SMART HDD Security Shield lingering issues

starvinmarvin · Jun 6, 2012

Hi, and thanks for taking a look. Been trying to scrub SMHDD/SecShield and got most, but not all out. Run several scans with GMER, NPE, HitmanPro, MBAM. Still don't trust it, bec when I run RKill it still kills explorer.exe and System32\rundll32.exe.

NPE got most of the nasty stuff, but a subsequent MBAM still came up with 18 infections. Ran NPE again and MBAM came up with zero, but RKill still shot those two. There was something in explorer.exe (it was chewing up memory) but that seems gone.

Any thoughts on how I can try to get an all-clear? Thanks again for your help...

Jack · Jun 6, 2012

Lets check and see what's going on!

Download and run OTL
Download OldTimer from here then click on it to run it.
Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

Code:

%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please attach them in your next reply.

starvinmarvin · Jun 7, 2012

[attachment=1291][attachment=1292]

Jack said:
Lets check and see what's going on!

Download and run OTL
Download OldTimer from here then click on it to run it.
Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

Code:

%SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*.exe %APPDATA%\*. /md5start atapi.sys explorer.exe winlogon.exe Userinit.exe svchost.exe csrss.exe PrintIsolationHost.exe consrv.dll /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please attach them in your next reply.

Ran the scan and added the attachments...thanks

Jack · Jun 9, 2012

Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Step 1 : Download and run Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

Step 2 : Download and run OTL
You've already downloaded OTL (Download link is here) so just double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

Code:

%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please attach them in your next reply.

starvinmarvin · Jun 9, 2012

Ran Combofix and OTL - OTL did not produce extras log, attaching CF and OTL logs - thanks.

Jack said:
Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.

The fixes are specific to your problem and should only be used for this issue on this machine!

The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.

If you don't know, stop and ask! Don't keep going on.

Please reply to this thread. Do not start a new topic.

Refrain from running self fixes as this will hinder the malware removal process.

It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Step 1 : Download and run Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

Accept the disclaimer and allow to update if it asks

When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

Step 2 : Download and run OTL
You've already downloaded OTL (Download link is here) so just double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

Code:

%SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*.exe %APPDATA%\*. /md5start atapi.sys explorer.exe winlogon.exe Userinit.exe svchost.exe csrss.exe PrintIsolationHost.exe consrv.dll /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please attach them in your next reply.

starvinmarvin · Jun 9, 2012

Sorry - getting used to this format and have been posting replies at the beg of your post instead of the end...

Jack · Jun 10, 2012

Download <a href="http://public.avast.com/~gmerek/aswMBR.exe" target="_blank">aswMBR</a> to your desktop.
Double click the <>aswMBR.exe</> to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "<>Scan</>" button to start scan.
On completion of the scan click "<>Save log</>", save it to your desktop and post in your next reply.

NOTE. aswMBR will create <>MBR.dat</> file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download <a href="http://www.smartestcomputing.us.com/files/file/11-bootkit-remover/" target="_blank">Bootkit Remover</a> to your desktop.
<ul>
<li>Unzip downloaded file to your Desktop.</li>
<li>Double-click on <>boot_cleaner.exe</> to run the program (Vista/7 users,right click on <>boot_cleaner.exe</> and click <>Run As Administrator</>).</li>
<li>It will show a Black screen with some data on it.</li>
<li>Right click on the screen and click <>Select All</>.</li>
<li>Press CTRL+C</li>
<li>Open a Notepad and press CTRL+V</li>
<li>Post the output back here.</li>
</ul>

=================================================================

Download the latest version of TDSSKiller from here and save it to your Desktop.

http://support.kaspersky.com/viruses/utility

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Click the Start Scan button.

If a suspicious object is detected, the default action will be Skip, click on Continue.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.If TDSS File system is found it can be deleted.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

=================================================================
Download and run OTL
You've already downloaded OTL (Download link is here) so just double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

Code:

%SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*.exe %APPDATA%\*. /md5start atapi.sys explorer.exe winlogon.exe Userinit.exe svchost.exe csrss.exe PrintIsolationHost.exe consrv.dll /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please attach them in your next reply.

starvinmarvin · Jun 11, 2012

Jack said:
Download <a href="http://public.avast.com/~gmerek/aswMBR.exe" target="_blank">aswMBR</a> to your desktop.
Double click the <>aswMBR.exe</> to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "<>Scan</>" button to start scan.
On completion of the scan click "<>Save log</>", save it to your desktop and post in your next reply.

NOTE. aswMBR will create <>MBR.dat</> file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download <a href="http://www.smartestcomputing.us.com/files/file/11-bootkit-remover/" target="_blank">Bootkit Remover</a> to your desktop.
<ul>
<li>Unzip downloaded file to your Desktop.</li>
<li>Double-click on <>boot_cleaner.exe</> to run the program (Vista/7 users,right click on <>boot_cleaner.exe</> and click <>Run As Administrator</>).</li>
<li>It will show a Black screen with some data on it.</li>
<li>Right click on the screen and click <>Select All</>.</li>
<li>Press CTRL+C</li>
<li>Open a Notepad and press CTRL+V</li>
<li>Post the output back here.</li>
</ul>

=================================================================

Download the latest version of TDSSKiller from here and save it to your Desktop.

http://support.kaspersky.com/viruses/utility

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Click the Start Scan button.

If a suspicious object is detected, the default action will be Skip, click on Continue.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.If TDSS File system is found it can be deleted.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

=================================================================
Download and run OTL
You've already downloaded OTL (Download link is here) so just double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

Code:

%SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*.exe %APPDATA%\*. /md5start atapi.sys explorer.exe winlogon.exe Userinit.exe svchost.exe csrss.exe PrintIsolationHost.exe consrv.dll /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please attach them in your next reply.

