Jump to content

Recommended Posts

followed instructions posting to get some help: malware cannot update, cannot use any other browser but firefox

Malware Log:

alwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5363

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

3/30/2011 1:58:54 PM

mbam-log-2011-03-30 (13-58-54).txt

Scan type: Quick scan

Objects scanned: 158771

Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS Log:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Elida at 12:49:59.06 on Wed 03/30/2011

Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_18

Microsoft

Attach.zip.zip

Link to post
Share on other sites

thanks so much for the response, downloaded new definitions installed and ran quick scan

this is log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6092

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

3/30/2011 6:43:08 PM

mbam-log-2011-03-30 (18-43-08).txt

Scan type: Quick scan

Objects scanned: 168030

Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

OK, nothing found....please do this:

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory and look something like this:

TDSSKiller.2.4.17.0_12.02.2011_14.35.56_log.txt

---------------------------------------

*The most important things to remember when running ComboFix is download and run it from your desktop and make sure you disable your anti-virus programs before you run it.

Please download and run ComboFix:

A few notes first:

[*]ComboFix is compatible exclusively with XP and W2K (32-bit only) <===> Vista and Windows 7 (32-bit and 64-bit)

[*]ComboFix must be run from an Administrative account.

[*]Vista and W7 users - Right click, choose "Run as Administrator"

[*]It must be downloaded to and run from your desktop.

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". (see below)

[*]ComboFix Guide <---please read!

Download ComboFix from one of these locations: (you may have to use right click > save target as)

[*]Link 1

[*]Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit.

More info HERE<-------

They may interfere with the running of ComboFix.

Note: If you have AVG or CA Internet Security Suite installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download and run Opswat AppRemover

[*]Double click on ComboFix.exe & follow the prompts.

[*]Note: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

[*] Note: If you have SP3, use the SP2 package.

If Vista or Windows 7, skip the Recovery Console part

[*]ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[*]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

[*]1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

[*]2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

[*]3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun ASAP!.

[*]4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If a reboot doesn't restore your connection, please try this:

Check HERE

For XP systems download and run WinSockFix and Here

Vista users: Check HERE

Windows 7 systems: Download and run this Winsockfix.bat

[*]5.Give ComboFix at least 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

thank you for keeping up with me

TdSSKiller Blog:

2011/03/30 19:53:43.0872 5224 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/30 19:53:44.0037 5224 ================================================================================

2011/03/30 19:53:44.0037 5224 SystemInfo:

2011/03/30 19:53:44.0037 5224

2011/03/30 19:53:44.0037 5224 OS Version: 6.0.6002 ServicePack: 2.0

2011/03/30 19:53:44.0037 5224 Product type: Workstation

2011/03/30 19:53:44.0037 5224 ComputerName: ELIDA-PC

2011/03/30 19:53:44.0037 5224 UserName: Elida

2011/03/30 19:53:44.0037 5224 Windows directory: C:\Windows

2011/03/30 19:53:44.0037 5224 System windows directory: C:\Windows

2011/03/30 19:53:44.0037 5224 Processor architecture: Intel x86

2011/03/30 19:53:44.0037 5224 Number of processors: 1

2011/03/30 19:53:44.0037 5224 Page size: 0x1000

2011/03/30 19:53:44.0037 5224 Boot type: Normal boot

2011/03/30 19:53:44.0037 5224 ================================================================================

2011/03/30 19:53:45.0747 5224 Initialize success

2011/03/30 19:53:47.0970 5848 ================================================================================

2011/03/30 19:53:47.0970 5848 Scan started

2011/03/30 19:53:47.0970 5848 Mode: Manual;

2011/03/30 19:53:47.0970 5848 ================================================================================

2011/03/30 19:53:48.0247 5848 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/03/30 19:53:48.0326 5848 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/03/30 19:53:48.0426 5848 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/03/30 19:53:48.0478 5848 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/03/30 19:53:48.0590 5848 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/03/30 19:53:48.0711 5848 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2011/03/30 19:53:48.0864 5848 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/03/30 19:53:48.0972 5848 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/03/30 19:53:49.0076 5848 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/03/30 19:53:49.0124 5848 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/03/30 19:53:49.0151 5848 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/03/30 19:53:49.0247 5848 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/03/30 19:53:49.0281 5848 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

