Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Removal Request


  • This topic is locked This topic is locked
9 replies to this topic

#1 readytojump

readytojump

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 28 February 2012 - 10:50 AM

I am submitting a request for malware removal from my computer. I have prepared all the information and logs as described in the preparation guide.

My Computer specs:
WE: Windows Visa Home Premium sp2
Processor: AMD Athlon IIx4 635 Processor 2.90 GHz
Memory: 2.00 GB
System Type: 32 Bit

My computer running slow and intermittent connection to internet, Linksys wireless adapter kept flashing in the system tray that it needed to be reconnected. I tried to go into task manager to check processes and applications and I couldn't access task manager. Then I knew something was up. Windows security wouldn't run properly, constantly stating that my computer is at risk.

Was able to finally get to the internet and downloaded the malwarebytes program, but I think it was too late. It ran but detected no virus or malware. This morning was able to boot pc but it's slow and windows security still stating that my pc is at risk. below are the results from the logs requested in the preparation guide, thank you in advance for any help you can provide.

1. Downloaded ran the defogger

2. Downloaded and ran the DDS Tool below is the dds.txt, I attached the 'attach.zip' and 'ark.txt':
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 9:04:07 on 2012-02-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.796 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\vVX6000.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Users\Owner\Desktop\Defogger.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl-vpn.clearchannel.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4D51D98A-671B-4F71-AF2B-AF779E550368} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6172A74D-27C3-4B8B-AD78-A285DEDD1D8A} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\8bxd33ih.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/news
FF - prefs.js: keyword.URL - hxxp://searchservices.verizon.com/search/ws.portal?&_nfpb=true&_pageLabel=google_results&rs=&web_search_type=basic&sc=web&clientid=vz-cnsmr-tlbr&channel=Tlbr-v6IE&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\8bxd33ih.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\8bxd33ih.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\sheryl\appdata\roaming\move networks\plugins\npqmp071505000011.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-18 172032]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-27 652360]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-12-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-12-1 185640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 Linksys_adapter;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500vista.sys [2012-1-13 1073216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-27 20464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-2-19 1102848]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-11 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-11 136176]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-1-29 2074480]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-28 12:39:03 -------- d-----w- c:\users\owner\appdata\local\{66D6E201-8485-44EA-B5F6-7B61260F302E}
2012-02-28 12:38:40 -------- d-----w- c:\users\owner\appdata\local\{5B376A0A-EE39-48F4-B139-77D1E6F0D258}
2012-02-28 12:30:55 -------- d-----w- c:\users\owner\appdata\local\{B0A322D3-8534-477F-A01B-FA8813C2039A}
2012-02-28 04:16:05 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{626ff1e2-86ce-4bb0-b30d-f9fbafbc8979}\mpengine.dll
2012-02-28 03:16:46 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-02-28 03:16:33 -------- d-----w- c:\programdata\Malwarebytes
2012-02-28 03:16:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 03:16:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-28 03:07:45 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b8886712-dc06-4be0-94eb-c5aed222e7b4}\mpengine.dll
2012-02-28 00:18:19 -------- d-----w- c:\users\owner\appdata\local\{350091BE-0F7A-4A3F-8EAB-460AF41ACEBE}
2012-02-28 00:17:57 -------- d-----w- c:\users\owner\appdata\local\{BDD9F0CC-91BF-45DC-BF2C-F44A33CBBBC6}
2012-02-27 12:17:32 -------- d-----w- c:\users\owner\appdata\local\{E49E8C41-FEB3-4C5B-BE86-E6D15ACD5773}
2012-02-27 12:17:11 -------- d-----w- c:\users\owner\appdata\local\{421CB751-3FDF-4BBA-AAA3-207B6B9F551D}
2012-02-26 23:47:14 -------- d-----w- c:\users\owner\appdata\local\{DB45AB38-AF27-431C-9C03-9F5816673B73}
2012-02-26 23:46:49 -------- d-----w- c:\users\owner\appdata\local\{FA1766A9-B4FB-44D7-8E8A-B42F598F892E}
2012-02-25 23:10:47 -------- d-----w- c:\users\owner\appdata\local\{3473E4EA-48E8-474E-8E6E-D41713DA08EA}
2012-02-25 23:10:25 -------- d-----w- c:\users\owner\appdata\local\{468E71E9-3D86-4994-B694-4A22469EF5CE}
2012-02-25 01:33:37 -------- d-----w- c:\users\owner\appdata\local\{F5BCE4BB-06E0-441B-BF46-B4A8931F656A}
2012-02-25 01:33:27 -------- d-----w- c:\users\owner\appdata\local\{42893E7B-232B-46EC-A4B7-5FC7632969E1}
2012-02-24 13:21:19 -------- d-----w- c:\users\owner\appdata\local\{AAE07496-BD86-4090-B445-8195C709836A}
2012-02-24 13:21:08 -------- d-----w- c:\users\owner\appdata\local\{3AEA3987-674D-4958-B501-BEDF7AE752DE}
2012-02-24 01:15:00 -------- d-----w- c:\users\owner\appdata\local\{52158BD0-D6D0-4F92-A1D6-01FD13B0C3B6}
2012-02-24 01:14:38 -------- d-----w- c:\users\owner\appdata\local\{0240B443-6D78-44E7-9929-F5C5E114C6A5}
2012-02-23 15:55:53 -------- d-----w- c:\users\owner\appdata\local\YesVideo
