Jump to content

Google Redirect


birddog

Recommended Posts

I'm having the same google redirect problem that lots of folks are having. I ran the Malwarebytes program and removed 3 infected files. After rebooting, the problem persists. Any help would be much appreciated. I copied the log file from the prior scan below.

Thanks!

===============================================================

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7690

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/10/2011 1:46:53 PM

mbam-log-2011-09-10 (13-46-53).txt

Scan type: Quick scan

Objects scanned: 184013

Time elapsed: 34 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\canis & herron\AppData\Local\Temp\194.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\canis & herron\AppData\Local\Temp\ms0cfg32.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\Users\canis & herron\AppData\Local\Temp\ms1cfg32.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Hi Chris,

Thanks for your help. I reran the MBAM scan and the results are below. It says it found no infected files. Google searches are still off. I'll download DDS now and post the scan log shortly.

Thanks, Caroline

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7713

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/14/2011 8:15:17 AM

mbam-log-2011-09-14 (08-15-16).txt

Scan type: Quick scan

Objects scanned: 183494

Time elapsed: 23 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi Chris,

I downloaded DDS but it won't run. I found another link on bleepingcomputer.com. I downloaded it and that wouldn't run either. I even followed their instructions (turn off all anti-virus software and disconnect from the internet) but neither version would run. When I double click on the icon, the MS DOS screen comes up and closes too fast to read. No processes are running and no scan logs are created. Do I need to do something else or do I need to use a different program?

Thanks, Caroline

Link to post
Share on other sites

  • Staff

Hi Caroline,

Try this instead:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Hi Caroline,

Try this instead:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Hi Chris,

This program worked. The scans are below.

OLT.txt

OTL logfile created on: 9/17/2011 10:45:48 AM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Canis & Herron\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.75% Memory free

3.98 Gb Paging File | 2.72 Gb Available in Paging File | 68.31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.04 Gb Total Space | 125.83 Gb Free Space | 43.68% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 9.36 Gb Free Space | 93.59% Space Free | Partition Type: NTFS

Drive E: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BIRDDOG | User Name: Canis & Herron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/17 10:45:10 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Canis & Herron\Desktop\OTL.exe

PRC - [2011/05/11 17:16:32 | 001,353,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

PRC - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

PRC - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/01/18 15:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll

MOD - [2007/11/16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll

MOD - [2007/11/16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)

SRV - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)

SRV - [2010/07/08 06:02:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/07/07 11:32:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/03/20 19:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

========== Driver Services (SafeList) ==========

DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)

DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)

DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)

DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (SbHips)

DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)

DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)

DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)

DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

========== Standard Registry (SafeList) ==========

Extras.txt

OTL Extras logfile created on: 9/17/2011 10:45:48 AM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Canis & Herron\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.75% Memory free

3.98 Gb Paging File | 2.72 Gb Available in Paging File | 68.31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.04 Gb Total Space | 125.83 Gb Free Space | 43.68% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 9.36 Gb Free Space | 93.59% Space Free | Partition Type: NTFS

Drive E: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BIRDDOG | User Name: Canis & Herron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes

"{411C5D92-2AE4-436F-A027-1E441EDC05CE}" = VIPRE Antivirus Premium

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{875CC76F-58AC-45BB-AFF7-46F988DDF92C}" = Mindful Clock

"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}" = Skype™ 5.1

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus Premium

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3

"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.0 Professional

"Adobe Acrobat 8 Professional_830" = Adobe Acrobat 8.3.0 - CPSID_83708

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"Digital Editions" = Adobe Digital Editions

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"TVWiz" = Intel® TV Wizard

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 5.0.0.799

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/14/2011 2:28:44 AM | Computer Name = birddog | Source = Software Protection Platform Service | ID = 1001

Description = The Software Protection service failed to start. 0xD000009A 6.1.7600.16385

Error - 9/14/2011 2:28:47 AM | Computer Name = birddog | Source = ESENT | ID = 482

Description = wuaueng.dll (912) SUS20ClientDataStore: An attempt to write to the

file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" at offset 178688

(0x000000000002ba00) for 2048 (0x00000800) bytes failed after 0 seconds with system

error 8 (0x00000008): "Not enough storage is available to process this command.

". The write operation will fail with error -1011 (0xfffffc0d). If this error

persists then the file may be damaged and may need to be restored from a previous

backup.

Error - 9/14/2011 2:28:47 AM | Computer Name = birddog | Source = ESENT | ID = 416

Description = wuaueng.dll (912) SUS20ClientDataStore: Unable to write to section

2 while flushing logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.

Error -1011 (0xfffffc0d).

Error - 9/14/2011 2:28:47 AM | Computer Name = birddog | Source = ESENT | ID = 492

Description = wuaueng.dll (912) SUS20ClientDataStore: The logfile sequence in "C:\Windows\SoftwareDistribution\DataStore\Logs\"

has been halted due to a fatal error. No further updates are possible for the

databases that use this logfile sequence. Please correct the problem and restart

or restore from backup.

Error - 9/14/2011 2:28:47 AM | Computer Name = birddog | Source = ESENT | ID = 471

Description = wuaueng.dll (912) SUS20ClientDataStore: Unable to rollback operation

#109 on database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error:

-510. All future database updates will be rejected.

