Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Blue screen, wifi trouble, XD memory card problems

  1. 2011-12-28, 17:26 #1
    bhubertus
    bhubertus is offline
    Member
    Join Date
    Oct 2006
    Posts
    49

    Default Blue screen, wifi trouble, XD memory card problems

    TIA for any and all help. :-)
    Here are the contents of my dds.txt:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13
    Run by Sandra at 10:00:11 on 2011-12-28
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.807 [GMT -6:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Canon\DIAS\CnxDIAS.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\PROGRA~1\PANASO~1\REMOTE~1\KaNTSRV.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE
    C:\Program Files\Browny02\Brother\BrStMonW.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
    C:\Program Files\ControlCenter4\BrCtrlCntr.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zinio Alert Messenger\Zinio Alert Messenger.exe
    C:\WINDOWS\system32\OBroker.exe
    C:\Program Files\ControlCenter4\BrCcUxSys.exe
    C:\Program Files\Browny02\BrYNSvc.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Sandra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://toolbar.google.com/done
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Secure Online Account Numbers Helper: {435eaa86-d32b-484f-869c-53745fcb1642} - c:\program files\discover\soan\DiscoverSOANHelper.dll
    BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    TB: Secure Online Account Numbers: {a8c7c2ca-6dfd-4e16-8458-592361564d38} - c:\program files\discover\soan\DiscoverSOANToolbar.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\sandra\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    mRun: [EOUApp] c:\program files\intel\wireless\bin\EOUWiz.exe
    mRun: [Notebook Maximizer] c:\program files\notebook maximizer\maximizer_startup.exe
    mRun: [CFSServ.exe] CFSServ.exe -NoClient
    mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Secure Online Account Numbers] c:\progra~1\discover\soan\DISCOV~1.EXE /dontopenmycards
    mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
    mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
    StartupFolder: c:\docume~1\sandra\startm~1\programs\startup\zinioa~1.lnk - c:\program files\zinio alert messenger\Zinio Alert Messenger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - hxxps://www.topproduceronline.com/downloads/msjavx86.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxsrvc.dll
    Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
    SEH: IBShellExecuteHook: {54697f09-baf4-422e-8e7a-a563b020b1a5} - c:\idrive for ibackup\IBShellView.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\sandra\application data\mozilla\firefox\profiles\krdbdvsr.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\program files\discover\soan\components\SlimOrbAddonDiscoverSOAN.dll
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\sandra\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Secure Online Account Numbers: discoversoan@orbiscom - c:\program files\discover\SOAN
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2005-9-13 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2005-9-13 5248]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-9 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-9 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-9 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-9 66616]
    R2 IBFs;IBackup File System Driver;c:\idrive for ibackup\IBfs.sys [2005-6-7 36548]
    R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-9-11 245760]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-18 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-18 136176]
    S3 IBNP;IBackup Network Provider; [x]
    S3 nwusbmdm;Novatel Wireless Merlin CDMA EV-DO Modem Driver;c:\windows\system32\drivers\nwusbmdm.sys [2005-9-13 63360]
    S3 nwusbser;Novatel Wireless Merlin CDMA EV-DO Status Port;c:\windows\system32\drivers\nwusbser.sys [2005-9-13 63360]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-10-31 23:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    ============= FINISH: 10:01:32.02 ===============
  2. 2012-01-08, 17:27 #2
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello and welcome to Safer Networking.

    I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

    Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

    Please be patient with me during this time.

    Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  3. 2012-01-08, 19:17 #3
    bhubertus
    bhubertus is offline
    Member
    Join Date
    Oct 2006
    Posts
    49

    Default

    Hello,

    I've read your reply and I'm still here.

    Thx
  4. 2012-01-09, 01:42 #4
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello bhubertus ,

    Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

    Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
    • Please observe and follow these Forum Rules.
    • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
    • Please read the instructions carefully and follow them closely, in the order they are presented to you.
    • If you have any doubts or problems during the fix, please stop and ask.
    • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
    • Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
    • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
    • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
    • If you do not reply within 3 days, this topic will be closed.

    If you are agreeable to the above, then everything should go smoothly . We may begin.

    --------------------

    Your log looks clean. Your problem could be not malware related. What other symptoms do you experience?

    Is this a business machine?
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  5. 2012-01-10, 08:02 #5
    bhubertus
    bhubertus is offline
    Member
    Join Date
    Oct 2006
    Posts
    49

    Default

    This is my home laptop. I'm not sure if it's an infection or not but I had some some odd things happen in the past. First of all, my previous laptop died when I got a blue screen and it wouldn't boot anymore. I took it to a place to clean it and they said system files had been corrupted. I can't remember for sure if they were able to find evidence of malware but I bought an ATA to USB adapter and transferred my photos, etc to this laptop. (They're both older laptops, bought probably around 2005.)

    About a month ago I used this laptop to pull pictures off of my camera's xD card and something weird happened. It pulled ~70 pics out of ~1000 and then wasn't able to access the card anymore (of the 70 pics only 1 was actually viewable). I had a software guy at my work look at the xD card using a linux system and he determined that a quick format command had been issued and he was able to recover the photos. He speculated that it could be a driver problem while accessing the xD card or even possibly a virus (I could imagine a particularly sh*tty virus that would format a memory card when transferring photos). Then a couple weeks later I got the blue screen out of the blue and it felt somewhat like deja vu from the previous laptop dying.

    So the combination of one laptop dying a blue screen death, transferring files from it to another laptop which then mysteriously eats the pictures from a memory card, then having a similar-feeling blue screen made me suspect malware of some sort. Kind of a long explanation but I wanted you to know my experience so far.
  6. 2012-01-10, 08:46 #6
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello bhubertus ,

    Well, the symptoms do sound like hardware issues considering the age.

    Lets take a look to be sure. It would be prudent to do some backing up if you haven't.

