Jump to content

Google Redirect, 2 Different Trojans Found?


Recommended Posts

I have been trying to resolve this issue for the past couple days to no avail. Google redirects and when I scan using Malwarebytes it detects the Sharpro.PGen Trojan. I also scanned using Microsoft Security Essentials and that one showed Tracer.AC Trojan. When I reboot my computer, I get a notification icon that some startup programs have been blocked. I hope this isn't a complete disaster, but of course no matter how many times I scan, delete, reboot, and scan again, I keep having the Google redirect and blocked startup programs problems. I did the required scan and saved the log as ark.zip, but when I try to browse and attach to this post, the file path given leads me to Win32 in my folders and I can't go anywhere else. Help me please... I hope my system isn't completely screwed up! Thanks!

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7919

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

10/11/2011 11:42:30 PM

mbam-log-2011-10-11 (23-42-30).txt

Scan type: Full scan (C:\|Q:\|)

Objects scanned: 306421

Time elapsed: 1 hour(s), 13 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\programdata\windowsbackupverifier.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsBackupVerifier (Trojan.SHarpro.PGen) -> Value: WindowsBackupVerifier -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\windowsbackupverifier.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Sara at 0:04:55 on 2011-10-12

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1789.697 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SafeConnect\scManager.sys

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\SafeConnect\scClient.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0209&m=d620

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0209&m=d620

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0209&m=d620

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [WindowsBackupVerifier] rundll32.exe "c:\programdata\WindowsBackupVerifier.dll",DllRegisterServer

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [eRecoveryService]

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRunOnce: [<NO NAME>]

StartupFolder: c:\users\sara\appdata\roaming\micros~1\windows\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{E548415F-EDEA-4AA1-BE50-77E7EE6F3AE0} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~1\GOEC62~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sara\appdata\roaming\mozilla\firefox\profiles\72wwft7a.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\sara\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Upromise TurboSaver: FFToolbar@upromise - %profile%\extensions\FFToolbar@upromise

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

R1 MpKsl88e66a68;MpKsl88e66a68;c:\programdata\microsoft\microsoft antimalware\definition updates\{ea2cc2c0-3779-43b2-becf-29f7004eb6ec}\MpKsl88e66a68.sys [2011-10-11 28752]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]

R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-2-24 24576]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-6 50424]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-8-27 22072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-24 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-12 06:43:16 54016 ----a-w- c:\windows\system32\drivers\vesi.sys

2011-10-12 06:41:53 -------- d-----w- c:\program files\ESET

2011-10-12 04:37:01 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2055793b-b460-4b0a-9cc6-f7c5d1f062d9}\gapaengine.dll

2011-10-12 04:37:01 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ea2cc2c0-3779-43b2-becf-29f7004eb6ec}\MpKsl88e66a68.sys

2011-10-12 04:34:46 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ea2cc2c0-3779-43b2-becf-29f7004eb6ec}\offreg.dll

2011-10-12 04:34:30 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ea2cc2c0-3779-43b2-becf-29f7004eb6ec}\mpengine.dll

2011-10-11 03:50:31 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll

2011-10-11 03:50:29 -------- d-----w- c:\users\sara\appdata\roaming\Catalina Marketing Corp

2011-10-11 03:50:18 485576 ----a-w- c:\users\sara\appdata\roaming\microsoft\windows\start menu\programs\catalina marketing corp\UninstallCouponActivator.exe

2011-10-07 05:46:51 912344 ----a-w- c:\program files\mozilla firefox\firefox.exe

2011-10-06 04:55:04 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-10-06 04:55:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-06 04:31:54 -------- d-----w- c:\users\sara\appdata\roaming\Malwarebytes

2011-10-06 04:30:18 -------- d-----w- c:\programdata\Malwarebytes

2011-10-06 04:30:13 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-06 04:30:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-06 03:56:45 -------- d-----w- c:\programdata\AVAST Software

2011-10-06 03:56:45 -------- d-----w- c:\program files\AVAST Software

2011-10-06 03:25:37 100864 ------w- c:\programdata\WindowsBackupVerifier.dll

2011-09-27 05:02:00 -------- d-----w- c:\users\sara\appdata\local\Microsoft Corporation

2011-09-27 05:01:14 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2011-09-27 04:40:28 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-09-27 04:24:22 705024 ----a-w- c:\windows\system32\drivers\athr.sys

2011-09-27 04:24:22 705024 ----a-w- c:\windows\system32\athr.sys

2011-09-27 04:24:22 24576 ----a-w- c:\windows\system32\PressCancel.exe

2011-09-27 04:24:22 -------- d-----w- c:\windows\Options

2011-09-27 04:20:08 -------- d-----w- c:\users\sara\appdata\local\WinZip

2011-09-27 04:03:33 61440 ----a-w- c:\windows\system32\athihvui.dll

2011-09-27 04:03:33 397312 ----a-w- c:\windows\system32\athihvs.dll

2011-09-27 04:03:33 -------- d-----w- c:\windows\system32\nn-NO

2011-09-27 04:03:33 -------- d-----w- c:\program files\Atheros

2011-09-27 04:02:45 -------- d-----w- c:\programdata\Atheros

2011-09-27 04:02:30 -------- d-----w- C:\SWSetup

2011-09-21 07:43:24 -------- d-----w- c:\programdata\Cisco Systems

2011-09-14 02:24:21 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{10c2dfe2-dfa2-46fd-a0c0-b64abdadd2f4}\gapaengine.dll

.