Error - 9/14/2011 2:33:24 AM | Computer Name = birddog | Source = ESENT | ID = 104

Description = wuaueng.dll (912) SUS20ClientDataStore: The database engine stopped

the instance (0) with error (-1090).

Error - 9/14/2011 5:07:55 PM | Computer Name = birddog | Source = ESENT | ID = 482

Description = wlmail (2208) WindowsLiveMail0: An attempt to write to the file "C:\Users\Canis

& Herron\AppData\Local\Microsoft\Windows Live Mail\Mail.MSMessageStore" at offset

0 (0x0000000000000000) for 8192 (0x00002000) bytes failed after 0 seconds with

system error 8 (0x00000008): "Not enough storage is available to process this command.

". The write operation will fail with error -1011 (0xfffffc0d). If this error

persists then the file may be damaged and may need to be restored from a previous

backup.

Error - 9/14/2011 5:07:56 PM | Computer Name = birddog | Source = ESENT | ID = 439

Description = wlmail (2208) WindowsLiveMail0: Unable to write a shadowed header

for file C:\Users\Canis & Herron\AppData\Local\Microsoft\Windows Live Mail\Mail.MSMessageStore.

Error -1011.

Error - 9/14/2011 5:07:56 PM | Computer Name = birddog | Source = ESENT | ID = 104

Description = wlmail (2208) WindowsLiveMail0: The database engine stopped the instance

(1) with error (-1011).

Error - 9/17/2011 10:43:04 AM | Computer Name = birddog | Source = Application Error | ID = 1000

Description = Faulting application name: acrotray.exe, version: 8.3.0.280, time

stamp: 0x4ddfc871 Faulting module name: Adobelm.dll, version: 2.0.5.27, time stamp:

0x450b198d Exception code: 0x40000015 Fault offset: 0x000a6885 Faulting process id:

0xa94 Faulting application start time: 0x01cc7503fa6520c3 Faulting application path:

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe Faulting module path: C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\Adobelm.dll Report Id: 592bf0dc-e13b-11e0-825a-001d098e65b8

[ OSession Events ]

Error - 9/6/2011 4:42:05 PM | Computer Name = birddog | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 20598 seconds with 5100 seconds of active time. This session ended with

a crash.

[ System Events ]

Error - 9/10/2011 4:25:12 PM | Computer Name = birddog | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 9/14/2011 2:28:45 AM | Computer Name = birddog | Source = Service Control Manager | ID = 7023

Description = The Software Protection service terminated with the following error:

%%1450

Error - 9/14/2011 3:25:20 AM | Computer Name = birddog | Source = EventLog | ID = 6008

Description = The previous system shutdown at 3:22:44 AM on ?9/?14/?2011 was unexpected.

Error - 9/14/2011 3:25:33 AM | Computer Name = BIRDDOG | Source = BugCheck | ID = 1001

Description =

Error - 9/14/2011 3:25:57 AM | Computer Name = birddog | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the VIPRE

Antivirus Premium service to connect.

Error - 9/14/2011 3:25:57 AM | Computer Name = birddog | Source = Service Control Manager | ID = 7000

Description = The VIPRE Antivirus Premium service failed to start due to the following

error: %%1053

Error - 9/14/2011 9:31:41 PM | Computer Name = birddog | Source = EventLog | ID = 6008

Description = The previous system shutdown at 9:29:22 PM on ?9/?14/?2011 was unexpected.

Error - 9/14/2011 9:31:42 PM | Computer Name = BIRDDOG | Source = BugCheck | ID = 1001

Description =

Error - 9/17/2011 2:34:54 AM | Computer Name = birddog | Source = EventLog | ID = 6008

Description = The previous system shutdown at 2:32:30 AM on ?9/?17/?2011 was unexpected.

Error - 9/17/2011 2:35:08 AM | Computer Name = BIRDDOG | Source = BugCheck | ID = 1001

Description =

< End of report >

Link to post
Share on other sites

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

The ComboFix log you requested is below. The DDS (Doesn't Do Squat -- aptly named!) program still doesn't run. Please let me know if you want me to run OTL or MBAM scans again.

ComboFix

ComboFix 11-09-18.03 - Canis & Herron 09/18/2011 16:19:25.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2037.373 [GMT -4:00]

Running from: c:\users\Canis & Herron\Desktop\ComboFix.exe

AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Canis & Herron\g2mdlhlpx.exe

c:\users\Canis & Herron\GoToAssistDownloadHelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))

.

.