    There are also some outdated programs that could become a security risk if not addressed, but we will work on them only after we have confirmed the hardware status.

    --------------------

    Please download MiniToolBox© by farbar and save it to your desktop. Click here.
    • Double click on MiniToolBox.exe to run it.
      Please check (tick) the following options:
      • List last 10 Event Viewer Errors
      • List Users, Partitions and Memory size.
      • List Minidump Files
    • Click on the GO button. A log will open.
    • Please post the contents of this log. It can also be found on the desktop as Result.txt.


    --------------------

    Please download aswMBR and save it to your desktop. Click here.
    • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
    • If you need help to disable your protection programs see here and here.
    • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
    • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.
    • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
    • Please post the contents of the log in your next reply.


    --------------------

    Please post back:
    1. MiniToolBox result
    2. aswMBR log
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  7. 2012-01-11, 06:00 #7
    bhubertus
    bhubertus is offline
    Member
    Join Date
    Oct 2006
    Posts
    49

    Default

    1. MiniToolBox result


    MiniToolBox by Farbar
    Ran by Sandra (administrator) on 10-01-2012 at 21:55:32
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (01/10/2012 09:54:38 PM) (Source: Brother BrLog) (User: )
    Description: STI BrtSTI: [2012/01/10 21:54:38.292]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:53:28 PM) (Source: Brother BrLog) (User: )
    Description: STI BrtSTI: [2012/01/10 21:53:28.752]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:52:19 PM) (Source: Brother BrLog) (User: )
    Description: STI BrtSTI: [2012/01/10 21:52:19.712]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:51:10 PM) (Source: Brother BrLog) (User: )
    Description: STI BrtSTI: [2012/01/10 21:51:10.683]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:50:01 PM) (Source: Brother BrLog) (User: )
    Description: STI BrtSTI: [2012/01/10 21:50:01.674]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:48:52 PM) (Source: Brother BrLog) (User: )
    Description: STI BrtSTI: [2012/01/10 21:48:52.655]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:47:43 PM) (Source: Brother BrLog) (User: )
    Description: STI BrtSTI: [2012/01/10 21:47:43.635]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:46:34 PM) (Source: Brother BrLog) (User: )
    Description: STI BrtSTI: [2012/01/10 21:46:34.626]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:45:25 PM) (Source: Brother BrLog) (User: )
    Description: STI BrtSTI: [2012/01/10 21:45:25.607]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:44:16 PM) (Source: Brother BrLog) (User: )
    Description: STI BrtSTI: [2012/01/10 21:44:16.598]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]


    System errors:
    =============
    Error: (01/10/2012 09:41:00 PM) (Source: Dhcp) (User: )
    Description: Your computer was not assigned an address from the network (by the DHCP
    Server) for the Network Card with network address 0012F0410A29. The following error
    occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.

    Error: (01/04/2012 11:46:40 AM) (Source: Dhcp) (User: )
    Description: Your computer has lost the lease to its IP address 192.168.1.11 on the
    Network Card with network address 0012F0410A29.

    Error: (01/01/2012 01:57:17 AM) (Source: W32Time) (User: )
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible.
    No attempt to contact a source will be made for 14 minutes.
    NtpClient has no source of accurate time.

    Error: (01/01/2012 01:57:17 AM) (Source: W32Time) (User: )
    Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
    configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
    minutes.
    The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    Error: (01/01/2012 01:57:08 AM) (Source: Dhcp) (User: )
    Description: Your computer has lost the lease to its IP address 192.168.1.8 on the
    Network Card with network address 0012F0410A29.

    Error: (12/28/2011 10:20:58 AM) (Source: Dhcp) (User: )
    Description: Your computer was not assigned an address from the network (by the DHCP
    Server) for the Network Card with network address 0012F0410A29. The following error
    occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.

    Error: (12/28/2011 10:17:21 AM) (Source: Service Control Manager) (User: )
    Description: The Panasonic Trap Monitor Service service terminated with the following error:
    %%183

    Error: (12/28/2011 10:00:14 AM) (Source: Service Control Manager) (User: )
    Description: The CL500_510 Remote Server service has reported an invalid current state 0.

    Error: (12/28/2011 09:57:45 AM) (Source: Service Control Manager) (User: )
    Description: The Panasonic Trap Monitor Service service terminated with the following error:
    %%183

    Error: (12/28/2011 09:38:02 AM) (Source: System Error) (User: )
    Description: Error code 1000008e, parameter1 c0000005, parameter2 bf955389, parameter3 a7635c00, parameter4 00000000.


    Microsoft Office Sessions:
    =========================
    Error: (01/10/2012 09:54:38 PM) (Source: Brother BrLog)(User: )
    Description: STIBrtSTI: [2012/01/10 21:54:38.292]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:53:28 PM) (Source: Brother BrLog)(User: )
    Description: STIBrtSTI: [2012/01/10 21:53:28.752]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:52:19 PM) (Source: Brother BrLog)(User: )
    Description: STIBrtSTI: [2012/01/10 21:52:19.712]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:51:10 PM) (Source: Brother BrLog)(User: )
    Description: STIBrtSTI: [2012/01/10 21:51:10.683]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:50:01 PM) (Source: Brother BrLog)(User: )
    Description: STIBrtSTI: [2012/01/10 21:50:01.674]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:48:52 PM) (Source: Brother BrLog)(User: )
    Description: STIBrtSTI: [2012/01/10 21:48:52.655]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:47:43 PM) (Source: Brother BrLog)(User: )
    Description: STIBrtSTI: [2012/01/10 21:47:43.635]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:46:34 PM) (Source: Brother BrLog)(User: )
    Description: STIBrtSTI: [2012/01/10 21:46:34.626]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:45:25 PM) (Source: Brother BrLog)(User: )
    Description: STIBrtSTI: [2012/01/10 21:45:25.607]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]