2012-02-23 13:14:12 -------- d-----w- c:\users\owner\appdata\local\{0852D5D8-42C6-4769-838D-FBD5B16C51B0}
2012-02-23 13:13:49 -------- d-----w- c:\users\owner\appdata\local\{3327C977-9200-43DB-96BA-C021FB150A68}
2012-02-22 23:33:19 -------- d-----w- c:\users\owner\appdata\local\{34FB07F4-9B94-4831-9659-F2ECA42101BE}
2012-02-22 23:33:01 -------- d-----w- c:\users\owner\appdata\local\{81B904B4-4316-407F-A615-ADB14726CBFD}
2012-02-22 00:54:02 -------- d-----w- c:\users\owner\appdata\local\{505AFB43-34A9-468E-A2AB-BAD7687C2747}
2012-02-22 00:53:37 -------- d-----w- c:\users\owner\appdata\local\{CB5325D5-C99B-4078-9260-7FE1D59CF53A}
2012-02-21 12:53:25 -------- d-----w- c:\users\owner\appdata\local\{F477A56F-D665-418E-A31C-9141B95AD1DC}
2012-02-21 12:53:14 -------- d-----w- c:\users\owner\appdata\local\{71F9EB20-C27E-44E3-AA7B-4E50EF1DA019}
2012-02-20 17:46:12 -------- d-----w- c:\users\owner\appdata\local\{12F71242-5F30-48B7-B8A8-125F3DD13C7B}
2012-02-20 17:45:59 -------- d-----w- c:\users\owner\appdata\local\{2A0FD545-2869-480E-9767-943078C0A6B8}
2012-02-20 02:42:24 -------- d-----w- c:\users\owner\appdata\local\{024F0B9C-7CA3-4C32-ACCF-28023A25524C}
2012-02-20 02:42:03 -------- d-----w- c:\users\owner\appdata\local\{E01F942D-E9D5-46C4-AC45-74CA0F55905F}
2012-02-19 14:41:28 -------- d-----w- c:\users\owner\appdata\local\{83E6DBC1-FA0F-41BC-A88C-C3359CDA7675}
2012-02-19 14:41:16 -------- d-----w- c:\users\owner\appdata\local\{8CE38EB0-987A-4F17-B5C7-1B122DE061D4}
2012-02-19 02:15:36 -------- d-----w- c:\users\owner\appdata\local\{AB00C2B0-AE35-4044-A569-02429E24FBE3}
2012-02-19 02:15:25 -------- d-----w- c:\users\owner\appdata\local\{E18FE1B1-4FF8-41C5-909A-758DFB027D77}
2012-02-18 13:25:54 -------- d-----w- c:\users\owner\appdata\local\{EEC33D43-9D07-4C72-B2B2-5EDD7FD786A1}
2012-02-18 13:25:16 -------- d-----w- c:\users\owner\appdata\local\{927781A2-DE54-4DE5-BA36-294DE9BB7F69}
2012-02-18 02:24:00 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-18 02:24:00 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-18 02:24:00 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-18 02:24:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-18 02:23:59 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-18 02:23:59 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-18 02:23:59 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-18 02:23:59 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-18 02:23:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-18 02:23:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-18 02:23:59 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-18 02:23:59 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-17 23:54:54 -------- d-----w- c:\users\owner\appdata\local\{3FF9FEEB-6163-4069-B511-83491848C230}
2012-02-17 23:54:32 -------- d-----w- c:\users\owner\appdata\local\{F85D5DFD-8DCF-4078-A98D-9C5406A14DD2}
2012-02-17 11:54:07 -------- d-----w- c:\users\owner\appdata\local\{F55CE2D1-E6E5-4DC8-A317-EF7CDD1CA306}
2012-02-17 11:53:45 -------- d-----w- c:\users\owner\appdata\local\{54C05C98-CEBE-4A55-BD85-26C172615B41}
2012-02-16 20:50:55 -------- d-----w- c:\users\owner\appdata\local\{68B5CB79-FCDD-4211-BE49-34EB167195F4}
2012-02-16 20:50:33 -------- d-----w- c:\users\owner\appdata\local\{BD12CBCF-7392-4CB1-880B-3F840C5FCD72}
2012-02-16 01:43:25 -------- d-----w- c:\users\owner\appdata\local\{B0EC79C0-2C2D-4C21-930C-A66F497D66D7}
2012-02-16 01:43:00 -------- d-----w- c:\users\owner\appdata\local\{65F9DC2E-9D8F-4AC3-8657-DE607C6955A9}
2012-02-15 13:55:46 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 13:55:45 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 13:55:43 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-15 13:42:35 -------- d-----w- c:\users\owner\appdata\local\{300CBE5D-95B0-4A98-BCF4-EB8DD54CC99E}
2012-02-15 13:42:13 -------- d-----w- c:\users\owner\appdata\local\{78EA7B54-85FC-414C-B5AF-67BEFF873D12}
2012-02-15 01:08:33 -------- d-----w- c:\users\owner\appdata\local\{254D1687-5181-4D7E-82EF-4881266879B0}
2012-02-15 01:08:11 -------- d-----w- c:\users\owner\appdata\local\{E221F03F-94FC-4497-8680-D122BCC2EC9A}
2012-02-14 13:07:46 -------- d-----w- c:\users\owner\appdata\local\{28A1B08E-5B67-4A65-B9C4-FB510DD3EEE4}
2012-02-14 13:07:37 -------- d-----w- c:\users\owner\appdata\local\{30FD1BAE-868C-4837-8548-AA135EA07435}
2012-02-14 13:07:27 -------- d-----w- c:\users\owner\appdata\local\{BB01C6C8-2E18-4B4E-B6F8-24C92C07054A}
2012-02-14 13:07:06 -------- d-----w- c:\users\owner\appdata\local\{36F09390-4F02-4B3C-AC13-DE67A42D3C6B}
2012-02-14 01:06:40 -------- d-----w- c:\users\owner\appdata\local\{35212A7A-8EFF-4B44-9228-7A79118A7DA0}
2012-02-14 01:06:14 -------- d-----w- c:\users\owner\appdata\local\{FC29E25B-CADA-4AD2-8EDC-8D96B11E422A}
2012-02-13 13:05:47 -------- d-----w- c:\users\owner\appdata\local\{9CC99686-0EB1-4FCB-A167-8A0CE5F11B72}
2012-02-13 13:05:23 -------- d-----w- c:\users\owner\appdata\local\{CAC4A5BB-0522-4157-8D48-60A55780E30A}
2012-02-12 15:41:02 -------- d-----w- c:\users\owner\appdata\local\{E45451FD-A5C6-4C08-93D8-8E91B9DF4AE3}
2012-02-12 15:40:44 -------- d-----w- c:\users\owner\appdata\local\{05D42B2F-E710-48D4-B92C-8FE7DAE1FF43}
2012-02-12 03:16:54 -------- d-----w- c:\users\owner\appdata\local\{6AF97F08-519B-488E-8F02-F1A91465FDA7}
2012-02-12 03:16:34 -------- d-----w- c:\users\owner\appdata\local\{6297337F-0A81-4464-88FB-D7CA01052AF0}
2012-02-11 14:42:57 -------- d-----w- c:\users\owner\appdata\local\{CA2E212C-7FB0-44E9-A8D8-5B3A9654784D}
2012-02-11 14:42:46 -------- d-----w- c:\users\owner\appdata\local\{770FBC1C-2EF6-45B0-9B24-904669DC41CE}
2012-02-11 01:54:09 -------- d-----w- c:\users\owner\appdata\local\{0E5256CD-FA9F-4A72-BD4C-3C09A12188B4}