2011-09-18 20:44 . 2011-09-18 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-14 11:50 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-10 17:10 . 2011-09-10 17:10 -------- d-----w- c:\users\Canis & Herron\AppData\Roaming\Malwarebytes

2011-09-10 17:10 . 2011-09-10 17:10 -------- d-----w- c:\programdata\Malwarebytes

2011-09-10 17:10 . 2011-09-14 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-09 19:36 . 2011-09-09 19:36 -------- d-----w- c:\users\Canis & Herron\AppData\Local\Mozilla

2011-08-23 20:26 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-14 11:41 . 2011-06-29 12:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-22 04:56 . 2011-08-10 05:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:37 . 2011-08-10 05:16 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34 . 2011-08-10 05:16 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31 . 2011-08-10 05:16 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 04:19 . 2011-08-10 05:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-10 05:16 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21 . 2011-08-10 05:16 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21 . 2011-08-10 05:16 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21 . 2011-08-10 05:16 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:26 . 2011-08-10 05:18 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-23 04:38 . 2011-08-10 05:19 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:38 . 2011-08-10 05:19 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-21 05:39 . 2011-08-10 05:18 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-21 05:36 . 2011-08-10 05:17 981504 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 05:35 . 2011-08-10 05:17 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-21 04:26 . 2011-08-10 05:17 386048 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-05-27 624056]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]

"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-05-11 1353040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MindfulClock"="c:\program files\MindfulClock\Mfclock.exe" [2008-02-21 442368]

.

c:\users\Canis & Herron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-7-7 295606]

Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2011-7-7 738776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 136176]

R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 101720]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]

S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-05-11 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 74968]

S2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-05-11 181584]

S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]

S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 20:51]

.

2011-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 20:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

DPF: {512FB558-1605-44D7-B343-2D62D3317EBD} - hxxp://www.videoalert.net/NapcoViewer.cab

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-09-18 16:54:22

ComboFix-quarantined-files.txt 2011-09-18 20:54

.

Pre-Run: 134,941,712,384 bytes free

Post-Run: 136,556,376,064 bytes free

.

- - End Of File - - 51E9A4607132983D45EC08BCF2BE7117

Link to post
Share on other sites

  • Staff

Hi,

I'm pretty sure your security software is killing it before it can run. Don't worry about it for now.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Hi,

I'm pretty sure your security software is killing it before it can run. Don't worry about it for now.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Hi Chris,

That was exactly the problem. I downloaded and ran TDSSKiller last night after shutting down some of the services that seemed to be blocking it. It finally ran and cleaned the virus out. Everything has been working fine since then. Thanks again for your help!

-- Caroline

Link to post
Share on other sites

Hi Caroline,

Can you post its log please? I would like to see it.

Sure. Below is the log that cured the issue and the subsequent log verifying no more infected files were on my computer.

Cured Log

2011/09/21 17:09:33.0215 2740 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10

2011/09/21 17:09:33.0481 2740 ================================================================================

2011/09/21 17:09:33.0481 2740 SystemInfo:

2011/09/21 17:09:33.0481 2740

2011/09/21 17:09:33.0481 2740 OS Version: 6.1.7601 ServicePack: 1.0

2011/09/21 17:09:33.0481 2740 Product type: Workstation

2011/09/21 17:09:33.0481 2740 ComputerName: BIRDDOG

2011/09/21 17:09:33.0481 2740 UserName: Canis & Herron

2011/09/21 17:09:33.0481 2740 Windows directory: C:\Windows

2011/09/21 17:09:33.0481 2740 System windows directory: C:\Windows

2011/09/21 17:09:33.0481 2740 Processor architecture: Intel x86

2011/09/21 17:09:33.0481 2740 Number of processors: 2

2011/09/21 17:09:33.0481 2740 Page size: 0x1000

2011/09/21 17:09:33.0481 2740 Boot type: Normal boot

2011/09/21 17:09:33.0481 2740 ================================================================================

2011/09/21 17:09:35.0493 2740 Initialize success

2011/09/21 17:09:39.0518 4032 ================================================================================

2011/09/21 17:09:39.0518 4032 Scan started

2011/09/21 17:09:39.0518 4032 Mode: Manual;

2011/09/21 17:09:39.0518 4032 ================================================================================

2011/09/21 17:09:41.0000 4032 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/09/21 17:09:41.0140 4032 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/09/21 17:09:41.0296 4032 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/09/21 17:09:41.0499 4032 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/09/21 17:09:41.0655 4032 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/09/21 17:09:41.0795 4032 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/09/21 17:09:42.0232 4032 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/09/21 17:09:42.0341 4032 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/09/21 17:09:42.0466 4032 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/09/21 17:09:42.0685 4032 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/09/21 17:09:42.0809 4032 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/09/21 17:09:42.0903 4032 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/09/21 17:09:43.0028 4032 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/09/21 17:09:43.0106 4032 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/09/21 17:09:43.0262 4032 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

2011/09/21 17:09:43.0402 4032 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/09/21 17:09:43.0511 4032 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