ansMBR attached. Bootkit Remover attached. Here is c/p of TDSS log:
09:29:14.0218 2836 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
09:29:14.0609 2836 ============================================================
09:29:14.0609 2836 Current date / time: 2012/06/11 09:29:14.0609
09:29:14.0609 2836 SystemInfo:
09:29:14.0609 2836
09:29:14.0609 2836 OS Version: 5.1.2600 ServicePack: 3.0
09:29:14.0609 2836 Product type: Workstation
09:29:14.0609 2836 ComputerName: HOME-FEF222E157
09:29:14.0609 2836 UserName: Mark
09:29:14.0609 2836 Windows directory: E:\WINDOWS
09:29:14.0609 2836 System windows directory: E:\WINDOWS
09:29:14.0609 2836 Processor architecture: Intel x86
09:29:14.0609 2836 Number of processors: 1
09:29:14.0609 2836 Page size: 0x1000
09:29:14.0609 2836 Boot type: Normal boot
09:29:14.0609 2836 ============================================================
09:29:16.0812 2836 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:29:16.0890 2836 ============================================================
09:29:16.0890 2836 \Device\Harddisk0\DR0:
09:29:16.0890 2836 MBR partitions:
09:29:16.0890 2836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
09:29:16.0890 2836 ============================================================
09:29:16.0921 2836 E: <-> \Device\Harddisk0\DR0\Partition0
09:29:16.0937 2836 ============================================================
09:29:16.0937 2836 Initialize success
09:29:16.0937 2836 ============================================================
09:29:46.0000 3160 ============================================================
09:29:46.0000 3160 Scan started
09:29:46.0000 3160 Mode: Manual; SigCheck; TDLFS;
09:29:46.0000 3160 ============================================================
09:29:46.0281 3160 Abiosdsk - ok
09:29:46.0296 3160 abp480n5 - ok
09:29:46.0359 3160 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys
09:29:47.0843 3160 ACPI - ok
09:29:47.0890 3160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys
09:29:48.0062 3160 ACPIEC - ok
09:29:48.0234 3160 AdobeActiveFileMonitor5.0 (177ff6608b48638d4066726f3a3f8444) E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
09:29:48.0296 3160 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - warning
09:29:48.0296 3160 AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic (1)
09:29:48.0406 3160 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:29:48.0421 3160 AdobeFlashPlayerUpdateSvc - ok
09:29:48.0421 3160 adpu160m - ok
09:29:48.0484 3160 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
09:29:48.0671 3160 aec - ok
09:29:48.0734 3160 AFD (1e44bc1e83d8fd2305f8d452db109cf9) E:\WINDOWS\System32\drivers\afd.sys
09:29:48.0875 3160 AFD - ok
09:29:48.0937 3160 AFS2K (0ebb674888cbdefd5773341c16dd6a07) E:\WINDOWS\system32\drivers\AFS2K.sys
09:29:48.0984 3160 AFS2K - ok
09:29:49.0031 3160 agp440 (08fd04aa961bdc77fb983f328334e3d7) E:\WINDOWS\system32\DRIVERS\agp440.sys
09:29:49.0156 3160 agp440 - ok
09:29:49.0171 3160 Aha154x - ok
09:29:49.0171 3160 aic78u2 - ok
09:29:49.0187 3160 aic78xx - ok
09:29:49.0234 3160 Alerter (a9a3daa780ca6c9671a19d52456705b4) E:\WINDOWS\system32\alrsvc.dll
09:29:49.0421 3160 Alerter - ok
09:29:49.0453 3160 ALG (8c515081584a38aa007909cd02020b3d) E:\WINDOWS\System32\alg.exe
09:29:49.0546 3160 ALG - ok
09:29:49.0562 3160 AliIde - ok
09:29:49.0562 3160 amsint - ok
09:29:49.0734 3160 AOL ACS (fa518140883112c54871f824097d262d) E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
09:29:49.0734 3160 AOL ACS - ok
09:29:49.0875 3160 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:29:49.0890 3160 Apple Mobile Device - ok
09:29:49.0937 3160 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) E:\WINDOWS\System32\appmgmts.dll
09:29:50.0062 3160 AppMgmt - ok
09:29:50.0093 3160 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys
09:29:50.0250 3160 Arp1394 - ok
09:29:50.0265 3160 asc - ok
09:29:50.0265 3160 asc3350p - ok
09:29:50.0281 3160 asc3550 - ok
09:29:50.0390 3160 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:29:50.0421 3160 aspnet_state - ok
09:29:50.0437 3160 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:29:50.0609 3160 AsyncMac - ok
09:29:50.0625 3160 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
09:29:50.0765 3160 atapi - ok
09:29:50.0781 3160 Atdisk - ok
09:29:50.0843 3160 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:29:51.0062 3160 ati2mtag - ok
09:29:51.0093 3160 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:29:51.0265 3160 Atmarpc - ok
09:29:51.0312 3160 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) E:\WINDOWS\System32\audiosrv.dll
09:29:51.0484 3160 AudioSrv - ok
09:29:51.0515 3160 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
09:29:51.0687 3160 audstub - ok
09:29:51.0718 3160 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
09:29:51.0890 3160 Beep - ok
09:29:51.0953 3160 BITS (574738f61fca2935f5265dc4e5691314) E:\WINDOWS\system32\qmgr.dll
09:29:52.0218 3160 BITS - ok
09:29:52.0343 3160 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) E:\Program Files\Bonjour\mDNSResponder.exe
09:29:52.0406 3160 Bonjour Service - ok
09:29:52.0468 3160 Browser (a06ce3399d16db864f55faeb1f1927a9) E:\WINDOWS\System32\browser.dll
09:29:52.0640 3160 Browser - ok
09:29:52.0640 3160 catchme - ok
09:29:52.0687 3160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
09:29:52.0843 3160 cbidf2k - ok
09:29:52.0843 3160 cd20xrnt - ok
09:29:52.0921 3160 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
09:29:53.0093 3160 Cdaudio - ok
09:29:53.0140 3160 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
09:29:53.0312 3160 Cdfs - ok
09:29:53.0359 3160 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
09:29:53.0515 3160 Cdrom - ok
09:29:53.0546 3160 cercsr6 (84853b3fd012251690570e9e7e43343f) E:\WINDOWS\system32\drivers\cercsr6.sys
09:29:53.0562 3160 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
09:29:53.0562 3160 cercsr6 - detected UnsignedFile.Multi.Generic (1)
09:29:53.0562 3160 Changer - ok
09:29:53.0765 3160 Cisco Media Server (99d4341773731b0d6d6b81ff3d35d7b0) E:\Program Files\Cisco Media Center\AVMediaServer.exe
09:29:54.0015 3160 Cisco Media Server ( UnsignedFile.Multi.Generic ) - warning
09:29:54.0015 3160 Cisco Media Server - detected UnsignedFile.Multi.Generic (1)
09:29:54.0156 3160 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) E:\WINDOWS\system32\cisvc.exe
09:29:54.0296 3160 CiSvc - ok
09:29:54.0343 3160 ClipSrv (34cbe729f38138217f9c80212a2a0c82) E:\WINDOWS\system32\clipsrv.exe
09:29:54.0500 3160 ClipSrv - ok
09:29:54.0625 3160 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:29:54.0781 3160 clr_optimization_v2.0.50727_32 - ok
09:29:54.0796 3160 CmdIde - ok
09:29:54.0859 3160 cmpci (e5842ccf0953d3d46d5e26427b67e901) E:\WINDOWS\system32\drivers\cmaudio.sys
09:29:54.0953 3160 cmpci - ok
09:29:55.0062 3160 cmuda3 (e02e0ebbed23d6efbf1300d08d57d7aa) E:\WINDOWS\system32\drivers\cmuda3.sys
09:29:55.0171 3160 cmuda3 ( UnsignedFile.Multi.Generic ) - warning
09:29:55.0171 3160 cmuda3 - detected UnsignedFile.Multi.Generic (1)
09:29:55.0234 3160 COMSysApp - ok
09:29:55.0250 3160 Cpqarray - ok
09:29:55.0281 3160 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) E:\WINDOWS\system32\CTsvcCDA.exe
09:29:55.0312 3160 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
09:29:55.0312 3160 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
09:29:55.0359 3160 CryptSvc (3d4e199942e29207970e04315d02ad3b) E:\WINDOWS\System32\cryptsvc.dll
09:29:55.0515 3160 CryptSvc - ok
09:29:55.0546 3160 ctac32k (4c638290979600ae2ae329d1608ad2ec) E:\WINDOWS\system32\drivers\ctac32k.sys
09:29:55.0593 3160 ctac32k - ok
09:29:55.0640 3160 ctaud2k (cf5662375781f741513c169cd4094100) E:\WINDOWS\system32\drivers\ctaud2k.sys
09:29:55.0750 3160 ctaud2k - ok
09:29:55.0765 3160 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) E:\WINDOWS\system32\drivers\ctdvda2k.sys
09:29:55.0875 3160 ctdvda2k - ok
09:29:55.0890 3160 ctprxy2k (678849d1af0750f68dbdc185252d5926) E:\WINDOWS\system32\drivers\ctprxy2k.sys
09:29:55.0906 3160 ctprxy2k - ok
09:29:55.0937 3160 ctsfm2k (3a076ebfbbbd6879a78863944980da32) E:\WINDOWS\system32\drivers\ctsfm2k.sys
09:29:55.0968 3160 ctsfm2k - ok
09:29:55.0984 3160 dac2w2k - ok
09:29:56.0000 3160 dac960nt - ok
09:29:56.0062 3160 DcomLaunch (6b27a5c03dfb94b4245739065431322c) E:\WINDOWS\system32\rpcss.dll
09:29:56.0187 3160 DcomLaunch - ok
09:29:56.0250 3160 Dhcp (5e38d7684a49cacfb752b046357e0589) E:\WINDOWS\System32\dhcpcsvc.dll
09:29:56.0484 3160 Dhcp - ok
09:29:56.0546 3160 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
09:29:56.0718 3160 Disk - ok
09:29:56.0718 3160 dmadmin - ok
09:29:56.0812 3160 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys
09:29:57.0015 3160 dmboot - ok
09:29:57.0062 3160 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys
09:29:57.0203 3160 dmio - ok
09:29:57.0250 3160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
09:29:57.0375 3160 dmload - ok
09:29:57.0421 3160 dmserver (57edec2e5f59f0335e92f35184bc8631) E:\WINDOWS\System32\dmserver.dll
09:29:57.0593 3160 dmserver - ok
09:29:57.0625 3160 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
09:29:57.0796 3160 DMusic - ok
09:29:57.0828 3160 Dnscache (5f7e24fa9eab896051ffb87f840730d2) E:\WINDOWS\System32\dnsrslvr.dll
09:29:58.0000 3160 Dnscache - ok
09:29:58.0046 3160 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) E:\WINDOWS\System32\dot3svc.dll
09:29:58.0218 3160 Dot3svc - ok
09:29:58.0218 3160 dpti2o - ok
09:29:58.0250 3160 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
09:29:58.0406 3160 drmkaud - ok
09:29:58.0468 3160 E100B (7d91dc6342248369f94d6eba0cf42e99) E:\WINDOWS\system32\DRIVERS\e100b325.sys
09:29:58.0531 3160 E100B - ok
09:29:58.0578 3160 EapHost (2187855a7703adef0cef9ee4285182cc) E:\WINDOWS\System32\eapsvc.dll
09:29:58.0718 3160 EapHost - ok
09:29:58.0750 3160 emupia (f7511cf63ef82f7227c03028a3abadb5) E:\WINDOWS\system32\drivers\emupia2k.sys
09:29:58.0781 3160 emupia - ok
09:29:58.0828 3160 ERSvc (bc93b4a066477954555966d77fec9ecb) E:\WINDOWS\System32\ersvc.dll
09:29:58.0984 3160 ERSvc - ok
09:29:59.0031 3160 Eventlog (65df52f5b8b6e9bbd183505225c37315) E:\WINDOWS\system32\services.exe
09:29:59.0078 3160 Eventlog - ok
09:29:59.0140 3160 EventSystem (d4991d98f2db73c60d042f1aef79efae) E:\WINDOWS\system32\Es.dll
09:29:59.0234 3160 EventSystem - ok
09:29:59.0296 3160 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
09:29:59.0546 3160 Fastfat - ok
09:29:59.0593 3160 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) E:\WINDOWS\System32\shsvcs.dll
09:29:59.0703 3160 FastUserSwitchingCompatibility - ok
09:29:59.0718 3160 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys
09:29:59.0843 3160 Fdc - ok
09:29:59.0906 3160 FETNDISB (95bc4d8493fe30312f5e1ab57ef36083) E:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
09:29:59.0953 3160 FETNDISB - ok
09:30:00.0000 3160 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys
09:30:00.0171 3160 Fips - ok