    Error: (01/10/2012 09:44:16 PM) (Source: Brother BrLog)(User: )
    Description: STIBrtSTI: [2012/01/10 21:44:16.598]: [00000212]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[208.69.32.145]


    ========================= Memory info: ===================================

    Percentage of memory in use: 43%
    Total physical RAM: 1527.42 MB
    Available physical RAM: 860.9 MB
    Total Pagefile: 2136.75 MB
    Available Pagefile: 1467.75 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1978.2 MB

    ========================= Partitions: =====================================

    1 Drive c: (SQ003520) (Fixed) (Total:74.33 GB) (Free:23.98 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\SANDRA-LAPTOP

    Administrator ASPNET Guest
    HelpAssistant Sandra SUPPORT_388945a0

    ========================= Minidump Files ==================================

    C:\WINDOWS\Minidump\Mini012006-01.dmp
    C:\WINDOWS\Minidump\Mini122811-01.dmp

    **** End of log ****


    2. aswMBR log


    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-10 22:03:23
    -----------------------------
    22:03:23.917 OS Version: Windows 5.1.2600 Service Pack 3
    22:03:23.917 Number of processors: 1 586 0xD08
    22:03:23.917 ComputerName: SANDRA-LAPTOP UserName: Sandra
    22:03:25.420 Initialize success
    22:04:36.432 AVAST engine defs: 12011001
    22:04:59.445 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    22:04:59.445 Disk 0 Vendor: FUJITSU_MHT2080AT 0022 Size: 76319MB BusType: 3
    22:04:59.445 Device \Driver\atapi -> DriverStartIo f7483864
    22:04:59.445 Device \Driver\atapi -> MajorFunction 89f1bf00
    22:04:59.465 Disk 0 MBR read successfully
    22:04:59.475 Disk 0 MBR scan
    22:04:59.535 Disk 0 unknown MBR code
    22:04:59.535 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76112 MB offset 63
    22:04:59.565 Disk 0 Partition 2 00 88 Linux plaintext A*Kárò'ó 203 MB offset 155878695
    22:04:59.575 Disk 0 scanning sectors +156296385
    22:04:59.615 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:05:15.187 Service scanning
    22:05:16.489 Modules scanning
    22:05:33.374 Module: C:\WINDOWS\system32\dla\tfsndres.sys **SUSPICIOUS**
    22:05:39.522 Disk 0 trace - called modules:
    22:05:39.542 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89f1bf00]<<
    22:05:39.552 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3d0ab8]
    22:05:39.552 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a454978]
    22:05:39.552 5 ACPI.sys[f7588620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a37f940]
    22:05:39.562 \Driver\atapi[0x8a380b08] -> IRP_MJ_CREATE -> 0x89f1bf00
    22:05:40.183 AVAST engine scan C:\WINDOWS
    22:06:08.935 AVAST engine scan C:\WINDOWS\system32
    22:08:21.275 AVAST engine scan C:\WINDOWS\system32\drivers
    22:08:38.620 AVAST engine scan C:\Documents and Settings\Sandra
    22:50:39.044 AVAST engine scan C:\Documents and Settings\All Users
    22:51:37.238 Scan finished successfully
    22:55:00.059 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sandra\Desktop\MBR.dat"
    22:55:00.059 The log file has been saved successfully to "C:\Documents and Settings\Sandra\Desktop\aswMBR.txt"
  8. 2012-01-11, 06:52 #8
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello bhubertus ,

    Disable CD Emulation drivers
    • Please download DeFogger© by jpshortstuff and save it to your desktop. Click here.
    • Double click on DeFogger.exe to run the tool.
    • The application window will appear.
    • Click the Disable button to disable your CD Emulation drivers.
    • Click Yes to continue.
    • A Finished! message will appear, then click OK.
    • DeFogger will now ask to reboot the machine, click OK.
    • DO NOT re-enable these drivers until otherwise instructed.


    If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Then, repeat the aswMBR step and post back the latest result.

    --------------------

    Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here.
    • Alternatively, you may get the zip version and extract the file to the desktop.
    • Double click on TDSSKiller.exe to execute it.
    • Click on Change parameters, then check (tick) Verify driver digital signatures and Detect TDLFS file system.
    • Click OK and press Start scan to begin.
    • If anything is found, please change all the actions to Skip only. <-- Important, please select Skip only, DO NOT proceed other actions.
    • Then click on Continue at the lower right corner.
    • You may be prompted to reboot your computer, please consent.
    • Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
    • Please post the contents of this log.


    --------------------

    Please zip this file up and attach it in your reply:
    C:\WINDOWS\Minidump\Mini122811-01.dmp

    --------------------

    Please post back:
    1. new aswMBR log
    2. TDSSKiller log
    3. the minidump file as attachment
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  9. 2012-01-12, 04:03 #9
    bhubertus
    bhubertus is offline
    Member
    Join Date
    Oct 2006
    Posts
    49