2012-02-11 01:53:46 -------- d-----w- c:\users\owner\appdata\local\{087EE579-D545-4303-B34C-1267795C312F}
2012-02-11 01:47:06 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{50dd0920-327a-42f4-a4ae-601d0531ad27}\gapaengine.dll
2012-02-10 13:53:35 -------- d-----w- c:\users\owner\appdata\local\{C56987D3-3CE5-4E7E-BA88-E034625D40B2}
2012-02-10 13:53:13 -------- d-----w- c:\users\owner\appdata\local\{6918A420-9616-4742-A431-11FB1A9312D4}
2012-02-10 01:52:47 -------- d-----w- c:\users\owner\appdata\local\{9B8BCF07-798D-4A56-88A7-46904A5B9D4E}
2012-02-10 01:52:25 -------- d-----w- c:\users\owner\appdata\local\{F50799E2-31A1-4C0E-9B34-9052DCCEF00B}
2012-02-09 13:52:13 -------- d-----w- c:\users\owner\appdata\local\{A14D204F-3A8C-4297-9FF1-19C911172489}
2012-02-09 13:52:03 -------- d-----w- c:\users\owner\appdata\local\{1D0BDB14-A791-4767-8D19-11DC5527BD24}
2012-02-09 01:43:06 -------- d-----w- c:\users\owner\appdata\local\{D04CC961-383D-4BE7-B3BD-D5EA2E356A1A}
2012-02-09 01:42:45 -------- d-----w- c:\users\owner\appdata\local\{C006C554-5638-4AB6-A84B-B540A0D89287}
2012-02-08 13:42:20 -------- d-----w- c:\users\owner\appdata\local\{0BE7FCA8-DA4C-4FFD-98E9-7A4E343A96A0}
2012-02-08 13:41:58 -------- d-----w- c:\users\owner\appdata\local\{223E3264-2AB7-4F96-8C2A-E6F80F09C843}
2012-02-08 01:41:33 -------- d-----w- c:\users\owner\appdata\local\{B580D0C3-C812-4FD9-989F-D6C8475FB3BE}
2012-02-08 01:41:11 -------- d-----w- c:\users\owner\appdata\local\{2C4F51A7-14A2-4834-8B49-4DD3AF39791F}
2012-02-07 13:40:58 -------- d-----w- c:\users\owner\appdata\local\{31103747-0BDD-4E99-A9A1-A8D7ABD7BCD4}
2012-02-07 13:40:47 -------- d-----w- c:\users\owner\appdata\local\{F0F1033A-5160-4CD7-BBED-5DAF13087EA1}
2012-02-06 18:04:31 -------- d-----w- c:\users\owner\appdata\local\{482149F8-7161-4B52-8ACC-D15B56FFAADC}
2012-02-06 18:04:20 -------- d-----w- c:\users\owner\appdata\local\{A137CB96-C2CB-4774-810E-1C964AF17584}
2012-02-06 04:07:24 -------- d-----w- c:\users\owner\appdata\local\{35BEBD19-CD86-4E55-9A34-0C5E7D21977E}
2012-02-06 04:07:02 -------- d-----w- c:\users\owner\appdata\local\{9077C8A0-53FC-47B8-A583-BB6D8ED59FDC}
2012-02-05 16:06:50 -------- d-----w- c:\users\owner\appdata\local\{3FEF9BD3-FE5A-48D2-B617-1C87E636E16F}
2012-02-05 16:06:40 -------- d-----w- c:\users\owner\appdata\local\{CB0F6C83-F2B1-46CE-AFE7-C8283673999A}
2012-02-05 03:49:32 -------- d-----w- c:\users\owner\appdata\local\{9D9AF320-42A9-4E42-8EB3-881293A75449}
2012-02-05 03:49:21 -------- d-----w- c:\users\owner\appdata\local\{64B2C791-EBA8-4A20-949C-C69D879EC369}
2012-02-04 15:33:33 -------- d-----w- c:\users\owner\appdata\local\{F6612A75-8F85-427D-B978-393DB0ABF894}
2012-02-04 15:33:22 -------- d-----w- c:\users\owner\appdata\local\{14BD6A1D-219B-4B0F-A79A-A2C79400C82E}
2012-02-04 02:57:21 -------- d-----w- c:\users\owner\appdata\local\{45FACF9A-4776-4CAC-BC54-C5D33952C648}
2012-02-04 02:57:10 -------- d-----w- c:\users\owner\appdata\local\{D979F5D3-D3F3-4E1C-87F0-E47CE68EE5AA}
2012-02-03 14:09:13 -------- d-----w- c:\users\owner\appdata\local\{B5B19AC4-A85F-4CED-86CA-9266EDCC60F0}
2012-02-03 14:08:52 -------- d-----w- c:\users\owner\appdata\local\{A79DEF17-0DF9-4759-BF1A-D3B16E46C903}
2012-02-03 02:08:26 -------- d-----w- c:\users\owner\appdata\local\{FB023F26-F72F-4468-8D95-46FD845C4EEB}
2012-02-03 02:08:00 -------- d-----w- c:\users\owner\appdata\local\{C2761F9A-6151-495F-A3B6-44416AFEEE28}
2012-02-02 14:07:36 -------- d-----w- c:\users\owner\appdata\local\{A938290D-0304-426F-AC7D-34CE6E49D794}
2012-02-02 14:07:15 -------- d-----w- c:\users\owner\appdata\local\{F2C3E676-FA2D-47EB-B19E-F7C466E05D73}
2012-02-02 02:06:50 -------- d-----w- c:\users\owner\appdata\local\{699951A6-4898-4D95-B200-155492676220}
2012-02-02 02:06:27 -------- d-----w- c:\users\owner\appdata\local\{77D30A29-109D-4783-9636-2DAADEEA2BB2}
2012-02-01 14:06:04 -------- d-----w- c:\users\owner\appdata\local\{8BA95896-C0C0-4ED1-925D-548ED3B0C42E}
2012-02-01 14:05:53 -------- d-----w- c:\users\owner\appdata\local\{EAA6A879-E6C1-457E-9661-4DD178DE7704}
2012-01-31 15:58:06 -------- d-----w- c:\users\owner\appdata\local\{0CA35350-540D-415E-A72F-CAC98CDDC543}
2012-01-31 15:57:45 -------- d-----w- c:\users\owner\appdata\local\{4E173473-A7FE-42CB-88B8-08A68EB84807}
2012-01-31 03:57:21 -------- d-----w- c:\users\owner\appdata\local\{752EB509-270C-4C08-9D1C-AACFAB500953}
2012-01-31 03:57:00 -------- d-----w- c:\users\owner\appdata\local\{CBA0D874-98C3-452F-9894-D8BC610748D6}
2012-01-30 15:49:56 -------- d-----w- c:\users\owner\appdata\local\{347A3D7E-6C09-474F-ADE2-A5BD3929E4EC}
2012-01-30 15:49:29 -------- d-----w- c:\users\owner\appdata\local\{67B41C88-870C-414B-B410-FA1492FD9B15}
2012-01-30 03:49:00 -------- d-----w- c:\users\owner\appdata\local\{28E4B600-82A6-4CA6-BDF0-2FDCE9B4F093}
2012-01-30 03:48:37 -------- d-----w- c:\users\owner\appdata\local\{5950FC44-FE5B-4248-BB4C-C3613FD3C1C9}
2012-01-29 15:48:11 -------- d-----w- c:\users\owner\appdata\local\{797782C9-D778-47A8-AD7F-9AF9AA06AE9A}
2012-01-29 15:47:44 -------- d-----w- c:\users\owner\appdata\local\{EB12F05E-1EE4-4951-B964-A2021F4CD4C4}
.
==================== Find3M ====================
.
2012-02-19 23:10:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-18 13:26:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-29 10:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-07 00:11:28 103720 ----a-w- c:\users\owner\GoToAssistDownloadHelper.exe
2012-01-06 17:41:00 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-01-06 17:41:00 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-12-06 17:37:46 9795072 ----a-w- c:\windows\VerizonDM.msi
.
============= FINISH: 9:04:56.27 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:49 AM