==================== Find3M ====================

.

2011-10-07 05:52:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 04:43:04 161792 ----a-w- c:\windows\system32\msls31.dll

2011-09-27 04:43:04 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-27 04:43:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-09-27 04:43:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-09-27 04:43:03 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-09-27 04:43:02 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-09-27 04:43:02 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-09-27 04:43:01 367104 ----a-w- c:\windows\system32\html.iec

2011-09-27 04:43:00 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-09-27 04:42:59 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-09-27 04:42:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-09-27 04:42:58 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-09-27 04:42:58 152064 ----a-w- c:\windows\system32\wextract.exe

2011-09-27 04:42:58 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-09-27 04:42:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-27 04:42:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-09-27 04:42:56 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-09-27 04:42:56 11776 ----a-w- c:\windows\system32\mshta.exe

2011-09-27 04:42:56 101888 ----a-w- c:\windows\system32\admparse.dll

2011-09-27 04:42:55 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-09-27 04:42:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

.

============= FINISH: 0:05:53.01 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...

Sorry for the late reply, I've been away on vacation and just returned. My computer is still having the same issues, so below are the logs requested. Tanks for your help!

ComboFix:

ComboFix 11-10-25.04 - Sara 10/26/2011 23:29:13.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1789.802 [GMT -7:00]

Running from: c:\users\Sara\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\WindowsBackupVerifier.dll

c:\windows\system32\regobj.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))

.

.

2011-10-27 06:40 . 2011-10-27 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-27 05:05 . 2011-10-27 05:10 -------- d-----w- c:\windows\1F34839E48264B64B1B342E5AE8DEC5A.TMP

2011-10-27 02:57 . 2011-10-27 02:57 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12B45A16-3E49-4455-8DD7-CF52FD301001}\MpKslc028b204.sys

2011-10-27 02:56 . 2011-10-27 02:56 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12B45A16-3E49-4455-8DD7-CF52FD301001}\offreg.dll

2011-10-27 02:56 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12B45A16-3E49-4455-8DD7-CF52FD301001}\mpengine.dll

2011-10-12 06:43 . 2011-10-12 06:43 54016 ----a-w- c:\windows\system32\drivers\vesi.sys

2011-10-12 06:41 . 2011-10-12 06:41 -------- d-----w- c:\program files\ESET

2011-10-12 04:37 . 2011-10-12 04:34 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2055793B-B460-4B0A-9CC6-F7C5D1F062D9}\gapaengine.dll

2011-10-11 03:50 . 2011-10-11 03:50 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll

2011-10-11 03:50 . 2011-10-11 03:50 -------- d-----w- c:\users\Sara\AppData\Roaming\Catalina Marketing Corp

2011-10-11 03:50 . 2011-10-11 03:50 485576 ----a-w- c:\users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

2011-10-07 05:51 . 2011-10-07 05:51 -------- d-----w- c:\programdata\McAfee

2011-10-07 05:46 . 2011-10-07 05:47 912344 ----a-w- c:\program files\Mozilla Firefox\firefox.exe

2011-10-06 04:55 . 2011-10-06 04:55 -------- d-----w- c:\program files\Common Files\Java

2011-10-06 04:55 . 2011-05-04 11:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-06 04:55 . 2011-05-04 11:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-06 04:31 . 2011-10-06 04:31 -------- d-----w- c:\users\Sara\AppData\Roaming\Malwarebytes

2011-10-06 04:30 . 2011-10-06 04:30 -------- d-----w- c:\programdata\Malwarebytes

2011-10-06 04:30 . 2011-10-06 04:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-06 04:30 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-06 03:56 . 2011-10-11 04:23 -------- d-----w- c:\programdata\AVAST Software

2011-10-06 03:56 . 2011-10-06 03:56 -------- d-----w- c:\program files\AVAST Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 05:52 . 2011-07-15 02:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 04:43 . 2011-09-27 04:43 161792 ----a-w- c:\windows\system32\msls31.dll

2011-09-27 04:43 . 2011-09-27 04:43 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-27 04:43 . 2011-09-27 04:43 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-09-27 04:43 . 2011-09-27 04:43 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-09-27 04:43 . 2011-09-27 04:43 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-09-27 04:43 . 2011-09-27 04:43 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-09-27 04:43 . 2011-09-27 04:43 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-09-27 04:43 . 2011-09-27 04:43 367104 ----a-w- c:\windows\system32\html.iec

2011-09-27 04:43 . 2011-09-27 04:43 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-09-27 04:42 . 2011-09-27 04:42 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-09-27 04:42 . 2011-09-27 04:42 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-09-27 04:42 . 2011-09-27 04:42 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-09-27 04:42 . 2011-09-27 04:42 152064 ----a-w- c:\windows\system32\wextract.exe

2011-09-27 04:42 . 2011-09-27 04:42 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-09-27 04:42 . 2011-09-27 04:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-27 04:42 . 2011-09-27 04:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-09-27 04:42 . 2011-09-27 04:42 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-09-27 04:42 . 2011-09-27 04:42 11776 ----a-w- c:\windows\system32\mshta.exe