    Default

    1. new aswMBR log

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-11 19:54:11
    -----------------------------
    19:54:11.666 OS Version: Windows 5.1.2600 Service Pack 3
    19:54:11.686 Number of processors: 1 586 0xD08
    19:54:11.686 ComputerName: SANDRA-LAPTOP UserName: Sandra
    19:54:32.496 Initialize success
    19:54:46.296 AVAST engine defs: 12011001
    19:55:39.913 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    19:55:39.913 Disk 0 Vendor: FUJITSU_MHT2080AT 0022 Size: 76319MB BusType: 3
    19:55:39.943 Disk 0 MBR read successfully
    19:55:39.943 Disk 0 MBR scan
    19:55:40.003 Disk 0 unknown MBR code
    19:55:40.003 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76112 MB offset 63
    19:55:40.033 Disk 0 Partition 2 00 88 Linux plaintext A*Kárò'ó 203 MB offset 155878695
    19:55:40.073 Disk 0 scanning sectors +156296385
    19:55:40.123 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:55:55.445 Service scanning
    19:55:56.767 Modules scanning
    19:56:04.959 Module: C:\WINDOWS\system32\dla\tfsndres.sys **SUSPICIOUS**
    19:56:06.421 Disk 0 trace - called modules:
    19:56:06.802 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    19:56:06.802 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3cfab8]
    19:56:06.812 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000007b[0x8a453788]
    19:56:06.812 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a3874d0]
    19:56:07.372 AVAST engine scan C:\WINDOWS
    19:56:34.762 AVAST engine scan C:\WINDOWS\system32
    19:58:47.453 AVAST engine scan C:\WINDOWS\system32\drivers
    19:59:05.408 AVAST engine scan C:\Documents and Settings\Sandra
    20:45:25.206 AVAST engine scan C:\Documents and Settings\All Users
    20:46:25.943 Scan finished successfully
    20:50:44.965 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sandra\Desktop\MBR.dat"
    20:50:44.965 The log file has been saved successfully to "C:\Documents and Settings\Sandra\Desktop\aswMBR2.txt"