09:30:00.0203 3160 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys
09:30:00.0437 3160 Flpydisk - ok
09:30:00.0500 3160 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
09:30:00.0718 3160 FltMgr - ok
09:30:00.0875 3160 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:30:00.0890 3160 FontCache3.0.0.0 - ok
09:30:00.0921 3160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
09:30:01.0078 3160 Fs_Rec - ok
09:30:01.0109 3160 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:30:01.0234 3160 Ftdisk - ok
09:30:01.0281 3160 gameenum (065639773d8b03f33577f6cdaea21063) E:\WINDOWS\system32\DRIVERS\gameenum.sys
09:30:01.0421 3160 gameenum - ok
09:30:01.0468 3160 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:30:01.0484 3160 GEARAspiWDM - ok
09:30:01.0546 3160 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
09:30:01.0703 3160 Gpc - ok
09:30:01.0875 3160 gupdate (8f0de4fef8201e306f9938b0905ac96a) E:\Program Files\Google\Update\GoogleUpdate.exe
09:30:01.0890 3160 gupdate - ok
09:30:01.0906 3160 gupdatem (8f0de4fef8201e306f9938b0905ac96a) E:\Program Files\Google\Update\GoogleUpdate.exe
09:30:01.0906 3160 gupdatem - ok
09:30:01.0968 3160 gusvc (cc839e8d766cc31a7710c9f38cf3e375) E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:30:01.0984 3160 gusvc - ok
09:30:02.0062 3160 ha10kx2k (f24dd43adc784177b28984043bc022ab) E:\WINDOWS\system32\drivers\ha10kx2k.sys
09:30:02.0156 3160 ha10kx2k - ok
09:30:02.0171 3160 hap16v2k (ff65c807ea641ff7310a61be4dec6479) E:\WINDOWS\system32\drivers\hap16v2k.sys
09:30:02.0203 3160 hap16v2k - ok
09:30:02.0328 3160 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:30:02.0500 3160 helpsvc - ok
09:30:02.0500 3160 HidServ - ok
09:30:02.0546 3160 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
09:30:02.0687 3160 hidusb - ok
09:30:02.0687 3160 hitmanpro35 (47eece68857817f39c8c6f33a7e5e76c) E:\WINDOWS\system32\drivers\hitmanpro36.sys
09:30:07.0656 3160 hitmanpro35 - ok
09:30:07.0703 3160 hkmsvc (8878bd685e490239777bfe51320b88e9) E:\WINDOWS\System32\kmsvc.dll
09:30:07.0859 3160 hkmsvc - ok
09:30:07.0859 3160 hpn - ok
09:30:08.0031 3160 hpqcxs08 (ed377b3c83fdea8d906109a085d219ba) E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
09:30:08.0109 3160 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
09:30:08.0109 3160 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
09:30:08.0171 3160 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
09:30:08.0203 3160 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
09:30:08.0203 3160 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
09:30:08.0281 3160 HPSLPSVC (6f9cb6539a1b2508bd1c53d29334431a) E:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL
09:30:08.0328 3160 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
09:30:08.0328 3160 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
09:30:08.0390 3160 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) E:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:30:08.0593 3160 HPZid412 - ok
09:30:08.0625 3160 HPZipr12 (89f41658929393487b6b7d13c8528ce3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:30:08.0656 3160 HPZipr12 - ok
09:30:08.0718 3160 HPZius12 (abcb05ccdbf03000354b9553820e39f8) E:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:30:08.0781 3160 HPZius12 - ok
09:30:08.0859 3160 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) E:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:30:08.0968 3160 HSFHWBS2 - ok
09:30:09.0046 3160 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) E:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:30:09.0171 3160 HSF_DP - ok
09:30:09.0265 3160 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
09:30:09.0359 3160 HTTP - ok
09:30:09.0406 3160 HTTPFilter (6100a808600f44d999cebdef8841c7a3) E:\WINDOWS\System32\w3ssl.dll
09:30:09.0578 3160 HTTPFilter - ok
09:30:09.0593 3160 i2omgmt - ok
09:30:09.0593 3160 i2omp - ok
09:30:09.0656 3160 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:30:09.0796 3160 i8042prt - ok
09:30:09.0921 3160 IDriverT (daf66902f08796f9c694901660e5a64a) E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
09:30:09.0953 3160 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:30:09.0953 3160 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:30:10.0156 3160 idsvc (c01ac32dc5c03076cfb852cb5da5229c) E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:30:10.0234 3160 idsvc - ok
09:30:11.0031 3160 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
09:30:11.0218 3160 Imapi - ok
09:30:11.0265 3160 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) E:\WINDOWS\system32\imapi.exe
09:30:11.0437 3160 ImapiService - ok
09:30:11.0453 3160 ini910u - ok
09:30:11.0500 3160 IntelIde (b5466a9250342a7aa0cd1fba13420678) E:\WINDOWS\system32\DRIVERS\intelide.sys
09:30:11.0625 3160 IntelIde - ok
09:30:11.0671 3160 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys
09:30:11.0812 3160 intelppm - ok
09:30:11.0859 3160 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
09:30:12.0093 3160 Ip6Fw - ok
09:30:12.0109 3160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:30:12.0250 3160 IpFilterDriver - ok
09:30:12.0250 3160 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
09:30:12.0468 3160 IpInIp - ok
09:30:12.0515 3160 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
09:30:12.0671 3160 IpNat - ok
09:30:12.0765 3160 iPod Service (49918803b661367023bf325cf602afdc) E:\Program Files\iPod\bin\iPodService.exe
09:30:12.0859 3160 iPod Service - ok
09:30:12.0953 3160 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
09:30:13.0093 3160 IPSec - ok
09:30:13.0093 3160 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
09:30:13.0156 3160 IRENUM - ok
09:30:13.0171 3160 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys
09:30:13.0328 3160 isapnp - ok
09:30:13.0468 3160 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) E:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
09:30:13.0484 3160 JavaQuickStarterService - ok
09:30:13.0531 3160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:30:13.0671 3160 Kbdclass - ok
09:30:13.0718 3160 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:30:13.0875 3160 kbdhid - ok
09:30:13.0906 3160 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
09:30:14.0078 3160 kmixer - ok
09:30:14.0125 3160 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
09:30:14.0250 3160 KSecDD - ok
09:30:14.0265 3160 L8042pr2 (4103dbb6caa85e40d271c1ad12bbf776) E:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
09:30:14.0312 3160 L8042pr2 - ok
09:30:14.0375 3160 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) E:\WINDOWS\System32\srvsvc.dll
09:30:14.0468 3160 lanmanserver - ok
09:30:14.0500 3160 lanmanworkstation (a8888a5327621856c0cec4e385f69309) E:\WINDOWS\System32\wkssvc.dll
09:30:14.0546 3160 lanmanworkstation - ok
09:30:14.0562 3160 lbrtfdc - ok
09:30:14.0609 3160 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) E:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
09:30:14.0640 3160 LHidFlt2 - ok
09:30:14.0671 3160 LHidUsb (826aacb98a2ca5c51e982c748a60d645) E:\WINDOWS\system32\Drivers\LHidUsb.Sys
09:30:14.0734 3160 LHidUsb - ok
09:30:14.0843 3160 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) E:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
09:30:14.0843 3160 LinksysUpdater ( UnsignedFile.Multi.Generic ) - warning
09:30:14.0843 3160 LinksysUpdater - detected UnsignedFile.Multi.Generic (1)
09:30:14.0921 3160 LmHosts (a7db739ae99a796d91580147e919cc59) E:\WINDOWS\System32\lmhsvc.dll
09:30:15.0078 3160 LmHosts - ok
09:30:15.0234 3160 LMIGuardianSvc (c2bc96051da4330c1fcf2fe13f60a748) E:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
09:30:15.0296 3160 LMIGuardianSvc - ok
09:30:15.0359 3160 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) E:\Program Files\LogMeIn\x86\RaInfo.sys
09:30:15.0359 3160 LMIInfo - ok
09:30:15.0421 3160 LMIMaint (8960ac10842199c9dc2ec0956f5a4a8d) E:\Program Files\LogMeIn\x86\RaMaint.exe
09:30:15.0437 3160 LMIMaint - ok
09:30:15.0500 3160 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) E:\WINDOWS\system32\DRIVERS\lmimirr.sys
09:30:15.0500 3160 lmimirr - ok
09:30:15.0515 3160 LMIRfsClientNP - ok
09:30:15.0562 3160 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) E:\WINDOWS\system32\drivers\LMIRfsDriver.sys
09:30:15.0578 3160 LMIRfsDriver - ok
09:30:15.0609 3160 LMouFlt2 (b666f835c18974f392a387c6e863072f) E:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
09:30:15.0640 3160 LMouFlt2 - ok
09:30:15.0703 3160 LogMeIn (432618fa75b61059d2c57d6a7e55147a) E:\Program Files\LogMeIn\x86\LogMeIn.exe
09:30:15.0734 3160 LogMeIn - ok
09:30:15.0781 3160 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) E:\WINDOWS\system32\drivers\mbamchameleon.sys
09:30:15.0812 3160 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning
09:30:15.0812 3160 mbamchameleon - detected UnsignedFile.Multi.Generic (1)
09:30:15.0828 3160 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) E:\WINDOWS\system32\drivers\mbam.sys
09:30:15.0843 3160 MBAMProtector - ok
09:30:15.0937 3160 MBAMService (ba400ed640bca1eae5c727ae17c10207) E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:30:16.0015 3160 MBAMService - ok
09:30:16.0046 3160 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) E:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:30:16.0062 3160 mdmxsdk - ok
09:30:16.0140 3160 Messenger (986b1ff5814366d71e0ac5755c88f2d3) E:\WINDOWS\System32\msgsvc.dll
09:30:16.0296 3160 Messenger - ok
09:30:16.0343 3160 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) E:\WINDOWS\system32\drivers\mfeavfk.sys
09:30:16.0359 3160 mfeavfk - ok
09:30:16.0359 3160 mfebopk (1d003e3056a43d881597d6763e83b943) E:\WINDOWS\system32\drivers\mfebopk.sys
09:30:16.0390 3160 mfebopk - ok
09:30:16.0406 3160 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) E:\WINDOWS\system32\drivers\mfehidk.sys
09:30:16.0468 3160 mfehidk - ok
09:30:16.0515 3160 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) E:\WINDOWS\system32\drivers\mferkdk.sys
09:30:16.0531 3160 mferkdk - ok
09:30:16.0546 3160 mfesmfk (096b52ea918aa909ba5903d79e129005) E:\WINDOWS\system32\drivers\mfesmfk.sys
09:30:16.0562 3160 mfesmfk - ok
09:30:16.0609 3160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
09:30:16.0828 3160 mnmdd - ok
09:30:16.0890 3160 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) E:\WINDOWS\system32\mnmsrvc.exe
09:30:17.0046 3160 mnmsrvc - ok
09:30:17.0109 3160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys
09:30:17.0281 3160 Modem - ok
09:30:17.0328 3160 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) E:\WINDOWS\system32\drivers\MODEMCSA.sys
09:30:17.0484 3160 MODEMCSA - ok
09:30:17.0531 3160 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys
09:30:17.0671 3160 Mouclass - ok
09:30:17.0718 3160 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys
09:30:17.0875 3160 mouhid - ok
09:30:17.0921 3160 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
09:30:18.0078 3160 MountMgr - ok