2011/09/21 17:09:43.0636 4032 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/09/21 17:09:43.0886 4032 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/09/21 17:09:43.0948 4032 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/09/21 17:09:44.0073 4032 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/21 17:09:44.0260 4032 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/09/21 17:09:44.0447 4032 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/09/21 17:09:44.0588 4032 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/09/21 17:09:44.0713 4032 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/09/21 17:09:44.0900 4032 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/09/21 17:09:45.0103 4032 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/21 17:09:45.0243 4032 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/09/21 17:09:45.0352 4032 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/09/21 17:09:45.0524 4032 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/09/21 17:09:45.0649 4032 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/09/21 17:09:45.0742 4032 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/09/21 17:09:45.0867 4032 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/09/21 17:09:45.0945 4032 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/09/21 17:09:46.0366 4032 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/21 17:09:46.0585 4032 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/09/21 17:09:46.0725 4032 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/09/21 17:09:46.0897 4032 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/09/21 17:09:47.0068 4032 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/21 17:09:47.0287 4032 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/09/21 17:09:47.0458 4032 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/09/21 17:09:47.0583 4032 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/21 17:09:47.0755 4032 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/09/21 17:09:47.0911 4032 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/09/21 17:09:48.0113 4032 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/09/21 17:09:48.0269 4032 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/09/21 17:09:48.0425 4032 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/09/21 17:09:48.0597 4032 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/09/21 17:09:48.0769 4032 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/21 17:09:49.0003 4032 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/09/21 17:09:49.0580 4032 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/09/21 17:09:49.0861 4032 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/09/21 17:09:50.0032 4032 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/09/21 17:09:50.0204 4032 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/09/21 17:09:50.0375 4032 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/09/21 17:09:50.0516 4032 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/21 17:09:50.0656 4032 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/09/21 17:09:50.0812 4032 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/09/21 17:09:50.0953 4032 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/21 17:09:51.0155 4032 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/09/21 17:09:51.0296 4032 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/09/21 17:09:51.0452 4032 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/21 17:09:51.0733 4032 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/09/21 17:09:51.0889 4032 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/09/21 17:09:52.0123 4032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/09/21 17:09:52.0435 4032 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/09/21 17:09:52.0669 4032 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/09/21 17:09:52.0809 4032 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/09/21 17:09:52.0965 4032 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/09/21 17:09:53.0059 4032 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/09/21 17:09:53.0215 4032 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/09/21 17:09:53.0371 4032 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

2011/09/21 17:09:53.0527 4032 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/09/21 17:09:53.0698 4032 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\Windows\system32\DRIVERS\HPZid412.sys

2011/09/21 17:09:53.0823 4032 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\Windows\system32\DRIVERS\HPZipr12.sys

2011/09/21 17:09:53.0995 4032 HPZius12 (29559db25258b60510a60c4e470fce32) C:\Windows\system32\DRIVERS\HPZius12.sys

2011/09/21 17:09:54.0166 4032 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/09/21 17:09:54.0260 4032 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/09/21 17:09:54.0431 4032 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/09/21 17:09:54.0619 4032 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

2011/09/21 17:09:55.0555 4032 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/09/21 17:09:55.0789 4032 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/09/21 17:09:55.0913 4032 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/09/21 17:09:56.0085 4032 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/21 17:09:56.0194 4032 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/21 17:09:56.0366 4032 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/09/21 17:09:56.0506 4032 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/09/21 17:09:56.0740 4032 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/09/21 17:09:56.0865 4032 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/09/21 17:09:57.0021 4032 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/09/21 17:09:57.0161 4032 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/09/21 17:09:57.0317 4032 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/09/21 17:09:57.0473 4032 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/21 17:09:57.0614 4032 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/09/21 17:09:57.0801 4032 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/21 17:09:57.0973 4032 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/09/21 17:09:58.0066 4032 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/09/21 17:09:58.0191 4032 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/09/21 17:09:58.0300 4032 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/09/21 17:09:58.0472 4032 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/09/21 17:09:58.0581 4032 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/09/21 17:09:58.0753 4032 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/09/21 17:09:58.0877 4032 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/09/21 17:09:59.0049 4032 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/21 17:09:59.0205 4032 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/09/21 17:09:59.0423 4032 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/21 17:09:59.0564 4032 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/09/21 17:09:59.0704 4032 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/09/21 17:09:59.0829 4032 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/21 17:09:59.0969 4032 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/09/21 17:10:00.0141 4032 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/21 17:10:00.0297 4032 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/21 17:10:00.0437 4032 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/21 17:10:00.0578 4032 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/09/21 17:10:00.0734 4032 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/09/21 17:10:00.0874 4032 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/09/21 17:10:00.0999 4032 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/09/21 17:10:01.0124 4032 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/09/21 17:10:01.0311 4032 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/21 17:10:01.0451 4032 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/21 17:10:01.0592 4032 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/09/21 17:10:01.0748 4032 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/09/21 17:10:01.0919 4032 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/09/21 17:10:02.0013 4032 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/09/21 17:10:02.0138 4032 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/09/21 17:10:02.0247 4032 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/09/21 17:10:02.0481 4032 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/21 17:10:02.0715 4032 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/09/21 17:10:02.0902 4032 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/09/21 17:10:03.0011 4032 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/21 17:10:03.0167 4032 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/21 17:10:03.0323 4032 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/21 17:10:03.0433 4032 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/09/21 17:10:03.0589 4032 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/21 17:10:03.0729 4032 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/21 17:10:03.0947 4032 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/09/21 17:10:04.0088 4032 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/09/21 17:10:04.0228 4032 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/21 17:10:04.0571 4032 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

2011/09/21 17:10:04.0712 4032 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/09/21 17:10:04.0868 4032 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

2011/09/21 17:10:05.0008 4032 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