    2. TDSSKiller log

    20:53:44.0694 1860 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
    20:53:46.0707 1860 ============================================================
    20:53:46.0707 1860 Current date / time: 2012/01/11 20:53:46.0707
    20:53:46.0707 1860 SystemInfo:
    20:53:46.0707 1860
    20:53:46.0707 1860 OS Version: 5.1.2600 ServicePack: 3.0
    20:53:46.0707 1860 Product type: Workstation
    20:53:46.0707 1860 ComputerName: SANDRA-LAPTOP
    20:53:46.0707 1860 UserName: Sandra
    20:53:46.0707 1860 Windows directory: C:\WINDOWS
    20:53:46.0707 1860 System windows directory: C:\WINDOWS
    20:53:46.0707 1860 Processor architecture: Intel x86
    20:53:46.0707 1860 Number of processors: 1
    20:53:46.0707 1860 Page size: 0x1000
    20:53:46.0707 1860 Boot type: Normal boot
    20:53:46.0707 1860 ============================================================
    20:53:50.0702 1860 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000, SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
    20:53:50.0793 1860 Initialize success
    20:54:10.0211 2792 ============================================================
    20:54:10.0211 2792 Scan started
    20:54:10.0211 2792 Mode: Manual; SigCheck; TDLFS;
    20:54:10.0211 2792 ============================================================
    20:54:11.0012 2792 Abiosdsk - ok
    20:54:11.0062 2792 abp480n5 - ok
    20:54:11.0142 2792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:54:13.0826 2792 ACPI - ok
    20:54:13.0976 2792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    20:54:14.0216 2792 ACPIEC - ok
    20:54:14.0236 2792 adpu160m - ok
    20:54:14.0336 2792 aeaudio (f13d8e7e1faa31019c25eb17b5fb2662) C:\WINDOWS\system32\drivers\aeaudio.sys
    20:54:14.0397 2792 aeaudio - ok
    20:54:14.0687 2792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    20:54:14.0897 2792 aec - ok
    20:54:15.0017 2792 AegisP (f498fd605c08404b20a48954c722ff74) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    20:54:15.0088 2792 AegisP ( UnsignedFile.Multi.Generic ) - warning
    20:54:15.0088 2792 AegisP - detected UnsignedFile.Multi.Generic (1)
    20:54:15.0198 2792 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    20:54:15.0318 2792 AFD - ok
    20:54:15.0578 2792 AgereSoftModem (b06d36c988152b4c8dea71235f6d1011) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    20:54:15.0909 2792 AgereSoftModem - ok
    20:54:15.0959 2792 Aha154x - ok
    20:54:16.0009 2792 aic78u2 - ok
    20:54:16.0059 2792 aic78xx - ok
    20:54:16.0109 2792 AliIde - ok
    20:54:16.0179 2792 amsint - ok
    20:54:16.0329 2792 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    20:54:16.0520 2792 Arp1394 - ok
    20:54:16.0580 2792 asc - ok
    20:54:16.0630 2792 asc3350p - ok
    20:54:16.0670 2792 asc3550 - ok
    20:54:16.0770 2792 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    20:54:16.0790 2792 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
    20:54:16.0790 2792 ASCTRM - detected UnsignedFile.Multi.Generic (1)
    20:54:16.0880 2792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:54:17.0060 2792 AsyncMac - ok
    20:54:17.0221 2792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:54:17.0361 2792 atapi - ok
    20:54:17.0471 2792 Atdisk - ok
    20:54:17.0571 2792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:54:17.0741 2792 Atmarpc - ok
    20:54:17.0801 2792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:54:18.0012 2792 audstub - ok
    20:54:18.0202 2792 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    20:54:18.0252 2792 avgio - ok
    20:54:18.0292 2792 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    20:54:18.0382 2792 avgntflt - ok
    20:54:18.0482 2792 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    20:54:18.0522 2792 avipbb - ok
    20:54:18.0633 2792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:54:18.0803 2792 Beep - ok
    20:54:18.0943 2792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:54:19.0143 2792 cbidf2k - ok
    20:54:19.0203 2792 cd20xrnt - ok
    20:54:19.0274 2792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:54:19.0444 2792 Cdaudio - ok
    20:54:19.0554 2792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:54:19.0734 2792 Cdfs - ok
    20:54:19.0914 2792 Cdr4_xp (c269488c6432b58922c5a3a5fa6ee119) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    20:54:19.0965 2792 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning
    20:54:19.0965 2792 Cdr4_xp - detected UnsignedFile.Multi.Generic (1)
    20:54:20.0025 2792 Cdralw2k (baced3e0135a880d5249b09000aee285) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    20:54:20.0055 2792 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning
    20:54:20.0055 2792 Cdralw2k - detected UnsignedFile.Multi.Generic (1)
    20:54:20.0125 2792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:54:20.0295 2792 Cdrom - ok
    20:54:20.0395 2792 Changer - ok
    20:54:20.0505 2792 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    20:54:20.0676 2792 CmBatt - ok
    20:54:20.0696 2792 CmdIde - ok
    20:54:20.0746 2792 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    20:54:20.0916 2792 Compbatt - ok
    20:54:21.0056 2792 Cpqarray - ok
    20:54:21.0166 2792 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
    20:54:21.0226 2792 d347bus ( UnsignedFile.Multi.Generic ) - warning
    20:54:21.0226 2792 d347bus - detected UnsignedFile.Multi.Generic (1)
    20:54:21.0246 2792 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys
    20:54:21.0286 2792 d347prt ( UnsignedFile.Multi.Generic ) - warning
    20:54:21.0286 2792 d347prt - detected UnsignedFile.Multi.Generic (1)
    20:54:21.0306 2792 dac2w2k - ok
    20:54:21.0327 2792 dac960nt - ok
    20:54:21.0357 2792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:54:21.0547 2792 Disk - ok
    20:54:21.0647 2792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    20:54:21.0927 2792 dmboot - ok
    20:54:21.0977 2792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    20:54:22.0178 2792 dmio - ok
    20:54:22.0368 2792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:54:22.0548 2792 dmload - ok
    20:54:22.0598 2792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    20:54:22.0759 2792 DMusic - ok
    20:54:22.0799 2792 dpti2o - ok
    20:54:22.0899 2792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:54:23.0039 2792 drmkaud - ok
    20:54:23.0129 2792 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
    20:54:23.0179 2792 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
    20:54:23.0179 2792 drvmcdb - detected UnsignedFile.Multi.Generic (1)
    20:54:23.0209 2792 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
    20:54:23.0269 2792 drvnddm ( UnsignedFile.Multi.Generic ) - warning
    20:54:23.0269 2792 drvnddm - detected UnsignedFile.Multi.Generic (1)
    20:54:23.0339 2792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:54:23.0530 2792 Fastfat - ok
    20:54:23.0580 2792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    20:54:23.0750 2792 Fdc - ok
    20:54:23.0770 2792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    20:54:23.0940 2792 Fips - ok
    20:54:24.0070 2792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    20:54:24.0251 2792 Flpydisk - ok
    20:54:24.0371 2792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    20:54:24.0541 2792 FltMgr - ok
    20:54:24.0601 2792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:54:24.0822 2792 Fs_Rec - ok
    20:54:24.0922 2792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:54:25.0122 2792 Ftdisk - ok
    20:54:25.0242 2792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:54:25.0412 2792 Gpc - ok
    20:54:25.0563 2792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:54:25.0713 2792 HidUsb - ok
    20:54:25.0753 2792 hpn - ok
    20:54:25.0833 2792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:54:25.0933 2792 HTTP - ok
    20:54:25.0953 2792 i2omgmt - ok
    20:54:25.0973 2792 i2omp - ok
    20:54:26.0043 2792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:54:26.0214 2792 i8042prt - ok
    20:54:26.0354 2792 ialm (510a5e1cb84e82d4e89dff3d96752048) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    20:54:26.0614 2792 ialm - ok
    20:54:26.0744 2792 IBFs (34aadf1be3c56df6fa8a974d7b46593e) C:\IDrive for IBackup\IBfs.sys
    20:54:26.0794 2792 IBFs ( UnsignedFile.Multi.Generic ) - warning
    20:54:26.0794 2792 IBFs - detected UnsignedFile.Multi.Generic (1)
    20:54:26.0915 2792 IBNP - ok
    20:54:27.0025 2792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:54:27.0205 2792 Imapi - ok
    20:54:27.0235 2792 ini910u - ok
    20:54:27.0285 2792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    20:54:27.0455 2792 IntelIde - ok
    20:54:27.0525 2792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:54:27.0686 2792 intelppm - ok
    20:54:27.0776 2792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    20:54:27.0956 2792 Ip6Fw - ok
    20:54:28.0076 2792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:54:28.0256 2792 IpFilterDriver - ok
    20:54:28.0377 2792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:54:28.0557 2792 IpInIp - ok
    20:54:28.0647 2792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:54:28.0807 2792 IpNat - ok
    20:54:28.0867 2792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:54:29.0028 2792 IPSec - ok
    20:54:29.0118 2792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:54:29.0278 2792 IRENUM - ok
    20:54:29.0388 2792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:54:29.0669 2792 isapnp - ok
    20:54:29.0959 2792 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
    20:54:30.0029 2792 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
    20:54:30.0029 2792 Iviaspi - detected UnsignedFile.Multi.Generic (1)