09:30:18.0203 3160 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:30:18.0218 3160 MozillaMaintenance - ok
09:30:18.0234 3160 mraid35x - ok
09:30:18.0265 3160 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:30:18.0421 3160 MRxDAV - ok
09:30:18.0484 3160 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:30:18.0656 3160 MRxSmb - ok
09:30:18.0703 3160 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) E:\WINDOWS\system32\msdtc.exe
09:30:18.0859 3160 MSDTC - ok
09:30:18.0875 3160 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
09:30:19.0031 3160 Msfs - ok
09:30:19.0031 3160 MSIServer - ok
09:30:19.0062 3160 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
09:30:19.0187 3160 MSKSSRV - ok
09:30:19.0203 3160 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:30:19.0328 3160 MSPCLOCK - ok
09:30:19.0343 3160 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
09:30:19.0484 3160 MSPQM - ok
09:30:19.0531 3160 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:30:19.0656 3160 mssmbios - ok
09:30:19.0718 3160 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
09:30:19.0796 3160 Mup - ok
09:30:19.0859 3160 napagent (0102140028fad045756796e1c685d695) E:\WINDOWS\System32\qagentrt.dll
09:30:20.0000 3160 napagent - ok
09:30:20.0046 3160 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
09:30:20.0187 3160 NDIS - ok
09:30:20.0250 3160 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:30:20.0312 3160 NdisTapi - ok
09:30:20.0359 3160 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:30:20.0515 3160 Ndisuio - ok
09:30:20.0546 3160 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:30:20.0703 3160 NdisWan - ok
09:30:20.0750 3160 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
09:30:20.0843 3160 NDProxy - ok
09:30:20.0843 3160 NEC Usb3.0 - ok
09:30:20.0906 3160 Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) E:\WINDOWS\system32\HPZinw12.dll
09:30:20.0937 3160 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:30:20.0937 3160 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:30:20.0968 3160 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
09:30:21.0109 3160 NetBIOS - ok
09:30:21.0156 3160 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
09:30:21.0281 3160 NetBT - ok
09:30:21.0328 3160 NetDDE (b857ba82860d7ff85ae29b095645563b) E:\WINDOWS\system32\netdde.exe
09:30:21.0515 3160 NetDDE - ok
09:30:21.0515 3160 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) E:\WINDOWS\system32\netdde.exe
09:30:21.0656 3160 NetDDEdsdm - ok
09:30:21.0703 3160 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\system32\lsass.exe
09:30:21.0859 3160 Netlogon - ok
09:30:21.0921 3160 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) E:\WINDOWS\System32\netman.dll
09:30:22.0078 3160 Netman - ok
09:30:22.0250 3160 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:30:22.0281 3160 NetTcpPortSharing - ok
09:30:22.0312 3160 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys
09:30:22.0453 3160 NIC1394 - ok
09:30:22.0531 3160 Nla (943337d786a56729263071623bbb9de5) E:\WINDOWS\System32\mswsock.dll
09:30:22.0578 3160 Nla - ok
09:30:22.0796 3160 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) E:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
09:30:22.0875 3160 nmservice - ok
09:30:22.0937 3160 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
09:30:23.0093 3160 Npfs - ok
09:30:23.0140 3160 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
09:30:23.0359 3160 Ntfs - ok
09:30:23.0375 3160 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\system32\lsass.exe
09:30:23.0484 3160 NtLmSsp - ok
09:30:23.0562 3160 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) E:\WINDOWS\system32\ntmssvc.dll
09:30:23.0796 3160 NtmsSvc - ok
09:30:23.0843 3160 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
09:30:24.0062 3160 Null - ok
09:30:24.0109 3160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:30:24.0265 3160 NwlnkFlt - ok
09:30:24.0281 3160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:30:24.0390 3160 NwlnkFwd - ok
09:30:24.0546 3160 odserv (1f0e05dff4f5a833168e49be1256f002) E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:30:24.0578 3160 odserv - ok
09:30:24.0609 3160 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:30:24.0750 3160 ohci1394 - ok
09:30:24.0796 3160 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) E:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
09:30:24.0828 3160 OMCI ( UnsignedFile.Multi.Generic ) - warning
09:30:24.0828 3160 OMCI - detected UnsignedFile.Multi.Generic (1)
09:30:24.0875 3160 ose (5a432a042dae460abe7199b758e8606c) E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:30:24.0890 3160 ose - ok
09:30:24.0968 3160 ossrv (f0184fe6069be1541a3d18c02a73d161) E:\WINDOWS\system32\drivers\ctoss2k.sys
09:30:25.0000 3160 ossrv - ok
09:30:25.0046 3160 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys
09:30:25.0234 3160 Parport - ok
09:30:25.0265 3160 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
09:30:25.0390 3160 PartMgr - ok
09:30:25.0421 3160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys
09:30:25.0640 3160 ParVdm - ok
09:30:25.0671 3160 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys
09:30:25.0812 3160 PCI - ok
09:30:25.0828 3160 PCIDump - ok
09:30:25.0843 3160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys
09:30:25.0968 3160 PCIIde - ok
09:30:26.0015 3160 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys
09:30:26.0140 3160 Pcmcia - ok
09:30:26.0140 3160 PDCOMP - ok
09:30:26.0156 3160 PDFRAME - ok
09:30:26.0171 3160 PDRELI - ok
09:30:26.0171 3160 PDRFRAME - ok
09:30:26.0187 3160 perc2 - ok
09:30:26.0203 3160 perc2hib - ok
09:30:26.0234 3160 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) E:\WINDOWS\system32\drivers\PfModNT.sys
09:30:26.0265 3160 PfModNT - ok
09:30:26.0328 3160 PlugPlay (65df52f5b8b6e9bbd183505225c37315) E:\WINDOWS\system32\services.exe
09:30:26.0359 3160 PlugPlay - ok
09:30:26.0437 3160 Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) E:\WINDOWS\system32\HPZipm12.dll
09:30:26.0468 3160 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:30:26.0468 3160 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:30:26.0515 3160 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) E:\WINDOWS\system32\DRIVERS\pnarp.sys
09:30:26.0531 3160 pnarp - ok
09:30:26.0562 3160 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\system32\lsass.exe
09:30:26.0687 3160 PolicyAgent - ok
09:30:26.0734 3160 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
09:30:26.0875 3160 PptpMiniport - ok
09:30:26.0890 3160 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\system32\lsass.exe
09:30:27.0031 3160 ProtectedStorage - ok
09:30:27.0031 3160 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
09:30:27.0171 3160 PSched - ok
09:30:27.0203 3160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
09:30:27.0328 3160 Ptilink - ok
09:30:27.0343 3160 purendis (f4fd591e86ecb6b5d000c7d6c987416b) E:\WINDOWS\system32\DRIVERS\purendis.sys
09:30:27.0359 3160 purendis - ok
09:30:27.0375 3160 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) E:\WINDOWS\system32\Drivers\PxHelp20.sys
09:30:27.0406 3160 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
09:30:27.0406 3160 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
09:30:27.0406 3160 ql1080 - ok
09:30:27.0421 3160 Ql10wnt - ok
09:30:27.0421 3160 ql12160 - ok
09:30:27.0437 3160 ql1240 - ok
09:30:27.0437 3160 ql1280 - ok
09:30:27.0484 3160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
09:30:27.0593 3160 RasAcd - ok
09:30:27.0656 3160 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) E:\WINDOWS\System32\rasauto.dll
09:30:27.0796 3160 RasAuto - ok
09:30:27.0828 3160 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:30:27.0984 3160 Rasl2tp - ok
09:30:28.0031 3160 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) E:\WINDOWS\System32\rasmans.dll
09:30:28.0187 3160 RasMan - ok
09:30:28.0203 3160 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:30:28.0343 3160 RasPppoe - ok
09:30:28.0359 3160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
09:30:28.0484 3160 Raspti - ok
09:30:28.0531 3160 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
09:30:28.0687 3160 Rdbss - ok
09:30:28.0718 3160 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:30:28.0875 3160 RDPCDD - ok
09:30:28.0906 3160 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:30:29.0078 3160 rdpdr - ok
09:30:29.0125 3160 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) E:\WINDOWS\system32\drivers\RDPWD.sys
09:30:29.0171 3160 RDPWD - ok
09:30:29.0218 3160 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) E:\WINDOWS\system32\sessmgr.exe
09:30:29.0359 3160 RDSessMgr - ok
09:30:29.0406 3160 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys
09:30:29.0562 3160 redbook - ok
09:30:29.0656 3160 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) E:\WINDOWS\System32\mprdim.dll
09:30:29.0796 3160 RemoteAccess - ok
09:30:29.0859 3160 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) E:\WINDOWS\system32\regsvc.dll
09:30:30.0046 3160 RemoteRegistry - ok
09:30:30.0125 3160 RimVSerPort (32d6ab810537ce38cbffe04ed9f6709a) E:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:30:30.0203 3160 RimVSerPort - ok
09:30:30.0265 3160 RIOUNIV (f772c4ba29f4117d15c66f63d010d9f0) E:\WINDOWS\system32\Drivers\RIOUNIV.sys
09:30:30.0343 3160 RIOUNIV - ok
09:30:30.0343 3160 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) E:\WINDOWS\system32\Drivers\RootMdm.sys
09:30:30.0484 3160 ROOTMODEM - ok
09:30:30.0500 3160 RpcLocator (aaed593f84afa419bbae8572af87cf6a) E:\WINDOWS\system32\locator.exe
09:30:30.0640 3160 RpcLocator - ok
09:30:30.0703 3160 RpcSs (6b27a5c03dfb94b4245739065431322c) E:\WINDOWS\System32\rpcss.dll
09:30:30.0750 3160 RpcSs - ok
09:30:30.0812 3160 RSVP (471b3f9741d762abe75e9deea4787e47) E:\WINDOWS\system32\rsvp.exe
09:30:30.0968 3160 RSVP - ok
09:30:31.0046 3160 RTL8023xp (223d721e1334425df479b58123c9e886) E:\WINDOWS\system32\DRIVERS\EG1032xp.sys
09:30:31.0109 3160 RTL8023xp - ok
09:30:31.0156 3160 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) E:\WINDOWS\system32\lsass.exe
09:30:31.0281 3160 SamSs - ok
09:30:31.0296 3160 SCardSvr (86d007e7a654b9a71d1d7d856b104353) E:\WINDOWS\System32\SCardSvr.exe
09:30:31.0437 3160 SCardSvr - ok
09:30:31.0500 3160 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) E:\WINDOWS\system32\schedsvc.dll
09:30:31.0718 3160 Schedule - ok
09:30:31.0765 3160 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
09:30:31.0921 3160 Secdrv - ok
09:30:31.0968 3160 seclogon (cbe612e2bb6a10e3563336191eda1250) E:\WINDOWS\System32\seclogon.dll
09:30:32.0125 3160 seclogon - ok
09:30:32.0140 3160 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) E:\WINDOWS\system32\sens.dll
09:30:32.0281 3160 SENS - ok
09:30:32.0328 3160 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
09:30:32.0484 3160 serenum - ok
09:30:32.0531 3160 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys
09:30:32.0656 3160 Serial - ok
09:30:32.0718 3160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
09:30:32.0859 3160 Sfloppy - ok
09:30:32.0921 3160 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) E:\WINDOWS\System32\ipnathlp.dll
09:30:33.0062 3160 SharedAccess - ok
09:30:33.0109 3160 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) E:\WINDOWS\System32\shsvcs.dll
09:30:33.0156 3160 ShellHWDetection - ok
09:30:33.0171 3160 Simbad - ok
09:30:33.0171 3160 Sparrow - ok
09:30:33.0187 3160 spcstb - ok
09:30:33.0218 3160 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
09:30:33.0375 3160 splitter - ok
09:30:33.0421 3160 Spooler (60784f891563fb1b767f70117fc2428f) E:\WINDOWS\system32\spoolsv.exe
09:30:33.0484 3160 Spooler - ok
09:30:33.0546 3160 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys
09:30:33.0640 3160 sr - ok
09:30:33.0718 3160 srservice (3805df0ac4296a34ba4bf93b346cc378) E:\WINDOWS\system32\srsvc.dll
09:30:33.0828 3160 srservice - ok
09:30:33.0906 3160 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
09:30:34.0000 3160 Srv - ok
09:30:34.0062 3160 SSDPSRV (0a5679b3714edab99e357057ee88fca6) E:\WINDOWS\System32\ssdpsrv.dll
09:30:34.0140 3160 SSDPSRV - ok
09:30:34.0203 3160 stisvc (8bad69cbac032d4bbacfce0306174c30) E:\WINDOWS\system32\wiaservc.dll
09:30:34.0406 3160 stisvc - ok
09:30:34.0453 3160 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
09:30:34.0609 3160 swenum - ok
09:30:34.0671 3160 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
09:30:34.0828 3160 swmidi - ok
09:30:34.0843 3160 SwPrv - ok
09:30:34.0843 3160 symc810 - ok
09:30:34.0859 3160 symc8xx - ok
09:30:34.0875 3160 sym_hi - ok
09:30:34.0875 3160 sym_u3 - ok
09:30:34.0921 3160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
09:30:35.0125 3160 sysaudio - ok
09:30:35.0156 3160 SysmonLog (c7abbc59b43274b1109df6b24d617051) E:\WINDOWS\system32\smlogsvc.exe
09:30:35.0375 3160 SysmonLog - ok
09:30:35.0421 3160 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) E:\WINDOWS\System32\tapisrv.dll
09:30:35.0578 3160 TapiSrv - ok
09:30:35.0656 3160 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
09:30:35.0718 3160 Tcpip - ok
09:30:35.0781 3160 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
09:30:35.0906 3160 TDPIPE - ok
09:30:35.0921 3160 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
09:30:36.0046 3160 TDTCP - ok
09:30:36.0078 3160 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
09:30:36.0234 3160 TermDD - ok
09:30:36.0281 3160 TermService (ff3477c03be7201c294c35f684b3479f) E:\WINDOWS\System32\termsrv.dll
09:30:36.0484 3160 TermService - ok
09:30:36.0546 3160 Themes (99bc0b50f511924348be19c7c7313bbf) E:\WINDOWS\System32\shsvcs.dll
09:30:36.0562 3160 Themes - ok
09:30:36.0625 3160 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) E:\WINDOWS\system32\tlntsvr.exe
09:30:36.0687 3160 TlntSvr - ok
09:30:36.0703 3160 TosIde - ok
09:30:36.0765 3160 TrkWks (55bca12f7f523d35ca3cb833c725f54e) E:\WINDOWS\system32\trkwks.dll
09:30:36.0921 3160 TrkWks - ok
09:30:36.0968 3160 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
09:30:37.0109 3160 Udfs - ok
09:30:37.0109 3160 ultra - ok
09:30:37.0171 3160 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) E:\WINDOWS\system32\wdfmgr.exe
09:30:37.0203 3160 UMWdf - ok
09:30:37.0281 3160 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
09:30:37.0437 3160 Update - ok
09:30:37.0500 3160 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) E:\WINDOWS\System32\upnphost.dll
09:30:37.0593 3160 upnphost - ok
09:30:37.0609 3160 UPS (05365fb38fca1e98f7a566aaaf5d1815) E:\WINDOWS\System32\ups.exe
09:30:37.0781 3160 UPS - ok
09:30:37.0796 3160 USBAAPL (83cafcb53201bbac04d822f32438e244) E:\WINDOWS\system32\Drivers\usbaapl.sys
09:30:37.0843 3160 USBAAPL - ok
09:30:37.0875 3160 usbaudio (e919708db44ed8543a7c017953148330) E:\WINDOWS\system32\drivers\usbaudio.sys
09:30:38.0015 3160 usbaudio - ok
09:30:38.0062 3160 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:30:38.0203 3160 usbccgp - ok
09:30:38.0250 3160 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
09:30:38.0390 3160 usbehci - ok
09:30:38.0406 3160 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
09:30:38.0531 3160 usbhub - ok
09:30:38.0593 3160 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
09:30:38.0734 3160 usbprint - ok
09:30:38.0750 3160 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
09:30:38.0890 3160 usbscan - ok
09:30:38.0921 3160 usbstor (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:30:39.0046 3160 usbstor - ok
09:30:39.0109 3160 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:30:39.0250 3160 usbuhci - ok
09:30:39.0296 3160 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
09:30:39.0421 3160 VgaSave - ok
09:30:39.0421 3160 ViaIde - ok
09:30:39.0609 3160 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) E:\Program Files\Viewpoint\Common\ViewpointService.exe
09:30:39.0640 3160 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
09:30:39.0640 3160 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
09:30:39.0687 3160 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys
09:30:39.0843 3160 VolSnap - ok
09:30:39.0906 3160 VSS (7a9db3a67c333bf0bd42e42b8596854b) E:\WINDOWS\System32\vssvc.exe
09:30:40.0015 3160 VSS - ok
09:30:40.0062 3160 W32Time (54af4b1d5459500ef0937f6d33b1914f) E:\WINDOWS\system32\w32time.dll
09:30:40.0234 3160 W32Time - ok
09:30:40.0281 3160 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
09:30:40.0406 3160 Wanarp - ok
09:30:40.0468 3160 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) E:\WINDOWS\system32\DRIVERS\wanatw4.sys
09:30:40.0531 3160 wanatw - ok
09:30:40.0562 3160 WANMiniportService (eb9a99ab5d17b1727034ff191e6448d7) E:\WINDOWS\wanmpsvc.exe
09:30:42.0796 3160 WANMiniportService ( UnsignedFile.Multi.Generic ) - warning
09:30:42.0796 3160 WANMiniportService - detected UnsignedFile.Multi.Generic (1)
09:30:42.0875 3160 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\Drivers\wdf01000.sys
09:30:42.0906 3160 Wdf01000 - ok
09:30:42.0921 3160 WDICA - ok
09:30:42.0984 3160 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
09:30:43.0125 3160 wdmaud - ok
09:30:43.0187 3160 WebClient (77a354e28153ad2d5e120a5a8687bc06) E:\WINDOWS\System32\webclnt.dll
09:30:43.0328 3160 WebClient - ok
09:30:43.0421 3160 winachsf (f59ed5a43b988a18ef582bb07b2327a7) E:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:30:43.0515 3160 winachsf - ok
09:30:43.0625 3160 winmgmt (2d0e4ed081963804ccc196a0929275b5) E:\WINDOWS\system32\wbem\WMIsvc.dll
09:30:43.0765 3160 winmgmt - ok
09:30:43.0812 3160 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) E:\WINDOWS\system32\DRIVERS\winusb.sys
09:30:43.0875 3160 WinUSB - ok
09:30:43.0921 3160 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) E:\WINDOWS\system32\MsPMSPSv.exe
09:30:43.0953 3160 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
09:30:43.0953 3160 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
09:30:43.0984 3160 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) E:\WINDOWS\system32\mspmsnsv.dll
09:30:44.0031 3160 WmdmPmSN - ok
09:30:44.0109 3160 Wmi (e76f8807070ed04e7408a86d6d3a6137) E:\WINDOWS\System32\advapi32.dll
09:30:44.0203 3160 Wmi - ok
09:30:44.0265 3160 WmiApSrv (e0673f1106e62a68d2257e376079f821) E:\WINDOWS\system32\wbem\wmiapsrv.exe
09:30:44.0421 3160 WmiApSrv - ok
09:30:44.0468 3160 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) E:\WINDOWS\System32\drivers\ws2ifsl.sys
09:30:44.0609 3160 WS2IFSL - ok
09:30:44.0671 3160 wscsvc (7c278e6408d1dce642230c0585a854d5) E:\WINDOWS\system32\wscsvc.dll
09:30:44.0812 3160 wscsvc - ok
09:30:44.0812 3160 wuauserv - ok
09:30:44.0890 3160 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) E:\WINDOWS\System32\wzcsvc.dll
09:30:45.0109 3160 WZCSVC - ok
09:30:45.0156 3160 xmlprov (295d21f14c335b53cb8154e5b1f892b9) E:\WINDOWS\System32\xmlprov.dll
09:30:45.0312 3160 xmlprov - ok
09:30:45.0437 3160 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:30:45.0484 3160 YahooAUService - ok
09:30:45.0531 3160 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:30:46.0109 3160 \Device\Harddisk0\DR0 - ok
09:30:46.0109 3160 Boot (0x1200) (f8cae6c0077b49473f2ca455459a4c6e) \Device\Harddisk0\DR0\Partition0
09:30:46.0109 3160 \Device\Harddisk0\DR0\Partition0 - ok
09:30:46.0125 3160 ============================================================
09:30:46.0125 3160 Scan finished
09:30:46.0125 3160 ============================================================
09:30:46.0234 1516 Detected object count: 18
09:30:46.0234 1516 Actual detected object count: 18
09:31:05.0609 1516 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0609 1516 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0609 1516 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0609 1516 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0625 1516 Cisco Media Server ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0625 1516 Cisco Media Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0625 1516 cmuda3 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0625 1516 cmuda3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0625 1516 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0625 1516 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0625 1516 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0625 1516 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0625 1516 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0625 1516 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0625 1516 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0625 1516 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0625 1516 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0625 1516 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0625 1516 LinksysUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0625 1516 LinksysUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0625 1516 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0625 1516 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0625 1516 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0625 1516 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0640 1516 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0640 1516 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0640 1516 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0640 1516 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0640 1516 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0640 1516 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0640 1516 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0640 1516 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0640 1516 WANMiniportService ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0640 1516 WANMiniportService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:05.0640 1516 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:05.0640 1516 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:34:24.0703 3768 Deinitialize success