2011/03/30 19:53:49.0408 5848 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/03/30 19:53:49.0463 5848 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/03/30 19:53:49.0571 5848 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/03/30 19:53:49.0621 5848 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/03/30 19:53:49.0735 5848 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/03/30 19:53:49.0848 5848 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/03/30 19:53:49.0898 5848 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2011/03/30 19:53:49.0996 5848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/03/30 19:53:50.0026 5848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/03/30 19:53:50.0138 5848 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/03/30 19:53:50.0182 5848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/03/30 19:53:50.0229 5848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/03/30 19:53:50.0317 5848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/03/30 19:53:50.0355 5848 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/03/30 19:53:50.0565 5848 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/03/30 19:53:50.0662 5848 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/03/30 19:53:50.0720 5848 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2011/03/30 19:53:50.0807 5848 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/03/30 19:53:50.0911 5848 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/03/30 19:53:50.0949 5848 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

2011/03/30 19:53:50.0999 5848 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/03/30 19:53:51.0078 5848 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/03/30 19:53:51.0200 5848 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2011/03/30 19:53:51.0310 5848 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/03/30 19:53:51.0384 5848 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2011/03/30 19:53:51.0437 5848 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/03/30 19:53:51.0464 5848 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/03/30 19:53:51.0513 5848 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/03/30 19:53:51.0597 5848 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/03/30 19:53:51.0659 5848 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/03/30 19:53:51.0780 5848 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/03/30 19:53:51.0894 5848 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/03/30 19:53:52.0044 5848 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/03/30 19:53:52.0181 5848 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/03/30 19:53:52.0305 5848 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/03/30 19:53:52.0391 5848 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/03/30 19:53:52.0496 5848 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/03/30 19:53:52.0551 5848 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/03/30 19:53:52.0660 5848 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/03/30 19:53:52.0708 5848 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/03/30 19:53:52.0752 5848 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/03/30 19:53:52.0857 5848 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/03/30 19:53:52.0933 5848 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/03/30 19:53:53.0020 5848 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/03/30 19:53:53.0079 5848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/03/30 19:53:53.0151 5848 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/03/30 19:53:53.0250 5848 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/03/30 19:53:53.0298 5848 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/03/30 19:53:53.0354 5848 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/03/30 19:53:53.0493 5848 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/03/30 19:53:53.0600 5848 HSF_DP (617732f6c0f86df3757b1d39211c15e5) C:\Windows\system32\DRIVERS\HSX_DP.sys

2011/03/30 19:53:53.0674 5848 HSXHWBS3 (b1322e002bc4a556f83e4edde8e2f30f) C:\Windows\system32\DRIVERS\HSXHWBS3.sys

2011/03/30 19:53:53.0738 5848 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/03/30 19:53:53.0832 5848 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/03/30 19:53:53.0940 5848 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/03/30 19:53:54.0043 5848 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/03/30 19:53:54.0120 5848 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/03/30 19:53:54.0263 5848 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys

2011/03/30 19:53:54.0405 5848 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/03/30 19:53:54.0453 5848 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/03/30 19:53:54.0566 5848 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/03/30 19:53:54.0666 5848 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/03/30 19:53:54.0726 5848 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/03/30 19:53:54.0847 5848 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/03/30 19:53:54.0901 5848 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/03/30 19:53:54.0960 5848 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/03/30 19:53:55.0070 5848 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/03/30 19:53:55.0121 5848 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/03/30 19:53:55.0172 5848 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/03/30 19:53:55.0277 5848 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/03/30 19:53:55.0374 5848 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/03/30 19:53:55.0600 5848 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/03/30 19:53:55.0708 5848 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/03/30 19:53:55.0817 5848 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/03/30 19:53:55.0855 5848 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/03/30 19:53:55.0896 5848 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/03/30 19:53:55.0989 5848 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/03/30 19:53:56.0039 5848 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/03/30 19:53:56.0146 5848 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/03/30 19:53:56.0210 5848 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/03/30 19:53:56.0304 5848 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/03/30 19:53:56.0351 5848 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/03/30 19:53:56.0421 5848 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/03/30 19:53:56.0501 5848 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/03/30 19:53:56.0561 5848 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/03/30 19:53:56.0599 5848 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/03/30 19:53:56.0690 5848 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/03/30 19:53:56.0741 5848 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/03/30 19:53:56.0789 5848 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/03/30 19:53:56.0879 5848 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/03/30 19:53:56.0931 5848 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/03/30 19:53:56.0978 5848 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