2011/09/21 17:10:05.0133 4032 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/09/21 17:10:05.0289 4032 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/09/21 17:10:05.0476 4032 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/09/21 17:10:05.0617 4032 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/09/21 17:10:05.0710 4032 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/09/21 17:10:05.0851 4032 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/09/21 17:10:06.0022 4032 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/09/21 17:10:06.0178 4032 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/09/21 17:10:06.0287 4032 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/09/21 17:10:06.0475 4032 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/09/21 17:10:06.0693 4032 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/21 17:10:06.0833 4032 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/09/21 17:10:07.0036 4032 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/21 17:10:07.0317 4032 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/09/21 17:10:07.0457 4032 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/09/21 17:10:07.0567 4032 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/21 17:10:07.0676 4032 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/21 17:10:07.0863 4032 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/09/21 17:10:07.0988 4032 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/21 17:10:08.0113 4032 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/21 17:10:08.0222 4032 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/21 17:10:08.0347 4032 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/21 17:10:08.0503 4032 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/09/21 17:10:08.0612 4032 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/21 17:10:08.0799 4032 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/21 17:10:08.0971 4032 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/09/21 17:10:09.0142 4032 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/09/21 17:10:09.0376 4032 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/09/21 17:10:09.0829 4032 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/21 17:10:10.0031 4032 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys

2011/09/21 17:10:10.0328 4032 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys

2011/09/21 17:10:10.0531 4032 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys

2011/09/21 17:10:10.0733 4032 SbHips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys

2011/09/21 17:10:10.0905 4032 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/09/21 17:10:11.0077 4032 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys

2011/09/21 17:10:11.0404 4032 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys

2011/09/21 17:10:11.0576 4032 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/09/21 17:10:11.0794 4032 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/09/21 17:10:11.0950 4032 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/09/21 17:10:12.0028 4032 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/09/21 17:10:12.0169 4032 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/09/21 17:10:12.0371 4032 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/09/21 17:10:12.0512 4032 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/21 17:10:12.0683 4032 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/09/21 17:10:12.0824 4032 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/09/21 17:10:12.0995 4032 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/09/21 17:10:13.0136 4032 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/09/21 17:10:13.0276 4032 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/09/21 17:10:13.0448 4032 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/09/21 17:10:13.0651 4032 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/09/21 17:10:13.0885 4032 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/09/21 17:10:14.0072 4032 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/21 17:10:14.0212 4032 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/21 17:10:14.0571 4032 ssmirrdr (f843301bdadb2728822c83413ef5f132) C:\Windows\system32\DRIVERS\ssmirrdr.sys

2011/09/21 17:10:14.0789 4032 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/09/21 17:10:14.0977 4032 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/09/21 17:10:15.0289 4032 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

2011/09/21 17:10:15.0616 4032 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/21 17:10:15.0788 4032 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/21 17:10:15.0897 4032 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/09/21 17:10:16.0069 4032 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/09/21 17:10:16.0193 4032 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/21 17:10:16.0334 4032 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/09/21 17:10:16.0521 4032 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/21 17:10:16.0771 4032 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/09/21 17:10:16.0942 4032 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/21 17:10:17.0098 4032 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/09/21 17:10:17.0285 4032 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/21 17:10:17.0488 4032 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/09/21 17:10:17.0675 4032 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/09/21 17:10:17.0831 4032 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/09/21 17:10:18.0003 4032 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2011/09/21 17:10:18.0206 4032 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

2011/09/21 17:10:18.0346 4032 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys

2011/09/21 17:10:18.0549 4032 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/09/21 17:10:18.0705 4032 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys

2011/09/21 17:10:18.0892 4032 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

2011/09/21 17:10:19.0064 4032 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys

2011/09/21 17:10:19.0251 4032 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/21 17:10:19.0438 4032 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/21 17:10:19.0610 4032 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS

2011/09/21 17:10:19.0781 4032 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys

2011/09/21 17:10:19.0969 4032 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/09/21 17:10:20.0156 4032 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/21 17:10:20.0312 4032 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/09/21 17:10:20.0499 4032 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/09/21 17:10:20.0671 4032 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/09/21 17:10:20.0795 4032 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/09/21 17:10:20.0951 4032 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/09/21 17:10:21.0107 4032 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/09/21 17:10:21.0310 4032 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/09/21 17:10:21.0529 4032 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/09/21 17:10:21.0747 4032 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/09/21 17:10:21.0950 4032 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS

2011/09/21 17:10:22.0293 4032 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/09/21 17:10:22.0449 4032 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/09/21 17:10:22.0574 4032 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/09/21 17:10:22.0714 4032 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/21 17:10:22.0761 4032 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/21 17:10:22.0917 4032 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/09/21 17:10:23.0042 4032 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/21 17:10:23.0057 4032 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 67ae7e7b49142dc96549cb85d4773e16

2011/09/21 17:10:23.0073 4032 Wdf01000 - detected Virus.Win32.Rloader.a (0)

2011/09/21 17:10:23.0354 4032 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/09/21 17:10:23.0416 4032 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/09/21 17:10:23.0619 4032 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/09/21 17:10:23.0884 4032 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/09/21 17:10:24.0025 4032 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/09/21 17:10:24.0212 4032 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/21 17:10:24.0337 4032 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/09/21 17:10:24.0524 4032 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/21 17:10:24.0617 4032 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/09/21 17:10:24.0695 4032 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