Also - OTL log att'd...it did not generate an 'Extras' as it has previously. Thank you...

Jack · Jun 11, 2012

STEP 1 : Please uninstall the following programs via <>Control Panel\Programs\Programs and Features</> :
<ul>
<li><>Ask Toolbar</></li>
</ul>

STEP 2 : Run this OTL Fix :

<ol>
<li>Please reopen <img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/otlicon.png" alt="Posted Image" /> on your desktop.</li>
<li><>Copy</> and <>Paste</> the following code into the <img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/customscanfix.png" alt="Posted Image" /> textbox.

Code:

:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) [2012/06/01 13:17:24 | 000,000,128 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\-Cph9fOIXRCADper [2012/06/01 13:17:24 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\-Cph9fOIXRCADpe :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [emptyjava] [EMPTYFLASH] [CREATERESTOREPOINT]

</li>
<li><>Push </><img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/runfix.png" alt="Posted Image" /></li>
<li><>OTL may ask to reboot the machine. Please do so if asked.</></li>
<li><>Click </>the <>OK</> button.</li>
<li>A report will open. <>Copy</> and <>Paste</> that report in your next reply.</li>
<li>If the machine reboots, the log will be located at C:\_OTL\MovedFiles\<>mmddyyyy_hhmmss.log</>, where mmddyyyy_hhmmss is the date and the time of the tool run.</li>
</ol>

STEP 3 : Run a scan with mbr.exe
Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

* Double-click mbr.exe to start the program.
* When done scanning, it will save a log on the Desktop called mbr.log.
* Please post the contents of that log in your next reply.

STEP 4: Run a scan with ESET Online Scanner

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
<><a title="External link" href="http://www.eset.com/online-scanner" rel="nofollow external">ESET OnlineScan</a></>
<ol>
<li>Click the <>Eset online Scanner</>button.</li>
<li><>For alternate browsers only</> (Microsoft Internet Explorer users can skip these steps)</li>
<ul><li>Click on <>esetinstaller.exe</> to download the ESET Smart Installer. Save it to your desktop.</li>
<li>Double click on the Eset installer icon on your desktop.</li></ul>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Accept any security warnings from your browser.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESETScan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
If a log has been produced post it in your next reply.