2011-09-27 04:42 . 2011-09-27 04:42 101888 ----a-w- c:\windows\system32\admparse.dll

2011-09-27 04:42 . 2011-09-27 04:42 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-09-27 04:42 . 2011-09-27 04:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-09-12 23:14 . 2010-09-05 01:31 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-12 02:44 . 2011-08-24 10:01 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2010-09-01 03:31 . 2009-12-06 16:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-02 809480]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-01 30192]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-6-14 327680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 296088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

2008-04-07 05:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boingo Wi-Fi]

2009-06-11 07:55 1804 ----a-w- c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-07-14 13:05 6253088 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2008-07-14 13:06 1833504 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-01-21 19:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-05-19 11:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

R1 MpKsl1ea16074;MpKsl1ea16074;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{512A2E4A-A716-4F02-8339-3B32F26B6775}\MpKsl1ea16074.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-01 30192]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 WisINT15;WisINT15;c:\windows\System32\OEM\factory\WisINT15.SYS [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 MpKsl892b7840;MpKsl892b7840;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A0A9107-C03D-4269-987A-300B74740AE1}\MpKsl892b7840.sys [x]

S1 MpKslae090505;MpKslae090505;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A0A9107-C03D-4269-987A-300B74740AE1}\MpKslae090505.sys [x]

S1 MpKslc028b204;MpKslc028b204;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12B45A16-3E49-4455-8DD7-CF52FD301001}\MpKslc028b204.sys [2011-10-27 28752]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]

S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]

S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - MPKSL5C216853

*NewlyCreated* - MPKSL88E66A68

*NewlyCreated* - MPKSLC028B204

*NewlyCreated* - PXLDYPOW

*Deregistered* - MpKsl5c216853

*Deregistered* - MpKsl88e66a68

*Deregistered* - pxldypow

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 01:05]

.

2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 01:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0209&m=d620

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

FF - ProfilePath - c:\users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\72wwft7a.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Upromise TurboSaver: FFToolbar@upromise - %profile%\extensions\FFToolbar@upromise

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-WindowsBackupVerifier - c:\programdata\WindowsBackupVerifier.dll

HKLM-Run-eRecoveryService - (no file)

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-26 23:40

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\users\Sara\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

Completion time: 2011-10-26 23:46:04

ComboFix-quarantined-files.txt 2011-10-27 06:45

.

Pre-Run: 87,980,208,128 bytes free

Post-Run: 88,267,427,840 bytes free

.

- - End Of File - - 9B9FC9A9FB12C0CDDE4935B5FBC97D09

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Sara at 0:01:37 on 2011-10-27

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1789.550 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SafeConnect\scManager.sys

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SafeConnect\scClient.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=0209&m=d620

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\sara\appdata\roaming\micros~1\windows\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{E548415F-EDEA-4AA1-BE50-77E7EE6F3AE0} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sara\appdata\roaming\mozilla\firefox\profiles\72wwft7a.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\sara\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Upromise TurboSaver: FFToolbar@upromise - %profile%\extensions\FFToolbar@upromise

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

R1 MpKslc028b204;MpKslc028b204;c:\programdata\microsoft\microsoft antimalware\definition updates\{12b45a16-3e49-4455-8dd7-cf52fd301001}\MpKslc028b204.sys [2011-10-26 28752]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]

R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-2-24 24576]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-6 50424]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-8-27 22072]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-26 41272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-24 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-27 06:58:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-27 06:46:15 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-27 06:26:14 98816 ----a-w- c:\windows\sed.exe

2011-10-27 06:26:14 518144 ----a-w- c:\windows\SWREG.exe

2011-10-27 06:26:14 256000 ----a-w- c:\windows\PEV.exe

2011-10-27 06:26:14 208896 ----a-w- c:\windows\MBR.exe

2011-10-27 06:26:04 -------- d-----w- C:\ComboFix

2011-10-27 05:05:29 -------- d-----w- c:\windows\1F34839E48264B64B1B342E5AE8DEC5A.TMP

2011-10-27 02:57:22 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{12b45a16-3e49-4455-8dd7-cf52fd301001}\MpKslc028b204.sys

2011-10-27 02:56:44 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{12b45a16-3e49-4455-8dd7-cf52fd301001}\offreg.dll

2011-10-27 02:56:40 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{12b45a16-3e49-4455-8dd7-cf52fd301001}\mpengine.dll

2011-10-12 06:43:16 54016 ----a-w- c:\windows\system32\drivers\vesi.sys

2011-10-12 06:41:53 -------- d-----w- c:\program files\ESET

2011-10-12 04:37:01 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2055793b-b460-4b0a-9cc6-f7c5d1f062d9}\gapaengine.dll

2011-10-11 03:50:31 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll

2011-10-11 03:50:29 -------- d-----w- c:\users\sara\appdata\roaming\Catalina Marketing Corp

2011-10-11 03:50:18 485576 ----a-w- c:\users\sara\appdata\roaming\microsoft\windows\start menu\programs\catalina marketing corp\UninstallCouponActivator.exe

2011-10-07 05:46:51 912344 ----a-w- c:\program files\mozilla firefox\firefox.exe

2011-10-06 04:55:04 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-10-06 04:55:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-06 04:31:54 -------- d-----w- c:\users\sara\appdata\roaming\Malwarebytes

2011-10-06 04:30:18 -------- d-----w- c:\programdata\Malwarebytes

2011-10-06 04:30:13 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-06 04:30:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-06 03:56:45 -------- d-----w- c:\programdata\AVAST Software

2011-10-06 03:56:45 -------- d-----w- c:\program files\AVAST Software

.