2011/09/21 17:10:25.0585 4032 Boot (0x1200) (e3e8007ac1aaf904fe3b3660d9c1ca6d) \Device\Harddisk0\DR0\Partition0

2011/09/21 17:10:25.0616 4032 Boot (0x1200) (80970f671e862bb240f360cdb959f290) \Device\Harddisk0\DR0\Partition1

2011/09/21 17:10:25.0631 4032 Boot (0x1200) (73946b8edaf33bc6363de04b05e64e0d) \Device\Harddisk1\DR1\Partition0

2011/09/21 17:10:25.0647 4032 ================================================================================

2011/09/21 17:10:25.0647 4032 Scan finished

2011/09/21 17:10:25.0647 4032 ================================================================================

2011/09/21 17:10:25.0647 2272 Detected object count: 1

2011/09/21 17:10:25.0647 2272 Actual detected object count: 1

2011/09/21 17:11:00.0045 2272 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/21 17:11:00.0076 2272 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73

2011/09/21 17:11:00.0170 2272 Backup copy found, using it..

2011/09/21 17:11:00.0279 2272 C:\Windows\system32\drivers\Wdf01000.sys - will be cured after reboot

2011/09/21 17:11:00.0279 2272 Virus.Win32.Rloader.a(Wdf01000) - User select action: Cure

2011/09/21 17:11:06.0270 0212 Deinitialize success

Clean Scan

2011/09/21 17:13:07.0840 3832 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10

2011/09/21 17:13:08.0090 3832 ================================================================================

2011/09/21 17:13:08.0090 3832 SystemInfo:

2011/09/21 17:13:08.0090 3832

2011/09/21 17:13:08.0090 3832 OS Version: 6.1.7601 ServicePack: 1.0

2011/09/21 17:13:08.0090 3832 Product type: Workstation

2011/09/21 17:13:08.0090 3832 ComputerName: BIRDDOG

2011/09/21 17:13:08.0090 3832 UserName: Canis & Herron

2011/09/21 17:13:08.0090 3832 Windows directory: C:\Windows

2011/09/21 17:13:08.0090 3832 System windows directory: C:\Windows

2011/09/21 17:13:08.0090 3832 Processor architecture: Intel x86

2011/09/21 17:13:08.0090 3832 Number of processors: 2

2011/09/21 17:13:08.0090 3832 Page size: 0x1000

2011/09/21 17:13:08.0090 3832 Boot type: Normal boot

2011/09/21 17:13:08.0090 3832 ================================================================================

2011/09/21 17:13:17.0746 3832 Initialize success

2011/09/21 17:13:22.0660 3964 ================================================================================

2011/09/21 17:13:22.0660 3964 Scan started

2011/09/21 17:13:22.0660 3964 Mode: Manual;

2011/09/21 17:13:22.0660 3964 ================================================================================

2011/09/21 17:17:09.0469 3964 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/09/21 17:17:10.0561 3964 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/09/21 17:17:11.0622 3964 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/09/21 17:17:12.0402 3964 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/09/21 17:17:12.0761 3964 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/09/21 17:17:12.0854 3964 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/09/21 17:17:13.0057 3964 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/09/21 17:17:13.0135 3964 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/09/21 17:17:13.0276 3964 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/09/21 17:17:13.0463 3964 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/09/21 17:17:13.0525 3964 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/09/21 17:17:13.0588 3964 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/09/21 17:17:13.0712 3964 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/09/21 17:17:13.0775 3964 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/09/21 17:17:13.0868 3964 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

2011/09/21 17:17:13.0931 3964 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/09/21 17:17:13.0978 3964 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

2011/09/21 17:17:14.0087 3964 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/09/21 17:17:14.0274 3964 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/09/21 17:17:14.0352 3964 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/09/21 17:17:14.0446 3964 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/21 17:17:14.0524 3964 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/09/21 17:17:14.0617 3964 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/09/21 17:17:14.0789 3964 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/09/21 17:17:14.0898 3964 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/09/21 17:17:15.0038 3964 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/09/21 17:17:15.0148 3964 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/21 17:17:15.0194 3964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/09/21 17:17:15.0257 3964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/09/21 17:17:15.0335 3964 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/09/21 17:17:15.0397 3964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/09/21 17:17:15.0413 3964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/09/21 17:17:15.0428 3964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/09/21 17:17:15.0491 3964 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/09/21 17:17:15.0740 3964 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/21 17:17:15.0850 3964 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/09/21 17:17:15.0912 3964 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/09/21 17:17:15.0990 3964 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/09/21 17:17:16.0115 3964 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/21 17:17:16.0208 3964 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/09/21 17:17:16.0271 3964 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/09/21 17:17:16.0318 3964 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/21 17:17:16.0411 3964 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/09/21 17:17:16.0489 3964 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/09/21 17:17:16.0661 3964 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/09/21 17:17:16.0801 3964 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/09/21 17:17:16.0957 3964 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/09/21 17:17:17.0098 3964 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/09/21 17:17:17.0222 3964 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/21 17:17:17.0347 3964 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/09/21 17:17:17.0612 3964 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/09/21 17:17:17.0862 3964 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/09/21 17:17:17.0940 3964 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/09/21 17:17:18.0002 3964 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/09/21 17:17:18.0018 3964 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/09/21 17:17:18.0049 3964 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/21 17:17:18.0158 3964 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/09/21 17:17:18.0236 3964 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/09/21 17:17:18.0408 3964 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/21 17:17:18.0455 3964 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/09/21 17:17:18.0517 3964 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/09/21 17:17:18.0564 3964 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/21 17:17:18.0642 3964 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/09/21 17:17:18.0782 3964 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/09/21 17:17:18.0954 3964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/09/21 17:17:19.0017 3964 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/09/21 17:17:19.0126 3964 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/09/21 17:17:19.0235 3964 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/09/21 17:17:19.0313 3964 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/09/21 17:17:19.0422 3964 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/09/21 17:17:19.0547 3964 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/09/21 17:17:19.0828 3964 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