Posted 02 March 2012 - 10:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 readytojump

readytojump
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 02 March 2012 - 09:30 PM

Good Evening and thank you for helping me,

I ran the TDSSKiller.exe and nothing was found. I did not attach the log. I ran the aswMBR.exe and log is below and the zipped .dat is attached.

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-02 20:50:38
-----------------------------
20:50:38.253 OS Version: Windows 6.0.6002 Service Pack 2
20:50:38.253 Number of processors: 4 586 0x502
20:50:38.254 ComputerName: OWNER-PC UserName: Owner
20:50:44.703 Initialize success
20:52:10.832 AVAST engine defs: 12030201
20:52:19.038 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
20:52:19.039 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
20:52:19.050 Disk 0 MBR read successfully
20:52:19.052 Disk 0 MBR scan
20:52:19.070 Disk 0 Windows VISTA default MBR code
20:52:19.081 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
20:52:19.095 Disk 0 scanning sectors +1953521664
20:52:19.361 Disk 0 scanning C:\Windows\system32\drivers
20:52:38.573 Service scanning
20:52:50.372 Service MpKslca35531c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE070747-587D-4028-8B4A-A140F04FB4A4}\MpKslca35531c.sys **LOCKED** 32
20:52:50.428 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:53:07.161 Modules scanning
20:53:10.473 Disk 0 trace - called modules:
20:53:10.492 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:53:10.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859faac8]
20:53:10.502 3 CLASSPNP.SYS[879ac8b3] -> nt!IofCallDriver -> [0x85069da8]
20:53:10.506 5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x85071030]
20:53:14.580 AVAST engine scan C:\Windows
20:53:18.152 AVAST engine scan C:\Windows\system32
20:57:43.262 AVAST engine scan C:\Windows\system32\drivers
20:58:10.656 AVAST engine scan C:\Users\Owner
21:19:37.746 AVAST engine scan C:\ProgramData
21:21:09.865 Scan finished successfully
21:24:45.308 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
21:24:45.323 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


Attached File  MBR.zip   542bytes   0 downloads

#4 readytojump

readytojump
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 02 March 2012 - 09:34 PM

Even though there were nothing found during the TDSSKiller scan I figured I should still post the report log. Here you go.


