd2}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgfz5fn4.default\extensions\{5d090472-950a-4fea-b655-2bca4b018fd2}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgfz5fn4.default\extensions\{783c1e88-492a-4a11-a22d-8e0597052872}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgfz5fn4.default\extensions\{783c1e88-492a-4a11-a22d-8e0597052872}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgfz5fn4.default\extensions\{d644a4d3-dbe1-40e5-af3a-f8ef08ae47f1}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mgfz5fn4.default\extensions\{d644a4d3-dbe1-40e5-af3a-f8ef08ae47f1}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\17\41bd3991-7261d9d7 multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\pjbppkmbfhpgpoakgakeamkiofjjefhb\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Rosetta Stone\TOTALe\Content\data\80\a\80a7ffd98927dcdd835a3799ac8b3a8609d410e8 SWF/Exploit.CVE-2007-0071 trojan deleted - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentnmy.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRungbua1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined


I deleted all the quarantined files (just in case). Should I do anything else in this respect?


I have not run TFC yet, I will let you know how this works soon.

Could you please orient me on how to remove the traces of Proventia Desktop (my laptop uses windows XP)? Also, could you tell me whether the files that ESET found are actually harmful to my laptop?

Thanks a lot!!!

:busy:

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:36 AM

Posted 29 February 2012 - 07:32 PM

Try the free version of revo uninstaller to uninstall Proventia Desktop protection

Revo uninstaller

Eset removed trojans which may cause serious consequences later.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users