    20:54:30.0229 2792 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
    20:54:30.0460 2792 IWCA - ok
    20:54:30.0610 2792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:54:30.0780 2792 Kbdclass - ok
    20:54:30.0880 2792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    20:54:31.0030 2792 kbdhid - ok
    20:54:31.0161 2792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    20:54:31.0361 2792 kmixer - ok
    20:54:31.0501 2792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:54:31.0621 2792 KSecDD - ok
    20:54:31.0711 2792 lbrtfdc - ok
    20:54:31.0792 2792 meiudf (6a75fd0b5f008d711dc44d9693e8d632) C:\WINDOWS\system32\Drivers\meiudf.sys
    20:54:31.0842 2792 meiudf ( UnsignedFile.Multi.Generic ) - warning
    20:54:31.0842 2792 meiudf - detected UnsignedFile.Multi.Generic (1)
    20:54:31.0982 2792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    20:54:32.0192 2792 mnmdd - ok
    20:54:32.0302 2792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    20:54:32.0463 2792 Modem - ok
    20:54:32.0603 2792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:54:32.0773 2792 Mouclass - ok
    20:54:32.0913 2792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:54:33.0083 2792 mouhid - ok
    20:54:33.0154 2792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:54:33.0344 2792 MountMgr - ok
    20:54:33.0654 2792 mraid35x - ok
    20:54:33.0714 2792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:54:33.0895 2792 MRxDAV - ok
    20:54:34.0035 2792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:54:34.0225 2792 MRxSmb - ok
    20:54:34.0305 2792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    20:54:34.0475 2792 Msfs - ok
    20:54:34.0606 2792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:54:34.0776 2792 MSKSSRV - ok
    20:54:34.0856 2792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:54:35.0036 2792 MSPCLOCK - ok
    20:54:35.0126 2792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:54:35.0317 2792 MSPQM - ok
    20:54:35.0367 2792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:54:35.0537 2792 mssmbios - ok
    20:54:35.0617 2792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    20:54:35.0757 2792 Mup - ok
    20:54:35.0968 2792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    20:54:36.0148 2792 NDIS - ok
    20:54:36.0318 2792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:54:36.0368 2792 NdisTapi - ok
    20:54:36.0568 2792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:54:36.0749 2792 Ndisuio - ok
    20:54:36.0799 2792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:54:36.0959 2792 NdisWan - ok
    20:54:37.0069 2792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:54:37.0189 2792 NDProxy - ok
    20:54:37.0370 2792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:54:37.0550 2792 NetBIOS - ok
    20:54:37.0710 2792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:54:37.0890 2792 NetBT - ok
    20:54:38.0011 2792 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    20:54:38.0051 2792 Netdevio ( UnsignedFile.Multi.Generic ) - warning
    20:54:38.0051 2792 Netdevio - detected UnsignedFile.Multi.Generic (1)
    20:54:38.0141 2792 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    20:54:38.0291 2792 NIC1394 - ok
    20:54:38.0391 2792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    20:54:38.0571 2792 Npfs - ok
    20:54:38.0732 2792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:54:38.0962 2792 Ntfs - ok
    20:54:39.0122 2792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:54:39.0322 2792 Null - ok
    20:54:39.0413 2792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:54:39.0603 2792 NwlnkFlt - ok
    20:54:39.0703 2792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:54:39.0873 2792 NwlnkFwd - ok
    20:54:40.0053 2792 nwusbmdm (005634fc30e95f1c2691095c7f79371b) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
    20:54:40.0174 2792 nwusbmdm - ok
    20:54:40.0284 2792 nwusbser (005634fc30e95f1c2691095c7f79371b) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
    20:54:40.0304 2792 nwusbser - ok
    20:54:40.0414 2792 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    20:54:40.0574 2792 ohci1394 - ok
    20:54:40.0714 2792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    20:54:40.0885 2792 Parport - ok
    20:54:40.0995 2792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:54:41.0165 2792 PartMgr - ok
    20:54:41.0275 2792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:54:41.0465 2792 ParVdm - ok
    20:54:41.0566 2792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:54:41.0766 2792 PCI - ok
    20:54:41.0806 2792 PCIDump - ok
    20:54:41.0906 2792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:54:42.0106 2792 PCIIde - ok
    20:54:42.0166 2792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    20:54:42.0337 2792 Pcmcia - ok
    20:54:42.0437 2792 PDCOMP - ok
    20:54:42.0487 2792 PDFRAME - ok
    20:54:42.0507 2792 PDRELI - ok
    20:54:42.0527 2792 PDRFRAME - ok
    20:54:42.0547 2792 perc2 - ok
    20:54:42.0567 2792 perc2hib - ok
    20:54:42.0647 2792 Pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
    20:54:42.0677 2792 Pfc ( UnsignedFile.Multi.Generic ) - warning
    20:54:42.0677 2792 Pfc - detected UnsignedFile.Multi.Generic (1)
    20:54:42.0767 2792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:54:42.0948 2792 PptpMiniport - ok
    20:54:42.0968 2792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:54:43.0538 2792 PSched - ok
    20:54:43.0579 2792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:54:43.0789 2792 Ptilink - ok
    20:54:43.0879 2792 PxHelp20 (9ad4d2414b18900a192d47c417b01a13) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    20:54:43.0909 2792 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
    20:54:43.0909 2792 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
    20:54:43.0989 2792 ql1080 - ok
    20:54:44.0029 2792 Ql10wnt - ok
    20:54:44.0059 2792 ql12160 - ok
    20:54:44.0069 2792 ql1240 - ok
    20:54:44.0089 2792 ql1280 - ok
    20:54:44.0169 2792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:54:44.0340 2792 RasAcd - ok
    20:54:44.0410 2792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:54:44.0560 2792 Rasl2tp - ok
    20:54:44.0610 2792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:54:44.0760 2792 RasPppoe - ok
    20:54:44.0800 2792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:54:44.0991 2792 Raspti - ok
    20:54:45.0051 2792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:54:45.0231 2792 Rdbss - ok
    20:54:45.0301 2792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:54:45.0531 2792 RDPCDD - ok
    20:54:45.0621 2792 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:54:45.0672 2792 RDPWD - ok
    20:54:45.0762 2792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:54:45.0922 2792 redbook - ok
    20:54:46.0022 2792 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    20:54:46.0062 2792 s24trans ( UnsignedFile.Multi.Generic ) - warning
    20:54:46.0062 2792 s24trans - detected UnsignedFile.Multi.Generic (1)
    20:54:46.0192 2792 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    20:54:46.0332 2792 sdbus - ok
    20:54:46.0443 2792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:54:46.0623 2792 Secdrv - ok
    20:54:46.0733 2792 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    20:54:46.0913 2792 Serenum - ok
    20:54:47.0023 2792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    20:54:47.0214 2792 Serial - ok
    20:54:47.0254 2792 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    20:54:47.0464 2792 sffdisk - ok
    20:54:47.0494 2792 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    20:54:47.0674 2792 sffp_sd - ok
    20:54:47.0714 2792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:54:47.0855 2792 Sfloppy - ok
    20:54:47.0885 2792 Simbad - ok
    20:54:48.0055 2792 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
    20:54:48.0095 2792 SMNDIS5 ( UnsignedFile.Multi.Generic ) - warning
    20:54:48.0095 2792 SMNDIS5 - detected UnsignedFile.Multi.Generic (1)
    20:54:48.0205 2792 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
    20:54:48.0295 2792 smwdm - ok
    20:54:48.0365 2792 Sparrow - ok
    20:54:48.0456 2792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    20:54:48.0626 2792 splitter - ok
    20:54:48.0716 2792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    20:54:48.0876 2792 sr - ok
    20:54:49.0036 2792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    20:54:49.0157 2792 Srv - ok
    20:54:49.0237 2792 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    20:54:49.0327 2792 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
    20:54:49.0327 2792 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
    20:54:49.0477 2792 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    20:54:49.0487 2792 ssmdrv - ok
    20:54:49.0617 2792 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
    20:54:49.0657 2792 ssrtln ( UnsignedFile.Multi.Generic ) - warning
    20:54:49.0657 2792 ssrtln - detected UnsignedFile.Multi.Generic (1)
    20:54:49.0737 2792 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    20:54:49.0958 2792 StillCam - ok
    20:54:50.0078 2792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:54:50.0258 2792 swenum - ok
    20:54:50.0388 2792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    20:54:50.0549 2792 swmidi - ok
    20:54:50.0629 2792 symc810 - ok
    20:54:50.0699 2792 symc8xx - ok
    20:54:50.0779 2792 SYMIDSCO - ok
    20:54:50.0829 2792 sym_hi - ok
    20:54:50.0889 2792 sym_u3 - ok
    20:54:51.0009 2792 SynTP (f6770219b73bd989d5613d2e9c78a227) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    20:54:51.0149 2792 SynTP - ok
    20:54:51.0250 2792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    20:54:51.0420 2792 sysaudio - ok