21:32:37.0408 5576 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:32:37.0906 5576 ============================================================
21:32:37.0906 5576 Current date / time: 2012/03/02 21:32:37.0906
21:32:37.0906 5576 SystemInfo:
21:32:37.0906 5576
21:32:37.0906 5576 OS Version: 6.0.6002 ServicePack: 2.0
21:32:37.0906 5576 Product type: Workstation
21:32:37.0906 5576 ComputerName: OWNER-PC
21:32:37.0906 5576 UserName: Owner
21:32:37.0906 5576 Windows directory: C:\Windows
21:32:37.0906 5576 System windows directory: C:\Windows
21:32:37.0906 5576 Processor architecture: Intel x86
21:32:37.0906 5576 Number of processors: 4
21:32:37.0906 5576 Page size: 0x1000
21:32:37.0906 5576 Boot type: Normal boot
21:32:37.0906 5576 ============================================================
21:32:38.0806 5576 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:32:38.0847 5576 \Device\Harddisk0\DR0:
21:32:38.0847 5576 MBR used
21:32:38.0847 5576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:32:38.0878 5576 Initialize success
21:32:38.0878 5576 ============================================================
21:32:40.0474 5428 ============================================================
21:32:40.0474 5428 Scan started
21:32:40.0474 5428 Mode: Manual;
21:32:40.0474 5428 ============================================================
21:32:41.0546 5428 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:32:41.0549 5428 ACPI - ok
21:32:41.0583 5428 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:32:41.0589 5428 adp94xx - ok
21:32:41.0603 5428 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:32:41.0606 5428 adpahci - ok
21:32:41.0635 5428 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:32:41.0638 5428 adpu160m - ok
21:32:41.0652 5428 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:32:41.0654 5428 adpu320 - ok
21:32:41.0716 5428 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:32:41.0721 5428 AFD - ok
21:32:41.0739 5428 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:32:41.0740 5428 agp440 - ok
21:32:41.0777 5428 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:32:41.0778 5428 aic78xx - ok
21:32:41.0801 5428 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:32:41.0802 5428 aliide - ok
21:32:41.0827 5428 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:32:41.0829 5428 amdagp - ok
21:32:41.0840 5428 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:32:41.0841 5428 amdide - ok
21:32:41.0852 5428 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:32:41.0854 5428 AmdK7 - ok
21:32:41.0865 5428 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:32:41.0867 5428 AmdK8 - ok
21:32:41.0896 5428 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:32:41.0897 5428 arc - ok
21:32:41.0910 5428 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:32:41.0912 5428 arcsas - ok
21:32:41.0950 5428 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
21:32:41.0950 5428 AsIO - ok
21:32:41.0986 5428 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:32:41.0987 5428 AsyncMac - ok
21:32:41.0995 5428 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:32:41.0996 5428 atapi - ok
21:32:42.0078 5428 AtiHdmiService (4995e9945ac009112b0a87dae0cb51d4) C:\Windows\system32\drivers\AtiHdmi.sys
21:32:42.0087 5428 AtiHdmiService - ok
21:32:42.0178 5428 atikmdag (0de68656c14d4338f2d2cff697674374) C:\Windows\system32\DRIVERS\atikmdag.sys
21:32:42.0246 5428 atikmdag - ok
21:32:42.0281 5428 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:32:42.0282 5428 AtiPcie - ok
21:32:42.0318 5428 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:32:42.0318 5428 Beep - ok
21:32:42.0344 5428 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:32:42.0345 5428 blbdrive - ok
21:32:42.0400 5428 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:32:42.0401 5428 bowser - ok
21:32:42.0426 5428 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:32:42.0427 5428 BrFiltLo - ok
21:32:42.0441 5428 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:32:42.0442 5428 BrFiltUp - ok
21:32:42.0472 5428 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:32:42.0474 5428 Brserid - ok
21:32:42.0489 5428 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:32:42.0491 5428 BrSerWdm - ok
21:32:42.0501 5428 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:32:42.0502 5428 BrUsbMdm - ok
21:32:42.0518 5428 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:32:42.0518 5428 BrUsbSer - ok
21:32:42.0534 5428 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:32:42.0536 5428 BTHMODEM - ok
21:32:42.0557 5428 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:32:42.0558 5428 cdfs - ok
21:32:42.0608 5428 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:32:42.0610 5428 cdrom - ok
21:32:42.0638 5428 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:32:42.0640 5428 circlass - ok
21:32:42.0683 5428 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:32:42.0687 5428 CLFS - ok
21:32:42.0705 5428 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:32:42.0706 5428 cmdide - ok
21:32:42.0720 5428 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:32:42.0722 5428 Compbatt - ok
21:32:42.0732 5428 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:32:42.0734 5428 crcdisk - ok
21:32:42.0768 5428 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:32:42.0781 5428 Crusoe - ok
21:32:42.0835 5428 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:32:42.0836 5428 DfsC - ok
21:32:42.0906 5428 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:32:42.0907 5428 disk - ok
21:32:42.0962 5428 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:32:42.0963 5428 drmkaud - ok
21:32:42.0979 5428 dsNcAdpt - ok
21:32:43.0018 5428 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:32:43.0025 5428 DXGKrnl - ok
21:32:43.0045 5428 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:32:43.0047 5428 E1G60 - ok
21:32:43.0082 5428 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:32:43.0085 5428 Ecache - ok
21:32:43.0126 5428 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:32:43.0130 5428 elxstor - ok
21:32:43.0145 5428 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:32:43.0146 5428 ErrDev - ok
21:32:43.0236 5428 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:32:43.0237 5428 exfat - ok
21:32:43.0310 5428 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:32:43.0313 5428 fastfat - ok
21:32:43.0344 5428 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:32:43.0345 5428 fdc - ok
21:32:43.0360 5428 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:32:43.0361 5428 FileInfo - ok
21:32:43.0377 5428 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:32:43.0378 5428 Filetrace - ok
21:32:43.0389 5428 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:32:43.0391 5428 flpydisk - ok
21:32:43.0402 5428 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:32:43.0406 5428 FltMgr - ok
21:32:43.0431 5428 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:32:43.0432 5428 Fs_Rec - ok
21:32:43.0448 5428 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:32:43.0449 5428 gagp30kx - ok
21:32:43.0484 5428 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:32:43.0486 5428 GEARAspiWDM - ok
21:32:43.0531 5428 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:32:43.0534 5428 HdAudAddService - ok
21:32:43.0599 5428 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:32:43.0606 5428 HDAudBus - ok
21:32:43.0619 5428 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:32:43.0620 5428 HidBth - ok
21:32:43.0636 5428 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:32:43.0638 5428 HidIr - ok
21:32:43.0670 5428 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:32:43.0671 5428 HidUsb - ok
21:32:43.0698 5428 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:32:43.0710 5428 HpCISSs - ok
21:32:43.0802 5428 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:32:43.0815 5428 HTTP - ok
21:32:43.0833 5428 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:32:43.0835 5428 i2omp - ok
21:32:43.0862 5428 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:32:43.0864 5428 i8042prt - ok
21:32:43.0886 5428 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:32:43.0890 5428 iaStorV - ok
21:32:43.0913 5428 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:32:43.0914 5428 iirsp - ok
21:32:43.0944 5428 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:32:43.0945 5428 intelide - ok
21:32:43.0965 5428 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:32:43.0966 5428 intelppm - ok
21:32:43.0992 5428 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:32:43.0993 5428 IpFilterDriver - ok