2011/03/30 19:53:57.0080 5848 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/03/30 19:53:57.0177 5848 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/03/30 19:53:57.0272 5848 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/03/30 19:53:57.0356 5848 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/03/30 19:53:57.0442 5848 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/03/30 19:53:57.0490 5848 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/03/30 19:53:57.0543 5848 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/03/30 19:53:57.0672 5848 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/03/30 19:53:57.0710 5848 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/03/30 19:53:57.0758 5848 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/03/30 19:53:57.0870 5848 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/03/30 19:53:57.0961 5848 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110329.005\NAVENG.SYS

2011/03/30 19:53:58.0028 5848 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110329.005\NAVEX15.SYS

2011/03/30 19:53:58.0165 5848 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/03/30 19:53:58.0208 5848 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/03/30 19:53:58.0288 5848 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/03/30 19:53:58.0344 5848 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/03/30 19:53:58.0453 5848 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/03/30 19:53:58.0498 5848 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/03/30 19:53:58.0553 5848 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/03/30 19:53:58.0712 5848 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/03/30 19:53:58.0776 5848 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/03/30 19:53:58.0894 5848 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/03/30 19:53:58.0975 5848 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/03/30 19:53:59.0072 5848 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/03/30 19:53:59.0118 5848 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/03/30 19:53:59.0253 5848 NVENETFD (de3fcf6a5aaca198b22998330c3c64d9) C:\Windows\system32\DRIVERS\nvmfdx32.sys

2011/03/30 19:53:59.0565 5848 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/03/30 19:53:59.0713 5848 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/03/30 19:53:59.0761 5848 nvrd32 (6934105ecc6a19570160d794e301e595) C:\Windows\system32\drivers\nvrd32.sys

2011/03/30 19:53:59.0831 5848 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys

2011/03/30 19:53:59.0903 5848 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/03/30 19:53:59.0963 5848 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\DRIVERS\nvstor32.sys

2011/03/30 19:54:00.0018 5848 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/03/30 19:54:00.0180 5848 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/03/30 19:54:00.0284 5848 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/03/30 19:54:00.0360 5848 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/03/30 19:54:00.0411 5848 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/03/30 19:54:00.0523 5848 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (ba3ec919dd303ca6700348cca1d8f317) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms

2011/03/30 19:54:00.0644 5848 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/03/30 19:54:00.0690 5848 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2011/03/30 19:54:00.0754 5848 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/03/30 19:54:00.0874 5848 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/03/30 19:54:01.0018 5848 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/03/30 19:54:01.0110 5848 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/03/30 19:54:01.0209 5848 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/03/30 19:54:01.0321 5848 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/03/30 19:54:01.0365 5848 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/03/30 19:54:01.0461 5848 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/03/30 19:54:01.0495 5848 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/03/30 19:54:01.0548 5848 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/03/30 19:54:01.0605 5848 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/03/30 19:54:01.0703 5848 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/03/30 19:54:01.0754 5848 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/03/30 19:54:01.0851 5848 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/03/30 19:54:01.0942 5848 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2011/03/30 19:54:01.0973 5848 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/03/30 19:54:02.0053 5848 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/03/30 19:54:02.0195 5848 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/03/30 19:54:02.0251 5848 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/03/30 19:54:02.0330 5848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/03/30 19:54:02.0391 5848 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/03/30 19:54:02.0482 5848 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/03/30 19:54:02.0533 5848 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/03/30 19:54:02.0621 5848 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/03/30 19:54:02.0710 5848 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/03/30 19:54:02.0749 5848 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2011/03/30 19:54:02.0789 5848 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/03/30 19:54:02.0899 5848 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/03/30 19:54:02.0937 5848 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/03/30 19:54:02.0975 5848 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/03/30 19:54:03.0050 5848 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/03/30 19:54:03.0184 5848 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2011/03/30 19:54:03.0290 5848 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/03/30 19:54:03.0339 5848 SRTSP (e0e54a571d4323567e95e11fe76a5ff3) C:\Windows\system32\Drivers\SRTSP.SYS