==================== Find3M ====================

.

2011-10-07 05:52:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-27 04:43:04 161792 ----a-w- c:\windows\system32\msls31.dll

2011-09-27 04:43:04 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-27 04:43:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-09-27 04:43:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-09-27 04:43:03 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-09-27 04:43:02 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-09-27 04:43:02 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-09-27 04:43:01 367104 ----a-w- c:\windows\system32\html.iec

2011-09-27 04:43:00 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-09-27 04:42:59 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-09-27 04:42:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-09-27 04:42:58 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-09-27 04:42:58 152064 ----a-w- c:\windows\system32\wextract.exe

2011-09-27 04:42:58 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-09-27 04:42:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-27 04:42:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-09-27 04:42:56 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-09-27 04:42:56 11776 ----a-w- c:\windows\system32\mshta.exe

2011-09-27 04:42:56 101888 ----a-w- c:\windows\system32\admparse.dll

2011-09-27 04:42:55 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-09-27 04:42:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

.

============= FINISH: 0:03:04.83 ===============

MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8021

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

10/27/2011 12:04:43 AM

mbam-log-2011-10-27 (00-04-43).txt

Scan type: Quick scan

Objects scanned: 176752

Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Okay, the program didn't find anything and didn't prompt a restart.

22:09:49.0904 5928 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

22:09:51.0907 5928 ============================================================

22:09:51.0907 5928 Current date / time: 2011/10/30 22:09:51.0907

22:09:51.0907 5928 SystemInfo:

22:09:51.0907 5928

22:09:51.0907 5928 OS Version: 6.0.6002 ServicePack: 2.0

22:09:51.0907 5928 Product type: Workstation

22:09:51.0908 5928 ComputerName: SARA-PC

22:09:51.0908 5928 UserName: Sara

22:09:51.0908 5928 Windows directory: C:\Windows

22:09:51.0908 5928 System windows directory: C:\Windows

22:09:51.0908 5928 Processor architecture: Intel x86

22:09:51.0908 5928 Number of processors: 1

22:09:51.0908 5928 Page size: 0x1000

22:09:51.0908 5928 Boot type: Normal boot

22:09:51.0908 5928 ============================================================

22:09:54.0236 5928 Initialize success

22:09:56.0488 2656 ============================================================

22:09:56.0488 2656 Scan started

22:09:56.0488 2656 Mode: Manual;

22:09:56.0488 2656 ============================================================

22:09:57.0128 2656 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

22:09:57.0133 2656 ACPI - ok

22:09:57.0187 2656 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

22:09:57.0196 2656 adp94xx - ok

22:09:57.0307 2656 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

22:09:57.0314 2656 adpahci - ok

22:09:57.0383 2656 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

22:09:57.0385 2656 adpu160m - ok

22:09:57.0448 2656 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

22:09:57.0451 2656 adpu320 - ok

22:09:57.0570 2656 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

22:09:57.0576 2656 AFD - ok

22:09:57.0666 2656 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

22:09:57.0669 2656 agp440 - ok

22:09:57.0711 2656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

22:09:57.0713 2656 aic78xx - ok

22:09:57.0736 2656 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

22:09:57.0737 2656 aliide - ok

22:09:57.0767 2656 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

22:09:57.0769 2656 amdagp - ok

22:09:57.0846 2656 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

22:09:57.0847 2656 amdide - ok

22:09:57.0911 2656 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

22:09:57.0912 2656 AmdK7 - ok

22:09:57.0947 2656 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

22:09:57.0951 2656 AmdK8 - ok

22:09:58.0066 2656 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

22:09:58.0069 2656 arc - ok

22:09:58.0112 2656 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

22:09:58.0115 2656 arcsas - ok

22:09:58.0153 2656 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

22:09:58.0154 2656 AsyncMac - ok

22:09:58.0243 2656 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

22:09:58.0244 2656 atapi - ok

22:09:58.0329 2656 athr (42a781b795b36a7182ded8b55c245153) C:\Windows\system32\DRIVERS\athr.sys

22:09:58.0336 2656 athr - ok

22:09:58.0542 2656 atikmdag (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys

22:09:58.0641 2656 atikmdag - ok

22:09:58.0753 2656 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys

22:09:58.0754 2656 AtiPcie - ok

22:09:58.0906 2656 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

22:09:58.0907 2656 Beep - ok

22:09:58.0987 2656 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

22:09:58.0989 2656 blbdrive - ok

22:09:59.0146 2656 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

22:09:59.0149 2656 bowser - ok

22:09:59.0207 2656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

22:09:59.0208 2656 BrFiltLo - ok

22:09:59.0320 2656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

22:09:59.0321 2656 BrFiltUp - ok

22:09:59.0372 2656 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

22:09:59.0375 2656 Brserid - ok

22:09:59.0407 2656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

22:09:59.0409 2656 BrSerWdm - ok

22:09:59.0519 2656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

22:09:59.0520 2656 BrUsbMdm - ok

22:09:59.0552 2656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

22:09:59.0553 2656 BrUsbSer - ok

22:09:59.0591 2656 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

22:09:59.0593 2656 BTHMODEM - ok

22:09:59.0689 2656 catchme - ok

22:09:59.0782 2656 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

22:09:59.0784 2656 cdfs - ok

22:09:59.0859 2656 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

22:09:59.0861 2656 cdrom - ok

22:09:59.0900 2656 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

22:09:59.0902 2656 circlass - ok

22:09:59.0987 2656 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

22:09:59.0993 2656 CLFS - ok

22:10:00.0117 2656 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

22:10:00.0119 2656 CmBatt - ok

22:10:00.0205 2656 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

22:10:00.0206 2656 cmdide - ok

22:10:00.0274 2656 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

22:10:00.0275 2656 Compbatt - ok

22:10:00.0305 2656 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

22:10:00.0306 2656 crcdisk - ok

22:10:00.0345 2656 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

22:10:00.0346 2656 Crusoe - ok

22:10:00.0471 2656 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

22:10:00.0473 2656 DfsC - ok

22:10:00.0653 2656 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

22:10:00.0654 2656 disk - ok

22:10:00.0736 2656 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

22:10:00.0738 2656 DKbFltr - ok

22:10:00.0887 2656 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

22:10:00.0888 2656 drmkaud - ok

22:10:00.0959 2656 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

22:10:00.0970 2656 DXGKrnl - ok

22:10:01.0078 2656 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

22:10:01.0080 2656 E1G60 - ok

22:10:01.0152 2656 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

22:10:01.0155 2656 Ecache - ok

22:10:01.0282 2656 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

22:10:01.0290 2656 elxstor - ok

22:10:01.0411 2656 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

22:10:01.0412 2656 ErrDev - ok

22:10:01.0525 2656 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

22:10:01.0529 2656 exfat - ok

22:10:01.0655 2656 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

22:10:01.0659 2656 fastfat - ok

22:10:01.0712 2656 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

22:10:01.0714 2656 fdc - ok

22:10:01.0830 2656 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

22:10:01.0831 2656 FileInfo - ok

22:10:01.0863 2656 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

22:10:01.0864 2656 Filetrace - ok

22:10:01.0886 2656 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

22:10:01.0888 2656 flpydisk - ok

22:10:01.0946 2656 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

22:10:01.0949 2656 FltMgr - ok

22:10:02.0067 2656 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

22:10:02.0069 2656 Fs_Rec - ok

22:10:02.0094 2656 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

22:10:02.0096 2656 gagp30kx - ok

22:10:02.0160 2656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

22:10:02.0161 2656 GEARAspiWDM - ok

22:10:02.0335 2656 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

22:10:02.0340 2656 HdAudAddService - ok

22:10:02.0424 2656 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:10:02.0434 2656 HDAudBus - ok

22:10:02.0517 2656 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

22:10:02.0519 2656 HidBth - ok

22:10:02.0590 2656 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

22:10:02.0594 2656 HidIr - ok

22:10:02.0694 2656 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

22:10:02.0696 2656 HidUsb - ok

22:10:02.0748 2656 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

22:10:02.0749 2656 HpCISSs - ok

22:10:02.0805 2656 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

22:10:02.0814 2656 HTTP - ok

22:10:02.0895 2656 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

22:10:02.0897 2656 i2omp - ok

22:10:03.0046 2656 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

22:10:03.0048 2656 i8042prt - ok

22:10:03.0138 2656 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

22:10:03.0144 2656 iaStorV - ok

22:10:03.0185 2656 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

22:10:03.0186 2656 iirsp - ok

22:10:03.0282 2656 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys

22:10:03.0283 2656 int15 - ok

22:10:03.0396 2656 IntcAzAudAddService (1fa4f33e68bb76041e213f170d17a406) C:\Windows\system32\drivers\RTKVHDA.sys

22:10:03.0451 2656 IntcAzAudAddService - ok

22:10:03.0576 2656 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

22:10:03.0577 2656 intelide - ok

22:10:03.0615 2656 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

22:10:03.0617 2656 intelppm - ok

22:10:03.0660 2656 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:10:03.0662 2656 IpFilterDriver - ok

22:10:03.0749 2656 IpInIp - ok

22:10:03.0793 2656 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

22:10:03.0795 2656 IPMIDRV - ok

22:10:03.0829 2656 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

22:10:03.0831 2656 IPNAT - ok

22:10:03.0957 2656 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

22:10:03.0958 2656 IRENUM - ok

22:10:03.0992 2656 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

22:10:03.0994 2656 isapnp - ok

22:10:04.0054 2656 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

22:10:04.0058 2656 iScsiPrt - ok

22:10:04.0169 2656 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

22:10:04.0171 2656 iteatapi - ok

22:10:04.0205 2656 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

22:10:04.0206 2656 iteraid - ok

22:10:04.0337 2656 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

22:10:04.0339 2656 kbdclass - ok

22:10:04.0384 2656 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

22:10:04.0387 2656 kbdhid - ok

22:10:04.0454 2656 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

22:10:04.0461 2656 KSecDD - ok

22:10:04.0613 2656 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

22:10:04.0614 2656 lltdio - ok

22:10:04.0672 2656 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

22:10:04.0675 2656 LSI_FC - ok

22:10:04.0708 2656 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

22:10:04.0711 2656 LSI_SAS - ok

22:10:04.0820 2656 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

22:10:04.0823 2656 LSI_SCSI - ok

22:10:04.0853 2656 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

22:10:04.0856 2656 luafv - ok

22:10:04.0892 2656 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

22:10:04.0893 2656 megasas - ok

22:10:04.0928 2656 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

22:10:04.0936 2656 MegaSR - ok

22:10:05.0055 2656 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

22:10:05.0057 2656 Modem - ok

22:10:05.0105 2656 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

22:10:05.0106 2656 monitor - ok

22:10:05.0139 2656 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

22:10:05.0140 2656 mouclass - ok

22:10:05.0251 2656 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

22:10:05.0255 2656 mouhid - ok

22:10:05.0291 2656 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

22:10:05.0292 2656 MountMgr - ok

22:10:05.0352 2656 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

22:10:05.0355 2656 MpFilter - ok

22:10:05.0463 2656 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

22:10:05.0466 2656 mpio - ok

22:10:05.0540 2656 MpKsl1ea16074 - ok

22:10:05.0629 2656 MpKsl904a937c (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C1FBD5A-68E3-4F48-9D61-42AA23C95FEF}\MpKsl904a937c.sys

22:10:05.0630 2656 MpKsl904a937c - ok

22:10:05.0740 2656 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

22:10:05.0742 2656 MpNWMon - ok

22:10:05.0790 2656 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

22:10:05.0793 2656 mpsdrv - ok

22:10:05.0837 2656 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

22:10:05.0841 2656 Mraid35x - ok

22:10:05.0963 2656 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

22:10:05.0966 2656 MRxDAV - ok

22:10:06.0014 2656 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:10:06.0016 2656 mrxsmb - ok

22:10:06.0133 2656 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:10:06.0137 2656 mrxsmb10 - ok

22:10:06.0187 2656 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:10:06.0189 2656 mrxsmb20 - ok

22:10:06.0231 2656 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

22:10:06.0232 2656 msahci - ok

22:10:06.0345 2656 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

22:10:06.0348 2656 msdsm - ok

22:10:06.0404 2656 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

22:10:06.0405 2656 Msfs - ok

22:10:06.0457 2656 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

22:10:06.0458 2656 msisadrv - ok

22:10:06.0598 2656 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

22:10:06.0599 2656 MSKSSRV - ok

22:10:06.0660 2656 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

22:10:06.0662 2656 MSPCLOCK - ok

22:10:06.0789 2656 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

22:10:06.0790 2656 MSPQM - ok

22:10:06.0967 2656 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

22:10:06.0971 2656 MsRPC - ok

22:10:07.0132 2656 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

22:10:07.0158 2656 mssmbios - ok

22:10:07.0246 2656 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

22:10:07.0274 2656 MSTEE - ok

22:10:07.0369 2656 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

22:10:07.0371 2656 Mup - ok

22:10:07.0542 2656 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

22:10:07.0562 2656 NativeWifiP - ok

22:10:07.0711 2656 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

22:10:07.0721 2656 NDIS - ok

22:10:07.0895 2656 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

22:10:07.0915 2656 NdisTapi - ok

22:10:08.0100 2656 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

22:10:08.0115 2656 Ndisuio - ok

22:10:08.0248 2656 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

22:10:08.0274 2656 NdisWan - ok

22:10:08.0437 2656 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

22:10:08.0439 2656 NDProxy - ok

22:10:08.0473 2656 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

22:10:08.0475 2656 NetBIOS - ok

22:10:08.0529 2656 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

22:10:08.0536 2656 netbt - ok

22:10:08.0691 2656 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

22:10:08.0693 2656 nfrd960 - ok

22:10:08.0786 2656 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

22:10:08.0789 2656 NisDrv - ok

22:10:08.0846 2656 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

22:10:08.0848 2656 Npfs - ok

22:10:08.0961 2656 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

22:10:08.0963 2656 nsiproxy - ok

22:10:09.0046 2656 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

22:10:09.0067 2656 Ntfs - ok

22:10:09.0192 2656 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys

22:10:09.0207 2656 NTIDrvr - ok

22:10:09.0251 2656 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

22:10:09.0252 2656 ntrigdigi - ok

22:10:09.0293 2656 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

22:10:09.0294 2656 Null - ok

22:10:09.0401 2656 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

22:10:09.0406 2656 nvraid - ok

22:10:09.0441 2656 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

22:10:09.0442 2656 nvstor - ok

22:10:09.0473 2656 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

22:10:09.0476 2656 nv_agp - ok

22:10:09.0560 2656 NwlnkFlt - ok

22:10:09.0580 2656 NwlnkFwd - ok

22:10:09.0667 2656 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

22:10:09.0669 2656 ohci1394 - ok

22:10:09.0819 2656 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

22:10:09.0823 2656 Parport - ok

22:10:09.0876 2656 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

22:10:09.0878 2656 partmgr - ok

22:10:09.0993 2656 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

22:10:09.0995 2656 Parvdm - ok

22:10:10.0055 2656 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

22:10:10.0059 2656 pci - ok

22:10:10.0178 2656 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

22:10:10.0178 2656 pciide - ok

22:10:10.0241 2656 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

22:10:10.0277 2656 pcmcia - ok

22:10:10.0421 2656 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

22:10:10.0438 2656 PEAUTH - ok

22:10:10.0628 2656 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

22:10:10.0631 2656 PptpMiniport - ok

22:10:10.0668 2656 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

22:10:10.0670 2656 Processor - ok

22:10:10.0815 2656 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

22:10:10.0817 2656 PSched - ok

22:10:10.0874 2656 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

22:10:10.0875 2656 PxHelp20 - ok

22:10:11.0038 2656 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

22:10:11.0077 2656 ql2300 - ok

22:10:11.0239 2656 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

22:10:11.0242 2656 ql40xx - ok

22:10:11.0281 2656 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

22:10:11.0283 2656 QWAVEdrv - ok

22:10:11.0319 2656 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

22:10:11.0320 2656 RasAcd - ok

22:10:11.0451 2656 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:10:11.0453 2656 Rasl2tp - ok

22:10:11.0505 2656 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

22:10:11.0507 2656 RasPppoe - ok

22:10:11.0535 2656 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

22:10:11.0539 2656 RasSstp - ok

22:10:11.0687 2656 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

22:10:11.0691 2656 rdbss - ok

22:10:11.0749 2656 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:10:11.0750 2656 RDPCDD - ok

22:10:11.0788 2656 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

22:10:11.0791 2656 rdpdr - ok

22:10:11.0895 2656 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

22:10:11.0899 2656 RDPENCDD - ok

22:10:11.0960 2656 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

22:10:11.0965 2656 RDPWD - ok

22:10:12.0087 2656 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

22:10:12.0088 2656 regi - ok

22:10:12.0157 2656 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys

22:10:12.0158 2656 RimVSerPort - ok

22:10:12.0283 2656 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

22:10:12.0285 2656 ROOTMODEM - ok

22:10:12.0331 2656 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

22:10:12.0336 2656 rspndr - ok

22:10:12.0372 2656 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

22:10:12.0374 2656 sbp2port - ok

22:10:12.0543 2656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:10:12.0545 2656 secdrv - ok

22:10:12.0594 2656 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

22:10:12.0596 2656 Serenum - ok

22:10:12.0632 2656 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

22:10:12.0635 2656 Serial - ok

22:10:12.0749 2656 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

22:10:12.0750 2656 sermouse - ok

22:10:12.0802 2656 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

22:10:12.0805 2656 sffdisk - ok

22:10:12.0832 2656 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

22:10:12.0834 2656 sffp_mmc - ok

22:10:12.0865 2656 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

22:10:12.0866 2656 sffp_sd - ok

22:10:12.0972 2656 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

22:10:12.0974 2656 sfloppy - ok

22:10:13.0044 2656 Sftfs (8f00cc8cacf83dce5b35079f615b0f12) C:\Windows\system32\DRIVERS\Sftfslh.sys

22:10:13.0053 2656 Sftfs - ok

22:10:13.0175 2656 Sftplay (afdb934586c4c8b2be39ae7eea6f52be) C:\Windows\system32\DRIVERS\Sftplaylh.sys

22:10:13.0199 2656 Sftplay - ok

22:10:13.0245 2656 Sftredir (6b1865d82e0290729ed7496c24275592) C:\Windows\system32\DRIVERS\Sftredirlh.sys

22:10:13.0246 2656 Sftredir - ok

22:10:13.0276 2656 Sftvol (621eccb1265a01ce2bdf6f2c5e727e2b) C:\Windows\system32\DRIVERS\Sftvollh.sys

22:10:13.0278 2656 Sftvol - ok

22:10:13.0405 2656 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

22:10:13.0407 2656 sisagp - ok

22:10:13.0455 2656 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

22:10:13.0457 2656 SiSRaid2 - ok

22:10:13.0489 2656 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

22:10:13.0492 2656 SiSRaid4 - ok

22:10:13.0602 2656 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

22:10:13.0606 2656 Smb - ok

22:10:13.0701 2656 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

22:10:13.0703 2656 spldr - ok

22:10:13.0812 2656 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

22:10:13.0819 2656 srv - ok

22:10:13.0875 2656 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

22:10:13.0878 2656 srv2 - ok

22:10:13.0992 2656 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

22:10:13.0994 2656 srvnet - ok

22:10:14.0044 2656 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

22:10:14.0045 2656 StillCam - ok

22:10:14.0108 2656 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

22:10:14.0110 2656 swenum - ok

22:10:14.0229 2656 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

22:10:14.0230 2656 Symc8xx - ok

22:10:14.0264 2656 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

22:10:14.0265 2656 Sym_hi - ok

22:10:14.0294 2656 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

22:10:14.0296 2656 Sym_u3 - ok

22:10:14.0343 2656 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys

22:10:14.0349 2656 SynTP - ok

22:10:14.0523 2656 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys

22:10:14.0542 2656 Tcpip - ok

22:10:14.0690 2656 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys

22:10:14.0698 2656 Tcpip6 - ok

22:10:14.0808 2656 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys

22:10:14.0812 2656 tcpipreg - ok

22:10:14.0856 2656 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

22:10:14.0857 2656 TDPIPE - ok

22:10:14.0891 2656 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

22:10:14.0895 2656 TDTCP - ok

22:10:15.0018 2656 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

22:10:15.0020 2656 tdx - ok

22:10:15.0069 2656 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

22:10:15.0071 2656 TermDD - ok

22:10:15.0241 2656 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:10:15.0243 2656 tssecsrv - ok

22:10:15.0279 2656 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

22:10:15.0281 2656 tunmp - ok

22:10:15.0420 2656 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

22:10:15.0422 2656 tunnel - ok

22:10:15.0474 2656 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

22:10:15.0475 2656 uagp35 - ok

22:10:15.0525 2656 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

22:10:15.0526 2656 UBHelper - ok

22:10:15.0650 2656 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

22:10:15.0656 2656 udfs - ok

22:10:15.0719 2656 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

22:10:15.0721 2656 uliagpkx - ok

22:10:15.0759 2656 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

22:10:15.0765 2656 uliahci - ok

22:10:15.0882 2656 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

22:10:15.0885 2656 UlSata - ok

22:10:15.0924 2656 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

22:10:15.0927 2656 ulsata2 - ok

22:10:15.0965 2656 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

22:10:15.0968 2656 umbus - ok

22:10:16.0100 2656 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

22:10:16.0103 2656 usbccgp - ok

22:10:16.0138 2656 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

22:10:16.0144 2656 usbcir - ok

22:10:16.0203 2656 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

22:10:16.0213 2656 usbehci - ok

22:10:16.0486 2656 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys

22:10:16.0487 2656 usbfilter - ok

22:10:16.0607 2656 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

22:10:16.0612 2656 usbhub - ok

22:10:16.0660 2656 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

22:10:16.0662 2656 usbohci - ok

22:10:16.0690 2656 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

22:10:16.0692 2656 usbprint - ok

22:10:16.0801 2656 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:10:16.0802 2656 USBSTOR - ok

22:10:16.0846 2656 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

22:10:16.0848 2656 usbuhci - ok

22:10:16.0971 2656 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

22:10:16.0974 2656 usbvideo - ok

22:10:17.0030 2656 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

22:10:17.0032 2656 vga - ok

22:10:17.0067 2656 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

22:10:17.0071 2656 VgaSave - ok

22:10:17.0104 2656 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

22:10:17.0106 2656 viaagp - ok

22:10:17.0218 2656 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

22:10:17.0223 2656 ViaC7 - ok

22:10:17.0261 2656 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

22:10:17.0263 2656 viaide - ok

22:10:17.0291 2656 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

22:10:17.0292 2656 volmgr - ok

22:10:17.0370 2656 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

22:10:17.0375 2656 volmgrx - ok

22:10:17.0496 2656 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

22:10:17.0501 2656 volsnap - ok

22:10:17.0564 2656 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

22:10:17.0566 2656 vsmraid - ok

22:10:17.0710 2656 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

22:10:17.0711 2656 WacomPen - ok

22:10:17.0743 2656 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

22:10:17.0745 2656 Wanarp - ok

22:10:17.0761 2656 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

22:10:17.0762 2656 Wanarpv6 - ok

22:10:17.0809 2656 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

22:10:17.0811 2656 Wd - ok

22:10:17.0848 2656 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

22:10:17.0859 2656 Wdf01000 - ok

22:10:18.0152 2656 WisINT15 - ok

22:10:18.0318 2656 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

22:10:18.0319 2656 WmiAcpi - ok

22:10:18.0630 2656 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

22:10:18.0647 2656 ws2ifsl - ok

22:10:18.0845 2656 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:10:18.0873 2656 WUDFRd - ok

22:10:18.0994 2656 yukonwlh (76213f365d474b98cebe61973ef92517) C:\Windows\system32\DRIVERS\yk60x86.sys

22:10:19.0000 2656 yukonwlh - ok

22:10:19.0041 2656 MBR (0x1B8) (8c9f9e03865c35f0f3829a23cda42f5d) \Device\Harddisk0\DR0

22:10:20.0182 2656 \Device\Harddisk0\DR0 - ok

22:10:20.0206 2656 Boot (0x1200) (9561fc95aaaf1ea29ef44a21f184ef73) \Device\Harddisk0\DR0\Partition0

22:10:20.0207 2656 \Device\Harddisk0\DR0\Partition0 - ok

22:10:20.0212 2656 ============================================================

22:10:20.0212 2656 Scan finished

22:10:20.0212 2656 ============================================================

22:10:20.0229 0432 Detected object count: 0

22:10:20.0229 0432 Actual detected object count: 0

22:11:16.0089 4148 Deinitialize success

Link to post
Share on other sites

  • Staff

Hi,

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

  • Staff

Sounds good from here!

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.