21:32:44.0004 5428 IpInIp - ok
21:32:44.0021 5428 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:32:44.0023 5428 IPMIDRV - ok
21:32:44.0038 5428 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:32:44.0041 5428 IPNAT - ok
21:32:44.0139 5428 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:32:44.0157 5428 IRENUM - ok
21:32:44.0173 5428 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:32:44.0174 5428 isapnp - ok
21:32:44.0239 5428 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:32:44.0255 5428 iScsiPrt - ok
21:32:44.0274 5428 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:32:44.0275 5428 iteatapi - ok
21:32:44.0294 5428 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:32:44.0295 5428 iteraid - ok
21:32:44.0308 5428 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:32:44.0309 5428 kbdclass - ok
21:32:44.0336 5428 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:32:44.0337 5428 kbdhid - ok
21:32:44.0386 5428 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:32:44.0391 5428 KSecDD - ok
21:32:44.0462 5428 Linksys_adapter (ba8494fe6ee119aad2505a57058b282e) C:\Windows\system32\DRIVERS\AE2500vista.sys
21:32:44.0488 5428 Linksys_adapter - ok
21:32:44.0505 5428 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:32:44.0507 5428 lltdio - ok
21:32:44.0539 5428 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:32:44.0541 5428 LSI_FC - ok
21:32:44.0554 5428 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:32:44.0556 5428 LSI_SAS - ok
21:32:44.0568 5428 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:32:44.0570 5428 LSI_SCSI - ok
21:32:44.0579 5428 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:32:44.0581 5428 luafv - ok
21:32:44.0649 5428 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:32:44.0650 5428 MBAMProtector - ok
21:32:44.0670 5428 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:32:44.0671 5428 megasas - ok
21:32:44.0692 5428 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:32:44.0697 5428 MegaSR - ok
21:32:44.0720 5428 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:32:44.0722 5428 Modem - ok
21:32:44.0750 5428 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:32:44.0751 5428 monitor - ok
21:32:44.0759 5428 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:32:44.0761 5428 mouclass - ok
21:32:44.0770 5428 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:32:44.0771 5428 mouhid - ok
21:32:44.0782 5428 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:32:44.0784 5428 MountMgr - ok
21:32:44.0838 5428 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:32:44.0847 5428 MpFilter - ok
21:32:44.0866 5428 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:32:44.0868 5428 mpio - ok
21:32:45.0028 5428 MpKslca35531c (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE070747-587D-4028-8B4A-A140F04FB4A4}\MpKslca35531c.sys
21:32:45.0028 5428 MpKslca35531c - ok
21:32:45.0046 5428 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:32:45.0047 5428 MpNWMon - ok
21:32:45.0064 5428 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:32:45.0065 5428 mpsdrv - ok
21:32:45.0095 5428 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:32:45.0097 5428 Mraid35x - ok
21:32:45.0143 5428 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:32:45.0150 5428 MRxDAV - ok
21:32:45.0180 5428 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:32:45.0181 5428 mrxsmb - ok
21:32:45.0216 5428 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:32:45.0218 5428 mrxsmb10 - ok
21:32:45.0228 5428 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:32:45.0230 5428 mrxsmb20 - ok
21:32:45.0243 5428 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:32:45.0244 5428 msahci - ok
21:32:45.0259 5428 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:32:45.0261 5428 msdsm - ok
21:32:45.0279 5428 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:32:45.0280 5428 Msfs - ok
21:32:45.0298 5428 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:32:45.0299 5428 msisadrv - ok
21:32:45.0345 5428 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:32:45.0346 5428 MSKSSRV - ok
21:32:45.0363 5428 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:32:45.0364 5428 MSPCLOCK - ok
21:32:45.0377 5428 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:32:45.0378 5428 MSPQM - ok
21:32:45.0404 5428 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:32:45.0407 5428 MsRPC - ok
21:32:45.0435 5428 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:32:45.0436 5428 mssmbios - ok
21:32:45.0445 5428 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:32:45.0446 5428 MSTEE - ok
21:32:45.0480 5428 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
21:32:45.0481 5428 MTsensor - ok
21:32:45.0512 5428 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:32:45.0513 5428 Mup - ok
21:32:45.0551 5428 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:32:45.0553 5428 NativeWifiP - ok
21:32:45.0595 5428 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:32:45.0602 5428 NDIS - ok
21:32:45.0611 5428 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:32:45.0612 5428 NdisTapi - ok
21:32:45.0630 5428 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:32:45.0635 5428 Ndisuio - ok
21:32:45.0666 5428 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:32:45.0668 5428 NdisWan - ok
21:32:45.0684 5428 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:32:45.0688 5428 NDProxy - ok
21:32:45.0697 5428 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:32:45.0698 5428 NetBIOS - ok
21:32:45.0749 5428 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:32:45.0752 5428 netbt - ok
21:32:45.0768 5428 netr28u - ok
21:32:45.0795 5428 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:32:45.0797 5428 nfrd960 - ok
21:32:45.0850 5428 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:32:45.0857 5428 NisDrv - ok
21:32:45.0906 5428 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:32:45.0907 5428 Npfs - ok
21:32:45.0931 5428 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:32:45.0932 5428 nsiproxy - ok
21:32:46.0006 5428 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:32:46.0031 5428 Ntfs - ok
21:32:46.0047 5428 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:32:46.0048 5428 ntrigdigi - ok
21:32:46.0063 5428 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:32:46.0063 5428 Null - ok
21:32:46.0078 5428 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:32:46.0080 5428 nvraid - ok
21:32:46.0093 5428 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:32:46.0094 5428 nvstor - ok
21:32:46.0114 5428 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:32:46.0116 5428 nv_agp - ok
21:32:46.0125 5428 NwlnkFlt - ok
21:32:46.0135 5428 NwlnkFwd - ok
21:32:46.0156 5428 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:32:46.0158 5428 ohci1394 - ok
21:32:46.0206 5428 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
21:32:46.0291 5428 Parport - ok
21:32:46.0346 5428 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:32:46.0704 5428 partmgr - ok
21:32:46.0727 5428 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
21:32:46.0728 5428 Parvdm - ok
21:32:46.0774 5428 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:32:46.0776 5428 pci - ok
21:32:46.0826 5428 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:32:46.0827 5428 pciide - ok
21:32:46.0848 5428 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:32:46.0850 5428 pcmcia - ok
21:32:46.0884 5428 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:32:46.0895 5428 PEAUTH - ok
21:32:46.0944 5428 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:32:46.0945 5428 PptpMiniport - ok
21:32:46.0963 5428 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
21:32:46.0964 5428 Processor - ok
21:32:47.0094 5428 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:32:47.0106 5428 PSched - ok
21:32:47.0149 5428 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:32:47.0166 5428 ql2300 - ok
21:32:47.0185 5428 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:32:47.0187 5428 ql40xx - ok
21:32:47.0209 5428 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:32:47.0210 5428 QWAVEdrv - ok
21:32:47.0223 5428 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:32:47.0224 5428 RasAcd - ok
21:32:47.0239 5428 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:32:47.0242 5428 Rasl2tp - ok
21:32:47.0272 5428 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:32:47.0273 5428 RasPppoe - ok
21:32:47.0319 5428 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:32:47.0330 5428 RasSstp - ok