2011/03/30 19:54:03.0384 5848 SRTSPL (4e44f0e22df824d318988caa6f321c30) C:\Windows\system32\Drivers\SRTSPL.SYS

2011/03/30 19:54:03.0473 5848 SRTSPX (d3bb40427cf3d02e56bba97feda0a3aa) C:\Windows\system32\Drivers\SRTSPX.SYS

2011/03/30 19:54:03.0518 5848 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys

2011/03/30 19:54:03.0589 5848 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys

2011/03/30 19:54:03.0630 5848 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys

2011/03/30 19:54:03.0728 5848 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/03/30 19:54:03.0829 5848 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/03/30 19:54:03.0894 5848 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\Windows\System32\Drivers\SYMDNS.SYS

2011/03/30 19:54:03.0990 5848 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS

2011/03/30 19:54:04.0047 5848 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\Windows\System32\Drivers\SYMFW.SYS

2011/03/30 19:54:04.0137 5848 SymIM (8eab28dd6cd25355b951ae460fa86b48) C:\Windows\system32\DRIVERS\SymIMv.sys

2011/03/30 19:54:04.0173 5848 SYMNDISV (c94eaca4b522012ee0691f1e79c42a7d) C:\Windows\System32\Drivers\SYMNDISV.SYS

2011/03/30 19:54:04.0216 5848 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\Windows\System32\Drivers\SYMREDRV.SYS

2011/03/30 19:54:04.0301 5848 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\Windows\System32\Drivers\SYMTDI.SYS

2011/03/30 19:54:04.0367 5848 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/03/30 19:54:04.0460 5848 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/03/30 19:54:04.0570 5848 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2011/03/30 19:54:04.0703 5848 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2011/03/30 19:54:04.0799 5848 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/03/30 19:54:04.0850 5848 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/03/30 19:54:04.0944 5848 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/03/30 19:54:05.0003 5848 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/03/30 19:54:05.0046 5848 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/03/30 19:54:05.0172 5848 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) C:\Windows\system32\drivers\TfFsMon.sys

2011/03/30 19:54:05.0210 5848 TfNetMon (917ef522563f6047685486efa486fb3c) C:\Windows\system32\drivers\TfNetMon.sys

2011/03/30 19:54:05.0260 5848 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\Windows\system32\drivers\TfSysMon.sys

2011/03/30 19:54:05.0420 5848 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/03/30 19:54:05.0528 5848 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/03/30 19:54:05.0582 5848 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/03/30 19:54:05.0735 5848 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/03/30 19:54:05.0788 5848 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/03/30 19:54:05.0914 5848 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/03/30 19:54:05.0965 5848 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/03/30 19:54:06.0040 5848 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/03/30 19:54:06.0150 5848 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/03/30 19:54:06.0220 5848 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/03/30 19:54:06.0362 5848 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

2011/03/30 19:54:06.0420 5848 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/03/30 19:54:06.0519 5848 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/03/30 19:54:06.0591 5848 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/03/30 19:54:06.0684 5848 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/03/30 19:54:06.0745 5848 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2011/03/30 19:54:06.0837 5848 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/03/30 19:54:06.0896 5848 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/03/30 19:54:06.0999 5848 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/03/30 19:54:07.0065 5848 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/03/30 19:54:07.0175 5848 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/03/30 19:54:07.0235 5848 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/03/30 19:54:07.0338 5848 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/03/30 19:54:07.0402 5848 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/03/30 19:54:07.0495 5848 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/03/30 19:54:07.0545 5848 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/03/30 19:54:07.0647 5848 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/03/30 19:54:07.0706 5848 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/03/30 19:54:07.0843 5848 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/03/30 19:54:07.0943 5848 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/03/30 19:54:07.0984 5848 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/30 19:54:08.0011 5848 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/30 19:54:08.0143 5848 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/03/30 19:54:08.0194 5848 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/03/30 19:54:08.0341 5848 winachsf (f1265727c078406299ff4b3b033e3132) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/03/30 19:54:08.0552 5848 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

2011/03/30 19:54:08.0744 5848 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/03/30 19:54:08.0839 5848 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/03/30 19:54:08.0936 5848 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/03/30 19:54:09.0023 5848 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

2011/03/30 19:54:09.0226 5848 ================================================================================

2011/03/30 19:54:09.0226 5848 Scan finished

2011/03/30 19:54:09.0226 5848 ================================================================================

Combofix:

ComboFix 11-03-30.01 - Elida 03/30/2011 20:40:19.3.1 - x86

Microsoft

Link to post
Share on other sites

no difference, still cannot update malware and any other browser is blocked from accessing the internet

i ran combofix before and since that time, it seems that my google redirect virus is gone, it hasnt redirected me but still no change in using other browsers or being able to update malware

this is the last combofix i ran:

ComboFix 11-03-29.03 - Elida 03/29/2011 23:29:09.1.1 - x86

Microsoft

Link to post
Share on other sites

Lets do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OK, Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2011/03/27 17:49:52 | 000,012,016 | -HS- | M] () -- C:\ProgramData\753ws43828hpxym
    [2011/03/25 23:04:27 | 000,002,292 | -HS- | M] () -- C:\Users\Elida\AppData\Local\ne76w3divkow401106rbqcakqce88s8u72o653u3apnd
    [2011/03/25 23:04:27 | 000,002,292 | -HS- | M] () -- C:\ProgramData\ne76w3divkow401106rbqcakqce88s8u72o653u3apnd
    [2011/03/16 21:50:36 | 000,009,010 | -HS- | M] () -- C:\Users\Elida\AppData\Local\3373148944
    [2011/03/16 21:50:36 | 000,009,010 | -HS- | M] () -- C:\ProgramData\3373148944
    [2011/03/09 21:27:06 | 000,009,774 | -HS- | M] () -- C:\Users\Elida\AppData\Local\3880883638
    [2011/03/09 21:27:06 | 000,009,774 | -HS- | M] () -- C:\ProgramData\3880883638
    [2011/03/08 21:33:14 | 000,002,004 | -HS- | M] () -- C:\Users\Elida\AppData\Local\3503493990
    [2011/03/08 21:33:14 | 000,002,004 | -HS- | M] () -- C:\ProgramData\3503493990
    [2011/03/27 17:37:37 | 000,012,016 | -HS- | C] () -- C:\Users\Elida\AppData\Local\753ws43828hpxym
    [2011/03/27 17:37:37 | 000,012,016 | -HS- | C] () -- C:\ProgramData\753ws43828hpxym
    [2011/03/25 23:02:23 | 000,002,292 | -HS- | C] () -- C:\ProgramData\ne76w3divkow401106rbqcakqce88s8u72o653u3apnd
    [2011/03/16 21:08:41 | 000,009,010 | -HS- | C] () -- C:\Users\Elida\AppData\Local\3373148944
    [2011/03/16 21:08:41 | 000,009,010 | -HS- | C] () -- C:\ProgramData\3373148944
    [2011/03/09 21:25:05 | 000,009,774 | -HS- | C] () -- C:\Users\Elida\AppData\Local\3880883638
    [2011/03/09 21:25:05 | 000,009,774 | -HS- | C] () -- C:\ProgramData\3880883638
    [2011/03/08 21:19:10 | 000,002,004 | -HS- | C] () -- C:\Users\Elida\AppData\Local\3503493990
    [2011/03/08 21:19:10 | 000,002,004 | -HS- | C] () -- C:\ProgramData\3503493990

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.

C:\ProgramData\753ws43828hpxym moved successfully.

C:\Users\Elida\AppData\Local\ne76w3divkow401106rbqcakqce88s8u72o653u3apnd moved successfully.

C:\ProgramData\ne76w3divkow401106rbqcakqce88s8u72o653u3apnd moved successfully.

C:\Users\Elida\AppData\Local\3373148944 moved successfully.

C:\ProgramData\3373148944 moved successfully.

C:\Users\Elida\AppData\Local\3880883638 moved successfully.

C:\ProgramData\3880883638 moved successfully.

C:\Users\Elida\AppData\Local\3503493990 moved successfully.

C:\ProgramData\3503493990 moved successfully.

C:\Users\Elida\AppData\Local\753ws43828hpxym moved successfully.

File C:\ProgramData\753ws43828hpxym not found.

File C:\ProgramData\ne76w3divkow401106rbqcakqce88s8u72o653u3apnd not found.

File C:\Users\Elida\AppData\Local\3373148944 not found.

File C:\ProgramData\3373148944 not found.

File C:\Users\Elida\AppData\Local\3880883638 not found.

File C:\ProgramData\3880883638 not found.

File C:\Users\Elida\AppData\Local\3503493990 not found.

File C:\ProgramData\3503493990 not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Elida

->Temp folder emptied: 542256450 bytes

->Temporary Internet Files folder emptied: 643775395 bytes

->Java cache emptied: 6858778 bytes

->FireFox cache emptied: 111112491 bytes

->Google Chrome cache emptied: 856432 bytes

->Flash cache emptied: 5881431 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 22016 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 46861 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,250.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 03312011_124931

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

yea still cant get on w/ IE,

it seems like any program that I download that needs some type of internet connection is blocked, i recently downloaded a protective program that bank of america was suggesting i need, and it couldnt install either because it needed to access the internet

do you think this is something beyond a virus, do u think i might have some security settings on that are not allowing these programs to connect?

Link to post
Share on other sites

i recently downloaded a protective program that bank of america was suggesting i need,

This is very suspicious to me, don't ever believe e-mails like that.

--------------------------

How to you connect to the internet?

cable, modem, computer or do you have a router also?

Let me know, we'll go from there, MrC

Link to post
Share on other sites

thanks so much for the replies!

the bank of america program was suggested from the website as i was logged in, it wasnt an email and it was actually like 2 days ago, these issues have been on for about 3 months

i have a westell wireless router connected into my desktop, i use verizon DSL

Link to post
Share on other sites

That's the first time I've ever hear about a bank recommending a program like that.

Yes it's probably some settings gone wrong.

Try this:

Reset the IP/DNS settings of your interent connection:

Go to Start -> Control Panel -> Double click on Network Connections.

Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.

Select the General tab.

Double click on Internet Protocol (TCP/IP).

Under General tab:

Select "Obtain an IP address automatically".

Select "Obtain DNS server address automatically".

Click OK twice to save the settings.

Reboot if you had to change any setting.

Flush the DNS cache:

Click the Start logo in the bottom left corner of the screen

Click on Run

In the command window copy/paste the following:

ipconfig /flushdns

Then hit enter.

Exit the command window.

Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

MrC

Link to post
Share on other sites

hi, so the settings were as you mentioned i didnt need to change anything

when i ran ipconfig /flushdns the command window comes up for just a second and then disappears, is that normal ive tried 2x and its done the same

IE still not working

Link to post
Share on other sites

I'm not a wireless connections expert so please bear with me.

ipconfig /flushdns was correct

Can you compare the other computers settings that can get online with the computer that can't get online?

Can you hook up the computer directly to the cable modem and by pass the router to see if it works?

also idk if this is normal but i have two tcpip one 6 and one 4

I don't known, but on there should be an option to repair or diagnose the connection.

Let me know, MrC

Link to post
Share on other sites

i tried repari/diagnose didnt change anything

the rest of the computers that access do it wirelessly this is the only one directly connected to the router, its not cable modem, its dsl and i dont think ican connect directly to phone line, it needs the router

i tried comparing the settings to the laptops and they seem similar the only thing is the other computers dont have version 6 so idk

thanks for your help though, if this stuff isnt your specialty i appreciate your help so far very much

Link to post
Share on other sites

i have two tcpip one 6 and one 4

This is supposed to be OK.

Start with this for now:

1. > Check the Device Manager for the wireless card, network adapter or adapter

See if any have a red "X" or a yellow triangle with exclamation mark by it.

Expand the Network Adapters section, right-click your adapter, and then click Properties.

Under Device status, check to see that the device is working properly.

Link below explains how to get to Device Manager in Vista:

http://pcsupport.about.com/od/windowsvista/f/opendmvista.htm

2. >Download, unzip and run fixme.zip, reboot.

Let me know, MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.