2011/09/21 17:17:19.0937 3964 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/09/21 17:17:20.0031 3964 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\Windows\system32\DRIVERS\HPZid412.sys

2011/09/21 17:17:20.0093 3964 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\Windows\system32\DRIVERS\HPZipr12.sys

2011/09/21 17:17:20.0187 3964 HPZius12 (29559db25258b60510a60c4e470fce32) C:\Windows\system32\DRIVERS\HPZius12.sys

2011/09/21 17:17:20.0311 3964 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/09/21 17:17:20.0436 3964 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/09/21 17:17:20.0561 3964 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/09/21 17:17:20.0670 3964 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

2011/09/21 17:17:21.0591 3964 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/09/21 17:17:21.0825 3964 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/09/21 17:17:22.0027 3964 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/09/21 17:17:22.0152 3964 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/21 17:17:22.0371 3964 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/21 17:17:22.0558 3964 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/09/21 17:17:22.0651 3964 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/09/21 17:17:22.0901 3964 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/09/21 17:17:23.0010 3964 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/09/21 17:17:23.0073 3964 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/09/21 17:17:23.0244 3964 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/09/21 17:17:23.0353 3964 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/09/21 17:17:23.0463 3964 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/21 17:17:23.0556 3964 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/09/21 17:17:23.0759 3964 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/21 17:17:23.0837 3964 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/09/21 17:17:23.0899 3964 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/09/21 17:17:24.0040 3964 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/09/21 17:17:24.0133 3964 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/09/21 17:17:24.0227 3964 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/09/21 17:17:24.0321 3964 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/09/21 17:17:24.0399 3964 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/09/21 17:17:24.0477 3964 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/09/21 17:17:24.0539 3964 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/21 17:17:24.0664 3964 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/09/21 17:17:24.0804 3964 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/21 17:17:24.0882 3964 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/09/21 17:17:24.0976 3964 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/09/21 17:17:25.0069 3964 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/21 17:17:25.0163 3964 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/09/21 17:17:25.0241 3964 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/21 17:17:25.0335 3964 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/21 17:17:25.0428 3964 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/21 17:17:25.0537 3964 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/09/21 17:17:25.0615 3964 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/09/21 17:17:25.0709 3964 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/09/21 17:17:25.0803 3964 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/09/21 17:17:25.0881 3964 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/09/21 17:17:26.0037 3964 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/21 17:17:26.0161 3964 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/21 17:17:26.0193 3964 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/09/21 17:17:26.0286 3964 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/09/21 17:17:26.0380 3964 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/09/21 17:17:26.0411 3964 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/09/21 17:17:26.0473 3964 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/09/21 17:17:26.0536 3964 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/09/21 17:17:26.0645 3964 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/21 17:17:26.0770 3964 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/09/21 17:17:26.0895 3964 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/09/21 17:17:26.0988 3964 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/21 17:17:27.0097 3964 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/21 17:17:27.0160 3964 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/21 17:17:27.0191 3964 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/09/21 17:17:27.0238 3964 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/21 17:17:27.0316 3964 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/21 17:17:27.0472 3964 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/09/21 17:17:27.0597 3964 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/09/21 17:17:27.0659 3964 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/21 17:17:28.0033 3964 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

2011/09/21 17:17:28.0096 3964 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/09/21 17:17:28.0205 3964 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

2011/09/21 17:17:28.0314 3964 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

2011/09/21 17:17:28.0408 3964 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/09/21 17:17:28.0501 3964 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/09/21 17:17:28.0595 3964 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/09/21 17:17:28.0657 3964 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/09/21 17:17:28.0704 3964 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/09/21 17:17:28.0798 3964 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/09/21 17:17:28.0860 3964 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/09/21 17:17:28.0923 3964 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/09/21 17:17:28.0985 3964 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/09/21 17:17:29.0063 3964 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/09/21 17:17:29.0219 3964 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/21 17:17:29.0313 3964 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/09/21 17:17:29.0422 3964 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/21 17:17:29.0547 3964 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/09/21 17:17:29.0656 3964 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/09/21 17:17:29.0703 3964 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/21 17:17:29.0749 3964 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/21 17:17:29.0874 3964 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/09/21 17:17:30.0046 3964 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/21 17:17:30.0280 3964 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/21 17:17:30.0514 3964 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/21 17:17:30.0732 3964 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/21 17:17:30.0888 3964 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/09/21 17:17:31.0075 3964 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/21 17:17:31.0356 3964 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/21 17:17:31.0497 3964 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/09/21 17:17:31.0809 3964 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/09/21 17:17:32.0043 3964 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/09/21 17:17:32.0339 3964 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/21 17:17:32.0511 3964 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys

2011/09/21 17:17:32.0667 3964 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys

2011/09/21 17:17:32.0838 3964 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys

2011/09/21 17:17:32.0901 3964 SbHips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys

2011/09/21 17:17:33.0010 3964 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/09/21 17:17:33.0181 3964 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys

2011/09/21 17:17:33.0291 3964 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys

2011/09/21 17:17:33.0337 3964 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/09/21 17:17:33.0478 3964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/09/21 17:17:33.0618 3964 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/09/21 17:17:33.0681 3964 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/09/21 17:17:33.0774 3964 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/09/21 17:17:33.0883 3964 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/09/21 17:17:33.0993 3964 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/21 17:17:34.0102 3964 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/09/21 17:17:34.0180 3964 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/09/21 17:17:34.0648 3964 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/09/21 17:17:34.0897 3964 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/09/21 17:17:35.0521 3964 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/09/21 17:17:35.0849 3964 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/09/21 17:17:36.0067 3964 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/09/21 17:17:36.0520 3964 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/09/21 17:17:36.0972 3964 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/21 17:17:37.0300 3964 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/21 17:17:37.0643 3964 ssmirrdr (f843301bdadb2728822c83413ef5f132) C:\Windows\system32\DRIVERS\ssmirrdr.sys

2011/09/21 17:17:37.0877 3964 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/09/21 17:17:38.0158 3964 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/09/21 17:17:39.0437 3964 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

2011/09/21 17:17:40.0014 3964 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/21 17:17:40.0373 3964 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/21 17:17:40.0747 3964 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/09/21 17:17:41.0028 3964 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/09/21 17:17:41.0387 3964 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/21 17:17:41.0668 3964 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/09/21 17:17:41.0949 3964 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/21 17:17:42.0276 3964 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/09/21 17:17:42.0463 3964 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/21 17:17:42.0713 3964 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/09/21 17:17:42.0994 3964 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/21 17:17:43.0197 3964 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/09/21 17:17:43.0415 3964 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/09/21 17:17:43.0524 3964 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/09/21 17:17:43.0852 3964 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2011/09/21 17:17:44.0086 3964 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

2011/09/21 17:17:44.0382 3964 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys

2011/09/21 17:17:44.0819 3964 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/09/21 17:17:45.0334 3964 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys

2011/09/21 17:17:45.0568 3964 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

2011/09/21 17:17:45.0708 3964 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys

2011/09/21 17:17:45.0927 3964 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/21 17:17:46.0067 3964 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/21 17:17:46.0285 3964 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS

2011/09/21 17:17:46.0629 3964 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys

2011/09/21 17:17:46.0878 3964 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/09/21 17:17:46.0987 3964 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/21 17:17:47.0097 3964 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/09/21 17:17:47.0143 3964 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/09/21 17:17:47.0409 3964 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/09/21 17:17:47.0596 3964 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/09/21 17:17:47.0736 3964 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/09/21 17:17:47.0877 3964 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/09/21 17:17:48.0001 3964 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/09/21 17:17:48.0111 3964 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/09/21 17:17:48.0267 3964 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/09/21 17:17:49.0000 3964 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS

2011/09/21 17:17:49.0499 3964 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/09/21 17:17:49.0749 3964 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/09/21 17:17:50.0357 3964 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/09/21 17:17:50.0825 3964 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/21 17:17:50.0903 3964 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/21 17:17:51.0433 3964 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/09/21 17:17:52.0167 3964 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/21 17:17:52.0884 3964 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/09/21 17:17:53.0321 3964 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/09/21 17:17:53.0851 3964 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/09/21 17:17:54.0631 3964 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/09/21 17:17:55.0068 3964 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/09/21 17:17:55.0489 3964 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/21 17:17:55.0801 3964 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/09/21 17:17:55.0973 3964 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/21 17:17:56.0082 3964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/09/21 17:17:56.0176 3964 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

2011/09/21 17:17:57.0205 3964 Boot (0x1200) (e3e8007ac1aaf904fe3b3660d9c1ca6d) \Device\Harddisk0\DR0\Partition0

2011/09/21 17:17:57.0377 3964 Boot (0x1200) (80970f671e862bb240f360cdb959f290) \Device\Harddisk0\DR0\Partition1

2011/09/21 17:17:57.0424 3964 Boot (0x1200) (73946b8edaf33bc6363de04b05e64e0d) \Device\Harddisk1\DR1\Partition0

2011/09/21 17:17:57.0424 3964 ================================================================================

2011/09/21 17:17:57.0424 3964 Scan finished

2011/09/21 17:17:57.0424 3964 ================================================================================

2011/09/21 17:17:57.0439 3956 Detected object count: 0

2011/09/21 17:17:57.0439 3956 Actual detected object count: 0

2011/09/21 17:18:03.0165 3824 Deinitialize success

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.