21:32:47.0376 5428 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:32:47.0379 5428 rdbss - ok
21:32:47.0388 5428 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:32:47.0389 5428 RDPCDD - ok
21:32:47.0453 5428 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:32:47.0462 5428 rdpdr - ok
21:32:47.0470 5428 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:32:47.0472 5428 RDPENCDD - ok
21:32:47.0531 5428 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:32:47.0534 5428 RDPWD - ok
21:32:47.0563 5428 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:32:47.0565 5428 rspndr - ok
21:32:47.0591 5428 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:32:47.0595 5428 RTL8169 - ok
21:32:47.0721 5428 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:32:47.0733 5428 SASDIFSV - ok
21:32:47.0795 5428 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:32:47.0797 5428 SASKUTIL - ok
21:32:47.0809 5428 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:32:47.0811 5428 sbp2port - ok
21:32:47.0840 5428 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:32:47.0841 5428 secdrv - ok
21:32:47.0865 5428 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:32:47.0866 5428 Serenum - ok
21:32:47.0886 5428 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:32:47.0888 5428 Serial - ok
21:32:47.0914 5428 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:32:47.0915 5428 sermouse - ok
21:32:47.0940 5428 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:32:47.0941 5428 sffdisk - ok
21:32:47.0967 5428 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:32:47.0968 5428 sffp_mmc - ok
21:32:47.0985 5428 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:32:47.0986 5428 sffp_sd - ok
21:32:47.0995 5428 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:32:47.0996 5428 sfloppy - ok
21:32:48.0018 5428 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:32:48.0019 5428 sisagp - ok
21:32:48.0038 5428 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:32:48.0039 5428 SiSRaid2 - ok
21:32:48.0054 5428 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:32:48.0056 5428 SiSRaid4 - ok
21:32:48.0127 5428 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:32:48.0136 5428 Smb - ok
21:32:48.0155 5428 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:32:48.0156 5428 spldr - ok
21:32:48.0247 5428 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:32:48.0259 5428 srv - ok
21:32:48.0309 5428 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:32:48.0312 5428 srv2 - ok
21:32:48.0358 5428 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:32:48.0360 5428 srvnet - ok
21:32:48.0379 5428 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:32:48.0380 5428 swenum - ok
21:32:48.0397 5428 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:32:48.0398 5428 Symc8xx - ok
21:32:48.0417 5428 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:32:48.0418 5428 Sym_hi - ok
21:32:48.0429 5428 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:32:48.0431 5428 Sym_u3 - ok
21:32:48.0508 5428 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
21:32:48.0518 5428 Tcpip - ok
21:32:48.0538 5428 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
21:32:48.0545 5428 Tcpip6 - ok
21:32:48.0566 5428 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
21:32:48.0567 5428 tcpipreg - ok
21:32:48.0579 5428 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:32:48.0580 5428 TDPIPE - ok
21:32:48.0591 5428 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:32:48.0593 5428 TDTCP - ok
21:32:48.0619 5428 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:32:48.0621 5428 tdx - ok
21:32:48.0657 5428 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:32:48.0658 5428 TermDD - ok
21:32:48.0693 5428 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:32:48.0695 5428 tssecsrv - ok
21:32:48.0761 5428 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:32:48.0763 5428 tunmp - ok
21:32:48.0771 5428 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
21:32:48.0773 5428 tunnel - ok
21:32:48.0791 5428 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:32:48.0792 5428 uagp35 - ok
21:32:48.0811 5428 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:32:48.0814 5428 udfs - ok
21:32:48.0837 5428 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:32:48.0840 5428 uliagpkx - ok
21:32:48.0860 5428 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:32:48.0863 5428 uliahci - ok
21:32:48.0882 5428 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:32:48.0884 5428 UlSata - ok
21:32:48.0900 5428 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:32:48.0902 5428 ulsata2 - ok
21:32:48.0919 5428 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:32:48.0920 5428 umbus - ok
21:32:48.0971 5428 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:32:48.0973 5428 USBAAPL - ok
21:32:49.0032 5428 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:32:49.0034 5428 usbaudio - ok
21:32:49.0081 5428 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:32:49.0083 5428 usbccgp - ok
21:32:49.0096 5428 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:32:49.0097 5428 usbcir - ok
21:32:49.0150 5428 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:32:49.0152 5428 usbehci - ok
21:32:49.0226 5428 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:32:49.0240 5428 usbhub - ok
21:32:49.0282 5428 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:32:49.0283 5428 usbohci - ok
21:32:49.0325 5428 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:32:49.0326 5428 usbprint - ok
21:32:49.0378 5428 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:32:49.0379 5428 usbscan - ok
21:32:49.0419 5428 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:32:49.0421 5428 USBSTOR - ok
21:32:49.0447 5428 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:32:49.0448 5428 usbuhci - ok
21:32:49.0472 5428 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:32:49.0474 5428 vga - ok
21:32:49.0489 5428 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:32:49.0491 5428 VgaSave - ok
21:32:49.0513 5428 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:32:49.0515 5428 viaagp - ok
21:32:49.0524 5428 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:32:49.0526 5428 ViaC7 - ok
21:32:49.0585 5428 VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
21:32:49.0602 5428 VIAHdAudAddService - ok
21:32:49.0615 5428 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:32:49.0617 5428 viaide - ok
21:32:49.0627 5428 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:32:49.0628 5428 volmgr - ok
21:32:49.0702 5428 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:32:49.0706 5428 volmgrx - ok
21:32:49.0717 5428 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:32:49.0721 5428 volsnap - ok
21:32:49.0749 5428 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:32:49.0751 5428 vsmraid - ok
21:32:49.0841 5428 VX6000 (719bac5b5a9c2c1fdf7323fb7e36ca32) C:\Windows\system32\DRIVERS\VX6000Xp.sys
21:32:49.0854 5428 VX6000 - ok
21:32:49.0883 5428 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:32:49.0884 5428 WacomPen - ok
21:32:49.0898 5428 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:32:49.0899 5428 Wanarp - ok
21:32:49.0914 5428 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:32:49.0915 5428 Wanarpv6 - ok
21:32:49.0935 5428 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:32:49.0937 5428 Wd - ok
21:32:49.0977 5428 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
21:32:49.0978 5428 WDC_SAM - ok
21:32:49.0999 5428 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:32:50.0007 5428 Wdf01000 - ok
21:32:50.0085 5428 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:32:50.0086 5428 WmiAcpi - ok
21:32:50.0144 5428 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:32:50.0146 5428 WpdUsb - ok
21:32:50.0158 5428 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:32:50.0159 5428 ws2ifsl - ok
21:32:50.0189 5428 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:32:50.0192 5428 WUDFRd - ok
21:32:50.0236 5428 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:32:50.0293 5428 \Device\Harddisk0\DR0 - ok
21:32:50.0301 5428 Boot (0x1200) (eefae64ace3675949645ebbbcf9a43a2) \Device\Harddisk0\DR0\Partition0
21:32:50.0302 5428 \Device\Harddisk0\DR0\Partition0 - ok
21:32:50.0303 5428 ============================================================
21:32:50.0303 5428 Scan finished
21:32:50.0303 5428 ============================================================
21:32:50.0318 4868 Detected object count: 0
21:32:50.0318 4868 Actual detected object count: 0