STEP 4: Run a scan CKScanner

Download <>CKScanner</> from <a href="http://downloads.malwareremoval.com/CKScanner.exe" target="_blank"><>here</></a>

<>Important :</> Save it to your desktop.
<ul>
<li>Doubleclick CKScanner.exe and click <>Search For Files</>.</li>
<li>After a very short time, when the cursor hourglass disappears, click <>Save List To File</>.</li>
<li>A message box will verify that the file is saved.</li>
<li>Double-click the <>CKFiles.txt</> icon on your desktop and copy/paste the contents in your next reply.</li>
</ul>

starvinmarvin · Jun 14, 2012

Jack said:
STEP 1 : Please uninstall the following programs via <>Control Panel\Programs\Programs and Features</> :
<ul>
<li><>Ask Toolbar</></li>
</ul>

STEP 2 : Run this OTL Fix :

<ol>
<li>Please reopen <img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/otlicon.png" alt="Posted Image" /> on your desktop.</li>
<li><>Copy</> and <>Paste</> the following code into the <img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/customscanfix.png" alt="Posted Image" /> textbox.

Code:

:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) [2012/06/01 13:17:24 | 000,000,128 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\-Cph9fOIXRCADper [2012/06/01 13:17:24 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\-Cph9fOIXRCADpe :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [emptyjava] [EMPTYFLASH] [CREATERESTOREPOINT]

</li>
<li><>Push </><img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/runfix.png" alt="Posted Image" /></li>
<li><>OTL may ask to reboot the machine. Please do so if asked.</></li>
<li><>Click </>the <>OK</> button.</li>
<li>A report will open. <>Copy</> and <>Paste</> that report in your next reply.</li>
<li>If the machine reboots, the log will be located at C:\_OTL\MovedFiles\<>mmddyyyy_hhmmss.log</>, where mmddyyyy_hhmmss is the date and the time of the tool run.</li>
</ol>

STEP 3 : Run a scan with mbr.exe
Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

* Double-click mbr.exe to start the program.
* When done scanning, it will save a log on the Desktop called mbr.log.
* Please post the contents of that log in your next reply.

STEP 4: Run a scan with ESET Online Scanner

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
<><a title="External link" href="http://www.eset.com/online-scanner" rel="nofollow external">ESET OnlineScan</a></>
<ol>
<li>Click the <>Eset online Scanner</>button.</li>
<li><>For alternate browsers only</> (Microsoft Internet Explorer users can skip these steps)</li>
<ul><li>Click on <>esetinstaller.exe</> to download the ESET Smart Installer. Save it to your desktop.</li>
<li>Double click on the Eset installer icon on your desktop.</li></ul>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Accept any security warnings from your browser.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESETScan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
If a log has been produced post it in your next reply.

STEP 4: Run a scan CKScanner

Download <>CKScanner</> from <a href="http://downloads.malwareremoval.com/CKScanner.exe" target="_blank"><>here</></a>

<>Important :</> Save it to your desktop.
<ul>
<li>Doubleclick CKScanner.exe and click <>Search For Files</>.</li>
<li>After a very short time, when the cursor hourglass disappears, click <>Save List To File</>.</li>
<li>A message box will verify that the file is saved.</li>
<li>Double-click the <>CKFiles.txt</> icon on your desktop and copy/paste the contents in your next reply.</li>
</ul>

Ran OTL fix - but log file was empty. Here is MBR:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-12 06:01:50
Windows 5.1.2600 Service Pack 3
Running: 4olvifkc.exe; Driver: E:\DOCUME~1\Mark\LOCALS~1\Temp\ufecaaog.sys

---- User code sections - GMER 1.0.15 ----

.text E:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\internet explorer\iexplore.exe[3780] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA96C4] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA95BC] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA95BC] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA95BC] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA96C4] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA95BC] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA96C4] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA95BC] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA963D] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA96C4] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA95BC] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA95BC] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA96C4] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA963D] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA95BC] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA96C4] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA963D] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA95BC] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA95BC] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA963D] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA953B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe[1876] @ E:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA974B] E:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL Inc.)
IAT E:\Program Files\internet explorer\iexplore.exe[3780] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] E:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Eset scan results attached.
Here is what CKScanner had:
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.WNAPVS
----- EOF -----
Sorry about the delay, got called out of town - thanks again.

Jack · Jun 14, 2012

Hello marvin,
How is your computer behaving now? Any problems , any redirects or other malicious behavior?

<ol type="1">
<li>Download the latest official version of <a href="http://www.emsisoft.de/en/software/eek/" target="_blank" rel="nofollow">Emsisoft Emergency Kit</a></li>
<li>After the download process will has comleted, you'll need to unpack EmsisoftEmergencyKit.zip
<img src="http://malwaretips.com/images/removalguide/ekk1.png" alt="[Image: ekk1.png]" border="0" /></li>
<li>Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
<img src="http://malwaretips.com/images/removalguide/ekk2.png" alt="[Image: ekk2.png]" border="0" /></li>
<li>A pop-up will prompt you to update Emsisoft Emergency Kit , please click the "Yes" button.

<img src="http://malwaretips.com/images/removalguide/ekk3.png" alt="[Image: ekk3.png]" border="0" />

<img src="http://malwaretips.com/images/removalguide/ekk4.png" alt="[Image: ekk4.png]" border="0" /></li>
<li>After the Update process has completed , put the mouse cursor over the "Menu" tab on the left and click-on "Scan PC".

<img src="http://malwaretips.com/images/removalguide/ekk5.png" alt="[Image: ekk5.png]" border="0" /></li>
<li>Select "Smart scan" and click-on the below "SCAN" button.

<img src="http://malwaretips.com/images/removalguide/ekk6.png" alt="[Image: ekk6.png]" border="0" /></li>
<li>Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

<img src="http://malwaretips.com/images/removalguide/ekk7.png" alt="[Image: ekk7.png]" border="0" /></li>
<li>When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
Make sure that everything is Checked (ticked) and click on the 'Quarantine selected objects' button.
<img src="http://malwaretips.com/images/removalguide/ekk8.png" alt="[Image: ekk8.png]" border="0" /></li>

<li>Save the scan log somewhere that you can find it and then please attach the log in your next reply.
</ol>

starvinmarvin · Jun 15, 2012

Jack said:
Hello marvin,
How is your computer behaving now? Any problems , any redirects or other malicious behavior?

<ol type="1">
<li>Download the latest official version of <a href="http://www.emsisoft.de/en/software/eek/" target="_blank" rel="nofollow">Emsisoft Emergency Kit</a></li>
<li>After the download process will has comleted, you'll need to unpack EmsisoftEmergencyKit.zip
<img src="http://malwaretips.com/images/removalguide/ekk1.png" alt="[Image: ekk1.png]" border="0" /></li>
<li>Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
<img src="http://malwaretips.com/images/removalguide/ekk2.png" alt="[Image: ekk2.png]" border="0" /></li>
<li>A pop-up will prompt you to update Emsisoft Emergency Kit , please click the "Yes" button.

<img src="http://malwaretips.com/images/removalguide/ekk3.png" alt="[Image: ekk3.png]" border="0" />

<img src="http://malwaretips.com/images/removalguide/ekk4.png" alt="[Image: ekk4.png]" border="0" /></li>
<li>After the Update process has completed , put the mouse cursor over the "Menu" tab on the left and click-on "Scan PC".

<img src="http://malwaretips.com/images/removalguide/ekk5.png" alt="[Image: ekk5.png]" border="0" /></li>
<li>Select "Smart scan" and click-on the below "SCAN" button.

<img src="http://malwaretips.com/images/removalguide/ekk6.png" alt="[Image: ekk6.png]" border="0" /></li>
<li>Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

<img src="http://malwaretips.com/images/removalguide/ekk7.png" alt="[Image: ekk7.png]" border="0" /></li>
<li>When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
Make sure that everything is Checked (ticked) and click on the 'Quarantine selected objects' button.
<img src="http://malwaretips.com/images/removalguide/ekk8.png" alt="[Image: ekk8.png]" border="0" /></li>

<li>Save the scan log somewhere that you can find it and then please attach the log in your next reply.
</ol>

Emsisoft scan results att'd - thanks.

Jack · Jun 17, 2012

Download and run OTL
Download OldTimer from here then click on it to run it.
Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

Code:

%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please attach them in your next reply.

starvinmarvin · Jun 17, 2012

Jack said:
Download and run OTL
Download OldTimer from here then click on it to run it.
Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

Code:

%SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*.exe %APPDATA%\*. /md5start atapi.sys explorer.exe winlogon.exe Userinit.exe svchost.exe csrss.exe PrintIsolationHost.exe consrv.dll /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please attach them in your next reply.

It only opened the OTL.txt - which is attached, thanks.

Jack · Jun 19, 2012

Ok, lets run this last scans and were done... How is your computer running??

1.Run this OTL fix:
<ol>
<li>Please reopen <img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/otlicon.png" alt="Posted Image" /> on your desktop.</li>
<li><>Copy</> and <>Paste</> the following code into the <img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/customscanfix.png" alt="Posted Image" /> textbox.