    20:54:51.0560 2792 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
    20:54:51.0650 2792 TBiosDrv ( UnsignedFile.Multi.Generic ) - warning
    20:54:51.0650 2792 TBiosDrv - detected UnsignedFile.Multi.Generic (1)
    20:54:51.0810 2792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:54:52.0011 2792 Tcpip - ok
    20:54:52.0111 2792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:54:52.0301 2792 TDPIPE - ok
    20:54:52.0391 2792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    20:54:52.0561 2792 TDTCP - ok
    20:54:52.0622 2792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:54:52.0782 2792 TermDD - ok
    20:54:52.0942 2792 tfsnboio (2aceb9567639ff2db9d862104a80227a) C:\WINDOWS\system32\dla\tfsnboio.sys
    20:54:52.0992 2792 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
    20:54:52.0992 2792 tfsnboio - detected UnsignedFile.Multi.Generic (1)
    20:54:53.0102 2792 tfsncofs (d9f936eac2a6d55e3de87bedff8137a9) C:\WINDOWS\system32\dla\tfsncofs.sys
    20:54:53.0162 2792 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
    20:54:53.0162 2792 tfsncofs - detected UnsignedFile.Multi.Generic (1)
    20:54:53.0232 2792 tfsndrct (0fd9805bc047ada2cff540d4b7fa71fb) C:\WINDOWS\system32\dla\tfsndrct.sys
    20:54:53.0282 2792 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
    20:54:53.0282 2792 tfsndrct - detected UnsignedFile.Multi.Generic (1)
    20:54:53.0343 2792 tfsndres (f8b907198e2540a4a340f1e6775f7b71) C:\WINDOWS\system32\dla\tfsndres.sys
    20:54:53.0383 2792 tfsndres ( UnsignedFile.Multi.Generic ) - warning
    20:54:53.0383 2792 tfsndres - detected UnsignedFile.Multi.Generic (1)
    20:54:53.0443 2792 tfsnifs (fb11349b31346290d098941f0216cc45) C:\WINDOWS\system32\dla\tfsnifs.sys
    20:54:53.0513 2792 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
    20:54:53.0513 2792 tfsnifs - detected UnsignedFile.Multi.Generic (1)
    20:54:53.0573 2792 tfsnopio (1994265f3a90e23a9434bba687f1a069) C:\WINDOWS\system32\dla\tfsnopio.sys
    20:54:53.0643 2792 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
    20:54:53.0643 2792 tfsnopio - detected UnsignedFile.Multi.Generic (1)
    20:54:53.0743 2792 tfsnpool (0b3d2bd550aa63bfd25ae8c5afbf7f76) C:\WINDOWS\system32\dla\tfsnpool.sys
    20:54:53.0773 2792 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
    20:54:53.0773 2792 tfsnpool - detected UnsignedFile.Multi.Generic (1)
    20:54:53.0883 2792 tfsnudf (716edddba259a2d699332df95301edda) C:\WINDOWS\system32\dla\tfsnudf.sys
    20:54:53.0943 2792 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
    20:54:53.0943 2792 tfsnudf - detected UnsignedFile.Multi.Generic (1)
    20:54:54.0034 2792 tfsnudfa (a8ee7bbdd0b8c01e38221d0dca2e7aaa) C:\WINDOWS\system32\dla\tfsnudfa.sys
    20:54:54.0104 2792 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
    20:54:54.0104 2792 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
    20:54:54.0234 2792 tifm21 (467ff7fb078dcec24c3f4db602190e3d) C:\WINDOWS\system32\drivers\tifm21.sys
    20:54:54.0314 2792 tifm21 - ok
    20:54:54.0374 2792 TosIde - ok
    20:54:54.0484 2792 TVALD (7420b0c35be9d7e9651ceb1456948c87) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
    20:54:54.0524 2792 TVALD ( UnsignedFile.Multi.Generic ) - warning
    20:54:54.0524 2792 TVALD - detected UnsignedFile.Multi.Generic (1)
    20:54:54.0624 2792 Tvs (ae90ad1420e25177f6ceb286da9eedc4) C:\WINDOWS\system32\DRIVERS\Tvs.sys
    20:54:54.0674 2792 Tvs ( UnsignedFile.Multi.Generic ) - warning
    20:54:54.0674 2792 Tvs - detected UnsignedFile.Multi.Generic (1)
    20:54:54.0815 2792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    20:54:54.0975 2792 Udfs - ok
    20:54:55.0045 2792 ultra - ok
    20:54:55.0185 2792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    20:54:55.0365 2792 Update - ok
    20:54:55.0466 2792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:54:55.0646 2792 usbccgp - ok
    20:54:55.0776 2792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:54:55.0936 2792 usbehci - ok
    20:54:56.0076 2792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:54:56.0247 2792 usbhub - ok
    20:54:56.0377 2792 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    20:54:56.0557 2792 usbohci - ok
    20:54:56.0647 2792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:54:56.0788 2792 USBSTOR - ok
    20:54:56.0868 2792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:54:57.0038 2792 usbuhci - ok
    20:54:57.0108 2792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    20:54:57.0278 2792 VgaSave - ok
    20:54:57.0348 2792 ViaIde - ok
    20:54:57.0448 2792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    20:54:57.0629 2792 VolSnap - ok
    20:54:58.0019 2792 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
    20:54:58.0510 2792 w29n51 - ok
    20:54:58.0670 2792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:54:58.0860 2792 Wanarp - ok
    20:54:59.0021 2792 wanatw - ok
    20:54:59.0071 2792 WDICA - ok
    20:54:59.0141 2792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    20:54:59.0301 2792 wdmaud - ok
    20:54:59.0501 2792 yukonwxp (bac4e920c920168c302c90c0f37740f6) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    20:54:59.0612 2792 yukonwxp - ok
    20:54:59.0652 2792 MBR (0x1B8) (c30dc047bf3a4678e0707b0af80d6b28) \Device\Harddisk0\DR0
    20:54:59.0982 2792 \Device\Harddisk0\DR0 - ok
    20:54:59.0982 2792 Boot (0x1200) (6b6631300ae10c9db5f001b0b139b631) \Device\Harddisk0\DR0\Partition0
    20:54:59.0982 2792 \Device\Harddisk0\DR0\Partition0 - ok
    20:54:59.0992 2792 ============================================================
    20:54:59.0992 2792 Scan finished
    20:54:59.0992 2792 ============================================================
    20:55:00.0122 2256 Detected object count: 30
    20:55:00.0122 2256 Actual detected object count: 30
    20:55:39.0409 2256 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0409 2256 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0419 2256 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0419 2256 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0419 2256 Cdr4_xp ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0419 2256 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0419 2256 Cdralw2k ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0419 2256 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0419 2256 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0419 2256 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0419 2256 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0419 2256 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0419 2256 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0419 2256 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0419 2256 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0419 2256 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0429 2256 IBFs ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0429 2256 IBFs ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0429 2256 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0429 2256 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0429 2256 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0429 2256 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0429 2256 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0429 2256 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0429 2256 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0429 2256 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0429 2256 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0429 2256 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0429 2256 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0429 2256 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0429 2256 SMNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0429 2256 SMNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0439 2256 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0439 2256 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0439 2256 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0439 2256 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0439 2256 TBiosDrv ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0439 2256 TBiosDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0439 2256 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0439 2256 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0439 2256 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0439 2256 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0439 2256 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0439 2256 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0439 2256 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0439 2256 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0439 2256 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0439 2256 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0449 2256 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0449 2256 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0449 2256 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0449 2256 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0449 2256 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0449 2256 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0449 2256 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0449 2256 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0449 2256 TVALD ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0449 2256 TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:55:39.0449 2256 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
    20:55:39.0449 2256 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:57:16.0118 1864 Deinitialize success
  10. 2012-01-13, 01:24 #10
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello bhubertus ,

