BleepingComputer.com: Redirects from search engine links

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Redirects from search engine links antivirus not finding anything

#1 User is offline   pamz 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 24-November 11

Posted 24 November 2011 - 07:35 PM

Using Windows XP Professional Version 2002 SP3

For a few months now I have been redirected to websites unrelated to my search terms or the link itself (mainly "thewebtimes.net" and some gossip site, as well as others). This happens in both firefox and IE browsers, and the google and bing search engines. I cannot even right click a link and "Copy link location" because the url that is copied is the google tracking url for the site and I am redirected to the strange website anyway.

I was getting by copy/pasting the url text that google displays below the link itself or going to "quick view" and clicking on "cached", but that is becoming quite irritating. However, after a few hours online ALL navigation is redirected to a site titled "MSN Troubleshooting," only restarting the browser will remedy this. I work from home and this problem has been cutting into my productivity.

I have tried disabling all browser add-ons, but the problem persists. The strange thing is my antivirus has never detected a problem (Kaspersky Internet Security).

Advice?

This post has been edited by pamz: 24 November 2011 - 07:41 PM

#2 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 25 November 2011 - 12:07 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.


IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#3 User is offline   pamz 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 24-November 11

Posted 25 November 2011 - 01:33 PM

The Malwarebytes program appears to have found and solved 7 somethings

Ok, here is the SecurityCheck log:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Kaspersky Internet Security 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
CCleaner
Java™ 6 Update 23
Java 2 Runtime Environment, SE v1.4.2_06
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
``````````End of Log````````````



The MiniToolBox log:

MiniToolBox by Farbar
Ran by lehr0e3 (administrator) on 25-11-2011 at 00:32:15
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82567LM-3 Gigabit Network Connection = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Hamachi"

set address name="Hamachi" source=dhcp
set dns name="Hamachi" source=dhcp register=NONE
set wins name="Hamachi" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : WW-8G2V1P1 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.netEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Intel® 82567LM-3 Gigabit Network Connection Physical Address. . . . . . . . . : F0-4D-A2-2B-C7-74 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.68 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.254 Lease Obtained. . . . . . . . . . : Thursday, November 24, 2011 1:49:08 PM Lease Expires . . . . . . . . . . : Friday, November 25, 2011 1:49:08 PMEthernet adapter Hamachi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Hamachi Network Interface Physical Address. . . . . . . . . : 7A-79-05-15-FB-81 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : No IP Address. . . . . . . . . . . . : 5.21.251.129 Subnet Mask . . . . . . . . . . . : 255.0.0.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 5.0.0.1 Lease Obtained. . . . . . . . . . : Thursday, November 24, 2011 1:51:22 PM Lease Expires . . . . . . . . . . : Friday, November 23, 2012 1:51:22 PMServer: Home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.65.103, 74.125.65.105, 74.125.65.99, 74.125.65.104
74.125.65.106, 74.125.65.147

Pinging google.com [74.125.65.106] with 32 bytes of data:Reply from 74.125.65.106: bytes=32 time=48ms TTL=50Reply from 74.125.65.106: bytes=32 time=89ms TTL=50Ping statistics for 74.125.65.106: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 48ms, Maximum = 89ms, Average = 68msServer: Home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:Reply from 98.137.149.56: bytes=32 time=105ms TTL=46Reply from 98.137.149.56: bytes=32 time=109ms TTL=46Ping statistics for 98.137.149.56: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 105ms, Maximum = 109ms, Average = 107msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...f0 4d a2 2b c7 74 ...... Intel® 82567LM-3 Gigabit Network Connection - Packet Scheduler Miniport
0x10004 ...7a 79 05 15 fb 81 ...... Hamachi Network Interface - Kaspersky Anti-Virus NDIS Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.68 20
5.0.0.0 255.0.0.0 5.21.251.129 5.21.251.129 20
5.21.251.129 255.255.255.255 127.0.0.1 127.0.0.1 20
5.255.255.255 255.255.255.255 5.21.251.129 5.21.251.129 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.68 192.168.1.68 20
192.168.1.0 255.255.255.0 192.168.1.68 192.168.1.68 20
192.168.1.68 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.68 192.168.1.68 20
224.0.0.0 240.0.0.0 5.21.251.129 5.21.251.129 20
224.0.0.0 240.0.0.0 192.168.1.68 192.168.1.68 20
255.255.255.255 255.255.255.255 5.21.251.129 5.21.251.129 1
255.255.255.255 255.255.255.255 192.168.1.68 192.168.1.68 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/16/2011 09:26:17 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/16/2011 09:26:17 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/16/2011 09:26:14 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/16/2011 09:26:14 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/16/2011 09:26:12 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/16/2011 09:26:12 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/16/2011 09:26:11 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/16/2011 09:26:11 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/16/2011 09:26:10 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/16/2011 09:26:10 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


System errors:
=============
Error: (11/24/2011 11:06:21 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverGGANNAGELAPTOPNetBT_Tcpip_{1C32EF91-45F3

Error: (11/24/2011 10:06:17 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverGGANNAGELAPTOPNetBT_Tcpip_{1C32EF91-45F3

Error: (11/24/2011 08:30:15 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverGGANNAGELAPTOPNetBT_Tcpip_{1C32EF91-45F3

Error: (11/24/2011 07:18:18 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverGGANNAGELAPTOPNetBT_Tcpip_{1C32EF91-45F3

Error: (11/24/2011 05:48:39 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverGGANNAGELAPTOPNetBT_Tcpip_{1C32EF91-45F3

Error: (11/24/2011 04:36:42 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverGGANNAGELAPTOPNetBT_Tcpip_{1C32EF91-45F3

Error: (11/24/2011 03:35:13 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverGGANNAGELAPTOPNetBT_Tcpip_{1C32EF91-45F3

Error: (11/24/2011 01:59:15 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverGGANNAGELAPTOPNetBT_Tcpip_{1C32EF91-45F3

Error: (11/24/2011 01:50:25 PM) (Source: Service Control Manager) (User: )
Description: The Intel CPU Perfermons service terminated with the following error:
%%2

Error: (11/24/2011 01:50:25 PM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/11/2011 00:51:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1319 seconds with 240 seconds of active time. This session ended with a crash.

Error: (01/27/2011 09:07:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 71513 seconds with 7680 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================



32 Bit HP CIO Components Installer (Version: 7.1.8)
5700_Help (Version: 1.00.0000)
AAC Decoder (Version: 7.1.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.1)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.4.980)
Adobe Content Viewer (Version: 1.4.0)
Adobe Creative Suite 5.5 Master Collection (Version: 5.5)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
AIM 6
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Display Driver (Version: 8.513.1-080717a1-067419C-Dell)
AutoUpdate (Version: 1.1)
Bonjour (Version: 3.0.0.10)
BPD_Scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware (Version: 82.0.173.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 82.0.173.000)
Camtasia Studio 7 (Version: 7.1.1)
CCleaner (Version: 3.11)
Celtx (2.7) (Version: 2.7 (en-US))
Centra Client
Citrix Presentation Server Client - Web Only (Version: 10.200.2650)
Codec 8.3f
Coupon Printer for Windows (Version: 5.0.0.0)
CustomerResearchQFolder (Version: 1.00.0000)
CutePDF Writer 2.7
Destinations (Version: 82.0.173.000)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.0.0)
DivX Player (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.0.0.19)
DivX Web Player (Version: 1.4.2)
DocProc (Version: 8.1.0.0)
Fax (Version: 82.0.188.000)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.81)
H.264 Decoder (Version: 1.0.0)
HP Customer Participation Program 7.0 (Version: 7.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Officejet All-In-One Series (Version: 1.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 10.7.9.0)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
iSpring Pro 5 (Version: 5.7.0)
iTunes (Version: 10.5.1.42)
J2SE Runtime Environment 5.0 Update 17 (Version: 1.5.0.170)
J5700 (Version: 50.0.165.000)
Java 2 Runtime Environment, SE v1.4.2_06 (Version: 1.4.2_06)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
Jing (Version: 2.4.10231)
Junk Mail filter update (Version: 14.0.8117.416)
Kaspersky Internet Security 2011 (Version: 11.0.2.556)
Logitech High Quality Video (Version: 12.10.1113)
Logitech QuickCam (Version: 11.10.2030)
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software Driver Package (Version: 12.10.1110)
LogMeIn Hamachi (Version: 2.1.0.122)
MarketResearch (Version: 70.0.170.000)
MarkView Viewer Enterprise Edition Plugin (Version: 5.0.5.1)
MathType 6 (Version: 6.5)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Project Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MKV Splitter (Version: 1.0.0)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Ncesoft Flip Book Maker 2.8.1 (Version: 2.8.1)
NOOK Study (Version: 1.6.5.12309)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Oracle JInitiator 1.3.1.22
PASW Statistics Student Version 18.0 (Version: 18.0.0)
PDF Settings CS5 (Version: 10.0)
PowerArchiver
PowerDVD (Version: 8.1.4719)
PPTminimizer
PrintKey2000
ProductContext (Version: 50.0.165.000)
PxMergeModule (Version: 1.00.0000)
QM for Windows (Version 2)
QuickTime (Version: 7.71.80.42)
RealPlayer
RealUpgrade 1.0 (Version: 1.0.0)
Respondus 4.0 Campus-Wide (Version: 4.00.0000)
Scan (Version: 8.1.0.0)
SecondLife (remove only)
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 5.7.8524)
Skype™ 5.5 (Version: 5.5.124)
Snagit 9.1.3 (Version: 9.1.3.19)
SolutionCenter (Version: 82.0.188.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (Version: 0.5.2)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 82.0.173.000)
Toolbox (Version: 70.0.170.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Viewpoint Media Player
Vivox Web Voice 1.16.2.2787 (Version: 1.16.2)
VLC media player 1.1.5 (Version: 1.1.5)
VNC Free Edition 4.1.3 (Version: 4.1.3)
VoiceOver Kit (Version: 1.42.128.0)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebMeeting Plug-in (Version: 6.0)
WebReg (Version: 82.0.173.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
WordWeb (Version: 6)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 3581.54 MB
Available physical RAM: 1275.98 MB
Total Pagefile: 5456.73 MB
Available Pagefile: 3340.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.96 GB) (Free:100.46 GB) NTFS
2 Drive d: (Render_QAM_9e) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
3 Drive e: (My Book) (Fixed) (Total:465.76 GB) (Free:462.48 GB) NTFS

========================= Users: ========================================

User accounts for \\WW-8G2V1P1

Administrator ASPNET erau
Guest HelpAssistant imageusr
lehr0e3 SUPPORT_388945a0 wwstudent


**** End of log ****


The MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8236

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/25/2011 12:51:53 AM
mbam-log-2011-11-25 (00-51-53).txt

Scan type: Quick scan
Objects scanned: 214461
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\2SPI9KEA4C (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\A9YA3MI1CF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\c_10005W.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.


GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-25 08:38:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD161GJ rev.1AC01122
Running: b2hf5o17.exe; Driver: c:\temp\fflyypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xACE9D5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xACE9DEFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xACE9ED32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xACE9F27C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xACE9E1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xACE9C46A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xACE9F162]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xACE9D1E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xACE9F036]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xACE9D390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xACE9F39C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xACE9DB86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xACE9F0CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xACEA0A84]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xACE9CA74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xACE9CE28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xACE9E65C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xACEA1C90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xACE9CF74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xACE9D00C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xACE9E46A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xACEA0B76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xACE9C446]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xACE9C458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xACEA12DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xACE9D138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xACE9F312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xACE9DF80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xACE9C62A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xACE9F1F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xACE9D836]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xACEA1078]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xACE9F432]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xACE9D728]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xACE9D0A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xACE9CCDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xACEA1618]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xACE9C906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xACEA0F0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xACE9CB96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xACE9BE80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xACE9F796]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xACE9F65C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xACEA081E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xACE9C1F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xACEA1B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xACE9BE18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xACE9EA78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xACE9DDA2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xACEA00BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xACEA0D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xACEA1768]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xACE9C780]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xACEA185A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xACEA1994]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xACEA09A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xACE9D9D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xACE9D932]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xACEA14BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xACE9DABC]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP ACE8FFEC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP ACE903C8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C90 8050452C 8 Bytes [62, F1, E9, AC, E8, D1, E9, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 8 Bytes [90, D3, E9, AC, 9C, F3, E9, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CC4 80504560 8 Bytes [CC, F0, E9, AC, 84, 0A, EA, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE8 80504584 8 Bytes [28, CE, E9, AC, 5C, E6, E9, ...] {SUB DH, CL; JMP 0xffffffffe9e65cb3; LODSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes JMP E9C446AC
.text ...
? vkyv.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9176000, 0x19DAB0, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[488] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012C2EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B97D7DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B97D7DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\lehr0e3\Desktop\b2hf5o17.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\lehr0e3\Desktop\b2hf5o17.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\lehr0e3\Desktop\b2hf5o17.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\lehr0e3\Desktop\b2hf5o17.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01002F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01002CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01002D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[2064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01002CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PrintKey2000\Printkey2000.