Code:

:OTL SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - File not found [Auto | Stopped] -- E:\WINDOWS\system32\usbnhw32.dll -- (NEC Usb3.0) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- E:\DOCUME~1\Mark\LOCALS~1\Temp\ufecaaog.sys -- (ufecaaog) DRV - File not found [Kernel | Disabled | Stopped] -- E:\WINDOWS\System32\DRIVERS\spcstb.sys -- (spcstb) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&q=" FF - user.js - File not found [2012/06/01 13:17:24 | 000,000,128 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\-Cph9fOIXRCADper [2012/06/01 13:17:24 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\-Cph9fOIXRCADpe :Commands [resethosts] [emptytemp]

</li>
<li><>Push </><img src="http://malwaretips.com/blogs/wp-content/uploads/2012/06/runfix.png" alt="Posted Image" /></li>
<li><>OTL may ask to reboot the machine. Please do so if asked.</></li>
<li><>Click </>the <>OK</> button.</li>
<li>A report will open. <>Copy</> and <>Paste</> that report in your next reply.</li>
<li>If the machine reboots, the log will be located at C:\_OTL\MovedFiles\<>mmddyyyy_hhmmss.log</>, where mmddyyyy_hhmmss is the date and the time of the tool run.</li>
</ol>
<hr />

2.Download <>Dr.Web CureIt</> to the desktop:
<a href="ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe" rel="nofollow" target="_blank">ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe</a>
<ul>
<li>Doubleclick the <>drweb-cureit.exe</> file and click <>Scan</> to run express scan. Click <>OK</> in pop-up window to allow scan.</li>
<li>This will scan the files currently running in memory and when something is found, click the <>Yes</> button when it asks you if you want to cure it. This is only a short scan.</li>
<li>Once the short scan has finished, select <>Complete scan</>.</li>
<li><>Complete scan</> sometimes takes up to 2 hours to finish so please be patient.</li>
<li>Click the green arrow <img src="http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg" alt="Posted Image" /> at the right, and the scan will start.</li>
<li>Click <>Yes to all</> if it asks if you want to cure/move the file.</li>
<li>When the scan has finished, in the menu, click <>File</> and choose <>Save report list</></li>
<li>Save the report to your <>desktop</>. The report will be called <>DrWeb.csv</></li>
<li>Close Dr.Web Cureit.</li>
<li><>Important!</> Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.</li>
<li><>Copy and paste that log in the next reply.</> You can use Notepad to open the <>DrWeb.cvs</> report.</li>
</ul>
<>NOTE</>. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on <>X</> in upper right corner.

<hr />
3.Download <a href="http://oldtimer.geekstogo.com/TFC.exe" target="_blank"><>Temp File Cleaner (TFC)</></a>
<ol>
<li>Double click on <>TFC.exe</> to run the program.</li>
<li>Click on <>Start</> button to begin cleaning process.</li>
<li>TFC will close all running programs, and it <>may</> ask you to restart computer.</li>
</ol>
<hr / >
4. Please download <a href="http://download.bleepingcomputer.com/farbar/FSS.exe" target="_blank"><>Farbar Service Scanner</></a> (FSS) and run it on the computer with the issue.
<ul>
<li>Make sure the following options are checked:
<ul>
<li><>Internet Services</></li>
<li><>Windows Firewall</></li>
<li><>System Restore</></li>
<li><>Security Center</></li>
<li><>Windows Update</></li>
<li><>Windows Defender</></li>
</ul>
</li>
<li>Press "<>Scan</>".</li>
<li>It will create a log (FSS.txt) in the same directory the tool is run.</li>
<li>Please copy and paste the log to your reply.</li>
</ul>

<hr />
5.Download <>Security Check</> from <a href="http://screen317.changelog.fr/SecurityCheck.exe" target="_blank">HERE</a>, and save it to your <>Desktop</>.
<ul>
<li>Double-click <>SecurityCheck.exe</></li>
<li>Follow the onscreen instructions inside of the black box.</li>
<li>A <>Notepad</> document should open automatically called <>checkup.txt</>; please post the contents of that document.

<>NOTE</> SecurityCheck may produce some false warning(s), so leave the results reading to me.</li>
</ul>

starvinmarvin · Jun 20, 2012

Tried to run OTL fix and it hung - is there a 'correct' way to exit/re-try? Things that say "DO NOT INTERRUPT" make me edgy -thanks.

Jack · Jun 21, 2012

starvinmarvin said:
Tried to run OTL fix and it hung - is there a 'correct' way to exit/re-try? Things that say "DO NOT INTERRUPT" make me edgy -thanks.

Close the app, and the continue with the Dr.Web and the other scans.

starvinmarvin · Jun 24, 2012

Jack said:
starvinmarvin said:

Tried to run OTL fix and it hung - is there a 'correct' way to exit/re-try? Things that say "DO NOT INTERRUPT" make me edgy -thanks.

Click to expand...

Close the app, and the continue with the Dr.Web and the other scans.

Here is Dr Web:
inst.exe;E:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_210.5.2.1_suite;Probably BACKDOOR.Trojan;Incurable.Deleted.;
OTL.exe;E:\Documents and Settings\Mark\Desktop;Trojan.Siggen4.5725;Incurable.Moved.;
OTL.exe;E:\Documents and Settings\Mark\Desktop\AV Folder;Trojan.Siggen4.3572;Incurable.Moved.;
inst.exe;E:\Program Files\AOL\Installers\AOL Safety & Security Center 1.02;Probably BACKDOOR.Trojan;Incurable.Deleted.;
ppctl.dll;E:\Program Files\Common Files\AOL\1170015779\ee\services\antiSpyware\ver2_4_9_1\resources;Probably DLOADER.Trojan;Incurable.Will be deleted after restart.;
avgsdkupd.dll;E:\Program Files\LimeWire\lib\avg;Win32.HLLW.Autoruner.64096;Deleted.;
Sprite6.exe;E:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program;Trojan.DownLoader5.61542;Deleted.;
A0244344.ini;E:\System Volume Information\_restore{147403A6-0C05-4194-BE6F-B2605E4E2D8D}\RP1994;Trojan.Damaged.1;Deleted.;
A0245656.exe;E:\System Volume Information\_restore{147403A6-0C05-4194-BE6F-B2605E4E2D8D}\RP1996;Program.Uniblue.5 - read error;Invalid path to file ;
A0245690.ini;E:\System Volume Information\_restore{147403A6-0C05-4194-BE6F-B2605E4E2D8D}\RP1997;Trojan.Damaged.1;Deleted.;
A0246755.exe;E:\System Volume Information\_restore{147403A6-0C05-4194-BE6F-B2605E4E2D8D}\RP1999;Trojan.DownLoader6.17011;Incurable.Moved.;
A0248914.exe;E:\System Volume Information\_restore{147403A6-0C05-4194-BE6F-B2605E4E2D8D}\RP2010;Trojan.Siggen4.5725;Incurable.Moved.;
A0248915.exe;E:\System Volume Information\_restore{147403A6-0C05-4194-BE6F-B2605E4E2D8D}\RP2010;Trojan.Siggen4.3572;Incurable.Moved.;
A0248916.dll;E:\System Volume Information\_restore{147403A6-0C05-4194-BE6F-B2605E4E2D8D}\RP2010;Win32.HLLW.Autoruner.64096;Deleted.;
A0248917.exe;E:\System Volume Information\_restore{147403A6-0C05-4194-BE6F-B2605E4E2D8D}\RP2010;Trojan.DownLoader5.61542;Deleted.;

Tried to run TFC several times - but kept hangin. Here are results of Security Check:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
JavaFX 2.1.1
Java(TM) 7 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 11.2.202.235
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
Thanks again - Hope we're getting to the bottom, really appreciate your time and assistance...

Jack · Jun 25, 2012

<hr />

Your <>JAVA</> is out of date.

<img src="http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif" alt="Posted Image" /> <>UPDATE JAVA</>

Your version of <>Java</><> is out of date</>. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of <>Java</> components and update:
<ul>
<li>Please download <a title="External link" href="http://singularlabs.com/software/javara/javara-download/" rel="nofollow external"><>JavaRa</></a> to your desktop.
<ul>
<li>Click the <>Download</> button next to <>Windows Binary (.zip)</> Version 1.16 to download <>JavaRA</> and unzip it to its own folder.</li>
</ul>
</li>
<li><>Run JavaRa.exe</></li>
<li>Pick the language of your choice and click <>Select</>. Then click <>Remove Older Versions</>. Accept any prompts.
<img src="http://singularlabs.com/wp-content/uploads/2011/05/JavaRa1.png" alt="Posted Image" /></li>
<li><>Open JavaRa.exe again</> and select <>Search For Updates</>.</li>
<li>Select <>Update Using Sun Java's Website</> then click <>Search</> and click on the <>Open Webpage</> button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
</li>
</ul>

SMART HDD Security Shield lingering issues

New Member

Administrator

New Member

Attachments

Administrator

New Member

Attachments

New Member

Administrator

New Member

Attachments

Administrator

New Member

Attachments

Administrator

New Member

Attachments

Administrator

New Member

Attachments

Administrator

New Member

Administrator

New Member

Administrator

Similar threads