Edited by readytojump, 02 March 2012 - 09:35 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:49 AM

Posted 03 March 2012 - 08:21 AM

This is good. Now you can safely run these tools.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#6 readytojump

readytojump
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 03 March 2012 - 10:05 PM

Good Evening Nasdaq,

Thank you for your help with my request. Per your last instructions here are the logs from Combofix.exe and Security Check. Not sure if I was supposed to add the logs to this reply or attach them. I have attached the Combofix.txt and the checkup.txt.

Additionally, the 'defogger' is still activated and states that I should not disable it until I received instruction from you.

Thanks again
rtj

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:49 AM

Posted 04 March 2012 - 10:45 AM

Your logs are clean.

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please let me know what problem persists.

#8 readytojump

readytojump
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 04 March 2012 - 08:34 PM

Good Evening Nasdaq,

Everything seems to be fine. I thank you again. Should I now deactivate the 'defogger'? Can I uninstall all the programs that I installed for the cleanup or shall I just leave them in a folder? Additionally, your feed back would be greatly appreciated regarding which antivirus software program I should continue to utilize i.e. Malwarebytes or SuperAntiSpyware (are they both equally suitable?)or should I continue to use Microsoft Windows Security Essentials.

Thank you,
rtj

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:49 AM

Posted 06 March 2012 - 11:11 AM

Sorry for this delay.

HOW TO: Enable the CD Emulators...

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:49 AM

Posted 12 March 2012 - 08:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users