    I am not seeing any malware. All the earlier detections are not malicious. Your problem could be a driver or hardware issue.

    As such, if you still want to troubleshoot the problem via the forums, I suggest you visit one of these sites and post your problem there at the tech section:
    http://forums.whatthetech.com/index.php?
    http://www.geekstogo.com/forum/
    http://www.bleepingcomputer.com/forums/

    Remember to link to this topic.

    --------------------

    To wrap up, here are some final steps.

    Please uninstall:
    Viewpoint Media Player

    Spybot - Search & Destroy 1.3 is outdated. If you want to continue using Spybot, get the latest version here.

    --------------------

    Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

    Please update JRE to the latest.
    It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

    J2SE Runtime Environment 5.0

    • Go to the Java SE download page. Click here.
    • Under the Windows title, click on Windows 7, XP Offline (32-bit) or Windows 7, XP Offline (64-bit) and save the file to your desktop.
    • Close any programs you may have running, especially your web browser.
    • Then, from your desktop, double click on the download to install the newest version. Reboot your computer.


    --------------------

    Your Firefox browser is outdated. Older versions have security vulnerabilities that can be exploited.

    Please update your Firefox browser to the latest. You may need to use Internet Explorer temporarily for this, or download the program first before continuing the uninstall step.
    It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

    Mozilla Firefox (3.6.23)

    • Go to the Mozilla Firefox download page. Click here.
    • Click on the Free Download button and save the setup file to a convenient location.
    • Double click on the setup file and follow the steps accordingly.


    --------------------

    Here are some articles about security:
    Computer Security - a short guide to staying safer online
    PC Safety and Security - What Do I Need? By Glaswegian
    How to prevent malware: By miekiemoes
    So how did I get infected in the first place? By Tony Klein
    Microsoft Online Safety
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules