Jump to content

Recommended Posts

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6586

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

5/15/2011 11:34:45 PM

mbam-log-2011-05-15 (23-34-45).txt

Scan type: Full scan (C:\|)

Objects scanned: 353623

Time elapsed: 2 hour(s), 56 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Charlie\AppData\Local\Temp\temp1_loic.v1.1.1.25.zip\LOIC.exe (PUP.HackTool.LOIC) -> Quarantined and deleted successfully.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Charlie at 17:52:09.23 on Sun 05/15/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2911.1813 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Charlie\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

mRun: [HP Input Device Main Program] c:\program files\hewlett-packard\hp wireless comfort mobile mouse\tsr\xDaemon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADYAMQA5ADkAMAAzADkALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADIA"&"prod=90"&"ver=9.0.872

StartupFolder: c:\users\charlie\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\charlie\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\charlie\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab

DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-9 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-9 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-9 61960]

R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 97376]

R3 HpGmb001;USB Mobile Packet Filter Driver;c:\windows\system32\drivers\HpGmb001.sys [2010-7-21 11264]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-21 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BazisPortableCDBus;Portable WinCDEmu driver;c:\windows\system32\drivers\BazisPortableCDBus.sys [2010-8-14 157792]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-21 136176]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-21 1343400]

.

=============== Created Last 30 ================

.

2011-05-15 16:17:51 -------- d-----w- c:\program files\GOG.com

2011-05-15 05:46:05 -------- d-----w- c:\progra~3\Norton

2011-05-15 05:46:02 -------- d-----w- c:\users\charlie\appdata\local\NPE

2011-05-15 04:43:19 -------- d-----w- c:\users\charlie\appdata\local\GOGDownloader

2011-05-12 05:20:03 -------- d-----w- c:\users\charlie\appdata\roaming\com.rdio.desktop.3DBCFCD30911C934939BC57CB763235E8F0B2837.1

2011-05-12 05:18:37 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-12 05:18:37 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-12 05:18:36 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-12 05:18:36 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-12 05:18:34 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-12 05:18:34 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-12 05:18:34 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-12 05:18:28 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-12 05:18:28 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-12 05:18:26 -------- d-----w- c:\users\charlie\appdata\local\Adobe

2011-04-29 04:31:31 -------- d-----w- c:\users\charlie\appdata\roaming\OpenOffice.org

2011-04-29 04:26:27 -------- d-----w- c:\program files\OpenOffice.org 3

2011-04-28 01:32:14 -------- d-----w- c:\users\charlie\appdata\local\SKIDROW

2011-04-27 20:55:31 -------- d-----w- c:\program files\Valve

2011-04-27 20:53:04 -------- d-----w- c:\program files\Elaborate Bytes

2011-04-27 18:30:08 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-27 18:30:08 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-27 18:30:08 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 18:30:07 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-27 18:30:06 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-04-27 18:30:04 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-04-27 18:30:04 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-04-27 18:30:02 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-04-27 18:30:02 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-04-27 02:05:31 -------- d-----w- c:\users\charlie\appdata\roaming\Avira

.

==================== Find3M ====================

.

2011-04-14 10:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll

2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-03-09 03:43:50 143360 --sha-r- c:\windows\system32\xcopym.dll

2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-07 02:08:13 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll

2011-03-07 00:52:09 134512 ----a-w- c:\windows\system32\ElbyVCD.dll

2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe

2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

.

============= FINISH: 17:54:00.00 ===============

Attach.zip

Link to post
Share on other sites

Hi 5socks5,

Welcome to the Malwarebytes Forum :)

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    tdsskiller2.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

2011/05/25 02:42:56.0267 2464 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/05/25 02:42:56.0596 2464 ================================================================================

2011/05/25 02:42:56.0596 2464 SystemInfo:

2011/05/25 02:42:56.0596 2464

2011/05/25 02:42:56.0601 2464 OS Version: 6.1.7600 ServicePack: 0.0

2011/05/25 02:42:56.0601 2464 Product type: Workstation

2011/05/25 02:42:56.0603 2464 ComputerName: LAPTOP

2011/05/25 02:42:56.0605 2464 UserName: Charlie

2011/05/25 02:42:56.0605 2464 Windows directory: C:\Windows

2011/05/25 02:42:56.0605 2464 System windows directory: C:\Windows

2011/05/25 02:42:56.0606 2464 Processor architecture: Intel x86

2011/05/25 02:42:56.0606 2464 Number of processors: 2

2011/05/25 02:42:56.0606 2464 Page size: 0x1000

2011/05/25 02:42:56.0606 2464 Boot type: Normal boot

2011/05/25 02:42:56.0606 2464 ================================================================================

2011/05/25 02:42:58.0642 2464 Initialize success

2011/05/25 02:43:04.0981 5072 ================================================================================

2011/05/25 02:43:04.0981 5072 Scan started

2011/05/25 02:43:04.0981 5072 Mode: Manual;

2011/05/25 02:43:04.0981 5072 ================================================================================

2011/05/25 02:43:08.0005 5072 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/05/25 02:43:08.0079 5072 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/05/25 02:43:08.0211 5072 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/05/25 02:43:08.0342 5072 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/05/25 02:43:08.0466 5072 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/05/25 02:43:08.0567 5072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/05/25 02:43:08.0715 5072 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/05/25 02:43:08.0782 5072 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/05/25 02:43:08.0904 5072 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/05/25 02:43:09.0099 5072 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/05/25 02:43:09.0151 5072 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/05/25 02:43:09.0197 5072 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/05/25 02:43:09.0340 5072 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/05/25 02:43:09.0393 5072 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/05/25 02:43:09.0468 5072 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

2011/05/25 02:43:09.0571 5072 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/05/25 02:43:09.0657 5072 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

2011/05/25 02:43:09.0888 5072 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/05/25 02:43:10.0099 5072 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/05/25 02:43:10.0171 5072 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/05/25 02:43:10.0338 5072 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/25 02:43:10.0392 5072 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/05/25 02:43:10.0531 5072 atksgt (70f72c50d39f5afa76c17f86223a7c4f) C:\Windows\system32\DRIVERS\atksgt.sys

2011/05/25 02:43:10.0727 5072 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/05/25 02:43:10.0819 5072 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/05/25 02:43:10.0965 5072 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/05/25 02:43:11.0039 5072 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/05/25 02:43:11.0202 5072 BazisPortableCDBus (8cd96cc5c3f3f7cfc3ed5571dfd5e536) C:\Windows\system32\drivers\BazisPortableCDBus.sys

2011/05/25 02:43:11.0366 5072 BazisVirtualCDBus (40d011f2b2e737e51ae8d2172664c095) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys

2011/05/25 02:43:11.0454 5072 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/05/25 02:43:11.0587 5072 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/05/25 02:43:11.0686 5072 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/25 02:43:11.0812 5072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/05/25 02:43:11.0874 5072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/05/25 02:43:11.0929 5072 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/05/25 02:43:12.0057 5072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/05/25 02:43:12.0120 5072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/05/25 02:43:12.0154 5072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/05/25 02:43:12.0189 5072 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/05/25 02:43:12.0327 5072 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/25 02:43:12.0418 5072 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/25 02:43:12.0559 5072 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/05/25 02:43:12.0663 5072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/05/25 02:43:12.0820 5072 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/05/25 02:43:12.0872 5072 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/05/25 02:43:12.0931 5072 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/05/25 02:43:13.0069 5072 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/05/25 02:43:13.0149 5072 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/05/25 02:43:13.0411 5072 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/05/25 02:43:13.0518 5072 crwxke (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\utfc.sys

2011/05/25 02:43:13.0685 5072 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/05/25 02:43:13.0756 5072 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/05/25 02:43:13.0899 5072 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/05/25 02:43:13.0999 5072 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/05/25 02:43:14.0136 5072 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/25 02:43:14.0473 5072 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/05/25 02:43:14.0814 5072 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys

2011/05/25 02:43:14.0901 5072 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/05/25 02:43:15.0036 5072 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/05/25 02:43:15.0121 5072 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/05/25 02:43:15.0250 5072 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/05/25 02:43:15.0326 5072 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/25 02:43:15.0471 5072 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/05/25 02:43:15.0530 5072 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/05/25 02:43:15.0573 5072 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/25 02:43:15.0746 5072 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/05/25 02:43:15.0918 5072 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/05/25 02:43:15.0971 5072 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/25 02:43:16.0033 5072 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/05/25 02:43:16.0161 5072 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/05/25 02:43:16.0271 5072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/05/25 02:43:16.0429 5072 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/05/25 02:43:16.0513 5072 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/05/25 02:43:16.0666 5072 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/25 02:43:16.0741 5072 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/05/25 02:43:16.0789 5072 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/05/25 02:43:16.0922 5072 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/05/25 02:43:17.0044 5072 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/25 02:43:17.0200 5072 HpGmb001 (ba69c58d11e8c5b6d04d548d29eb249f) C:\Windows\system32\DRIVERS\HpGmb001.SYS

2011/05/25 02:43:17.0286 5072 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/05/25 02:43:17.0482 5072 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/05/25 02:43:17.0623 5072 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/05/25 02:43:17.0694 5072 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/25 02:43:17.0850 5072 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys

2011/05/25 02:43:17.0977 5072 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

2011/05/25 02:43:18.0382 5072 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/05/25 02:43:18.0824 5072 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/05/25 02:43:19.0034 5072 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys

2011/05/25 02:43:19.0141 5072 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/05/25 02:43:19.0268 5072 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/25 02:43:19.0333 5072 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/25 02:43:19.0402 5072 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/05/25 02:43:19.0556 5072 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/05/25 02:43:19.0750 5072 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/05/25 02:43:19.0826 5072 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/05/25 02:43:19.0870 5072 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/25 02:43:20.0014 5072 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/25 02:43:20.0080 5072 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/05/25 02:43:20.0234 5072 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/25 02:43:20.0311 5072 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/05/25 02:43:20.0538 5072 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

2011/05/25 02:43:20.0619 5072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/25 02:43:20.0825 5072 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/05/25 02:43:20.0892 5072 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/05/25 02:43:20.0933 5072 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/05/25 02:43:21.0074 5072 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/05/25 02:43:21.0297 5072 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/05/25 02:43:21.0368 5072 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/05/25 02:43:21.0531 5072 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/05/25 02:43:21.0592 5072 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/05/25 02:43:21.0724 5072 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/25 02:43:21.0805 5072 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/25 02:43:21.0996 5072 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/25 02:43:22.0049 5072 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/05/25 02:43:22.0088 5072 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/05/25 02:43:22.0245 5072 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/25 02:43:22.0334 5072 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/05/25 02:43:22.0478 5072 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/25 02:43:22.0548 5072 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/25 02:43:22.0703 5072 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/25 02:43:22.0789 5072 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/05/25 02:43:22.0916 5072 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/05/25 02:43:23.0013 5072 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/05/25 02:43:23.0142 5072 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/05/25 02:43:23.0196 5072 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/05/25 02:43:23.0353 5072 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/25 02:43:23.0412 5072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/25 02:43:23.0575 5072 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/05/25 02:43:23.0635 5072 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/05/25 02:43:23.0682 5072 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/25 02:43:23.0819 5072 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/05/25 02:43:23.0883 5072 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/05/25 02:43:23.0948 5072 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/05/25 02:43:24.0111 5072 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/25 02:43:24.0217 5072 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/05/25 02:43:24.0389 5072 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/05/25 02:43:24.0465 5072 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/25 02:43:24.0632 5072 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/25 02:43:24.0721 5072 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/25 02:43:24.0847 5072 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/05/25 02:43:24.0922 5072 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/25 02:43:24.0966 5072 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/25 02:43:25.0573 5072 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

2011/05/25 02:43:25.0860 5072 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/05/25 02:43:25.0935 5072 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/05/25 02:43:25.0971 5072 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/25 02:43:26.0172 5072 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

2011/05/25 02:43:26.0395 5072 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/05/25 02:43:26.0471 5072 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

2011/05/25 02:43:26.0515 5072 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

2011/05/25 02:43:26.0649 5072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/05/25 02:43:26.0804 5072 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/05/25 02:43:26.0977 5072 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/05/25 02:43:27.0047 5072 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/05/25 02:43:27.0168 5072 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/05/25 02:43:27.0286 5072 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/05/25 02:43:27.0322 5072 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/05/25 02:43:27.0481 5072 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/05/25 02:43:27.0639 5072 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/05/25 02:43:27.0718 5072 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/05/25 02:43:27.0974 5072 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/25 02:43:28.0101 5072 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/05/25 02:43:28.0312 5072 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/25 02:43:28.0445 5072 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/05/25 02:43:28.0679 5072 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/05/25 02:43:28.0748 5072 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/25 02:43:28.0783 5072 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/25 02:43:28.0921 5072 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/05/25 02:43:28.0997 5072 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/25 02:43:29.0152 5072 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/25 02:43:29.0212 5072 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/25 02:43:29.0344 5072 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/25 02:43:29.0421 5072 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/05/25 02:43:29.0465 5072 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/25 02:43:29.0597 5072 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/25 02:43:29.0670 5072 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/05/25 02:43:29.0712 5072 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/05/25 02:43:29.0870 5072 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/05/25 02:43:29.0962 5072 rimsptsk (942264f8248b6e0995648ae99740bc14) C:\Windows\system32\DRIVERS\rimsptsk.sys

2011/05/25 02:43:30.0064 5072 risdptsk (1be6c42767a7c67ba31ae32b293b37a3) C:\Windows\system32\DRIVERS\risdptsk.sys

2011/05/25 02:43:30.0170 5072 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/25 02:43:30.0363 5072 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/05/25 02:43:30.0577 5072 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/05/25 02:43:30.0751 5072 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys

2011/05/25 02:43:30.0924 5072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/05/25 02:43:31.0009 5072 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/05/25 02:43:31.0147 5072 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/05/25 02:43:31.0202 5072 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/05/25 02:43:31.0347 5072 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys

2011/05/25 02:43:31.0434 5072 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/05/25 02:43:31.0544 5072 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/05/25 02:43:31.0604 5072 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/05/25 02:43:31.0665 5072 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/05/25 02:43:31.0805 5072 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/05/25 02:43:31.0879 5072 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/05/25 02:43:31.0917 5072 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/05/25 02:43:32.0051 5072 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/05/25 02:43:32.0148 5072 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/05/25 02:43:32.0321 5072 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys

2011/05/25 02:43:32.0494 5072 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys

2011/05/25 02:43:32.0568 5072 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/25 02:43:32.0710 5072 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/05/25 02:43:32.0786 5072 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/05/25 02:43:32.0970 5072 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/05/25 02:43:33.0137 5072 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/25 02:43:33.0302 5072 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/05/25 02:43:33.0484 5072 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/05/25 02:43:33.0565 5072 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/25 02:43:33.0787 5072 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/05/25 02:43:33.0996 5072 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/25 02:43:34.0148 5072 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/25 02:43:34.0224 5072 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/05/25 02:43:34.0264 5072 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/05/25 02:43:34.0303 5072 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/25 02:43:34.0447 5072 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/25 02:43:34.0544 5072 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/25 02:43:34.0677 5072 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/25 02:43:34.0730 5072 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/05/25 02:43:34.0777 5072 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/25 02:43:34.0984 5072 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/05/25 02:43:35.0035 5072 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/25 02:43:35.0151 5072 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/05/25 02:43:35.0231 5072 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

2011/05/25 02:43:35.0340 5072 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/05/25 02:43:35.0405 5072 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/05/25 02:43:35.0518 5072 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/25 02:43:35.0743 5072 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/25 02:43:35.0918 5072 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

2011/05/25 02:43:36.0019 5072 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/25 02:43:36.0156 5072 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS

2011/05/25 02:43:36.0227 5072 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/25 02:43:36.0353 5072 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

2011/05/25 02:43:36.0666 5072 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys

2011/05/25 02:43:36.0745 5072 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/05/25 02:43:36.0868 5072 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/25 02:43:36.0929 5072 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/05/25 02:43:36.0970 5072 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/05/25 02:43:37.0115 5072 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/05/25 02:43:37.0176 5072 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/05/25 02:43:37.0216 5072 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/05/25 02:43:37.0348 5072 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/05/25 02:43:37.0407 5072 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/05/25 02:43:37.0533 5072 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/05/25 02:43:37.0613 5072 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/05/25 02:43:37.0785 5072 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/05/25 02:43:37.0870 5072 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/05/25 02:43:38.0007 5072 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/25 02:43:38.0030 5072 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/25 02:43:38.0123 5072 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/05/25 02:43:38.0165 5072 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/25 02:43:38.0351 5072 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/05/25 02:43:38.0427 5072 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/05/25 02:43:38.0627 5072 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/05/25 02:43:38.0715 5072 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/05/25 02:43:38.0874 5072 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/25 02:43:38.0974 5072 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/05/25 02:43:39.0026 5072 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/25 02:43:39.0187 5072 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys

2011/05/25 02:43:39.0225 5072 MBR (0x1B8) (a3095e5b8060d0d6b97e87ec1bb50c3c) \Device\Harddisk0\DR0

2011/05/25 02:43:39.0239 5072 ================================================================================

2011/05/25 02:43:39.0239 5072 Scan finished

2011/05/25 02:43:39.0239 5072 ================================================================================

2011/05/25 02:43:39.0252 4824 Detected object count: 0

2011/05/25 02:43:39.0253 4824 Actual detected object count: 0

Link to post
Share on other sites

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

4. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

Hi 5socks5,

Welcome to the Malwarebytes Forum :)

[*]Download OTL to your desktop.

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

[*]When the window appears, underneath Output at the top change it to Minimal Output.

[*]Check the boxes beside LOP Check and Purity Check.

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

I have a similar problem. Google searches get redirected. I did a full scan with malwarebytes using the latest database. I ran the OTL program as described above. Here are the OTL.Txt and Extras.Txt files:

OTL logfile created on: 5/25/2011 10:12:08 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Charles\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 601.57 Mb Available Physical Memory | 59.25% Memory free

2.39 Gb Paging File | 2.08 Gb Available in Paging File | 87.15% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 62.39 Gb Free Space | 83.71% Space Free | Partition Type: NTFS

Computer Name: HOME-B0DEDA3EDD | User Name: Charles | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Charles\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)

PRC - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe (Retrogamer)

PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)

PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)

PRC - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)

PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Charles\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrstub.dll (Retrogamer)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (Retrogamer_2zService) -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe (Retrogamer)

SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)

SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)

DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)

DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)

DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Please download Dr.Web CureIt . Save it to your desktop:

  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
  • This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Please post the Dr.Web.txt report in your next reply
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

Link to post
Share on other sites

Rootkit Unhooker:

  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.