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PrintKey2000\Printkey2000.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PrintKey2000\Printkey2000.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PrintKey2000\Printkey2000.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[2524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [016C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TypeItIn\TypeItIn.exe[2724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TypeItIn\TypeItIn.exe[2724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TypeItIn\TypeItIn.exe[2724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TypeItIn\TypeItIn.exe[2724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D32F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D32CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D32D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D32CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00522F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00522CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00522D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[4032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00522CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A9364D20

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:112] B9E78730

---- EOF - GMER 1.0.15 ----

#4 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 25 November 2011 - 08:27 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#5 User is offline   pamz 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 24-November 11

Posted 25 November 2011 - 09:18 PM

No reboot was required. Next direction was to click on Report and copy/paste the log file here:

21:13:53.0796 0452 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:13:54.0125 0452 ============================================================
21:13:54.0125 0452 Current date / time: 2011/11/25 21:13:54.0125
21:13:54.0125 0452 SystemInfo:
21:13:54.0125 0452
21:13:54.0125 0452 OS Version: 5.1.2600 ServicePack: 3.0
21:13:54.0125 0452 Product type: Workstation
21:13:54.0125 0452 ComputerName: WW-8G2V1P1
21:13:54.0125 0452 UserName: lehr0e3
21:13:54.0125 0452 Windows directory: C:\WINDOWS
21:13:54.0125 0452 System windows directory: C:\WINDOWS
21:13:54.0125 0452 Processor architecture: Intel x86
21:13:54.0125 0452 Number of processors: 2
21:13:54.0125 0452 Page size: 0x1000
21:13:54.0125 0452 Boot type: Normal boot
21:13:54.0125 0452 ============================================================
21:13:55.0734 0452 Initialize success
21:13:57.0468 3612 ============================================================
21:13:57.0468 3612 Scan started
21:13:57.0468 3612 Mode: Manual;
21:13:57.0468 3612 ============================================================
21:13:58.0859 3612 Abiosdsk - ok
21:13:58.0890 3612 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:13:58.0890 3612 abp480n5 - ok
21:13:58.0921 3612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:13:58.0921 3612 ACPI - ok
21:13:58.0937 3612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:13:58.0953 3612 ACPIEC - ok
21:13:58.0984 3612 ADIHdAudAddService (54613c0cab4c452c852efafb97a8a0e9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:13:58.0984 3612 ADIHdAudAddService - ok
21:13:59.0015 3612 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:13:59.0015 3612 adpu160m - ok
21:13:59.0046 3612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:13:59.0062 3612 aec - ok
21:13:59.0093 3612 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:13:59.0093 3612 AFD - ok
21:13:59.0125 3612 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:13:59.0125 3612 agp440 - ok
21:13:59.0140 3612 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:13:59.0140 3612 agpCPQ - ok
21:13:59.0156 3612 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:13:59.0156 3612 Aha154x - ok
21:13:59.0171 3612 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:13:59.0171 3612 aic78u2 - ok
21:13:59.0171 3612 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:13:59.0171 3612 aic78xx - ok
21:13:59.0203 3612 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:13:59.0203 3612 AliIde - ok
21:13:59.0218 3612 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:13:59.0218 3612 alim1541 - ok
21:13:59.0218 3612 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:13:59.0218 3612 amdagp - ok
21:13:59.0234 3612 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:13:59.0234 3612 amsint - ok
21:13:59.0265 3612 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:13:59.0265 3612 asc - ok
21:13:59.0265 3612 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:13:59.0265 3612 asc3350p - ok
21:13:59.0281 3612 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:13:59.0281 3612 asc3550 - ok
21:13:59.0312 3612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:13:59.0312 3612 AsyncMac - ok
21:13:59.0328 3612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:13:59.0328 3612 atapi - ok
21:13:59.0328 3612 Atdisk - ok
21:13:59.0421 3612 ati2mtag (fb3f4c60d58d11fb7c7cec927315b0ae) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:13:59.0437 3612 ati2mtag - ok
21:13:59.0546 3612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:13:59.0546 3612 Atmarpc - ok
21:13:59.0562 3612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:13:59.0562 3612 audstub - ok
21:13:59.0609 3612 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:13:59.0656 3612 b57w2k - ok
21:13:59.0703 3612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:13:59.0703 3612 Beep - ok
21:13:59.0750 3612 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:13:59.0765 3612 cbidf - ok
21:13:59.0781 3612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:13:59.0781 3612 cbidf2k - ok
21:13:59.0812 3612 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:13:59.0812 3612 CCDECODE - ok
21:13:59.0843 3612 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:13:59.0843 3612 cd20xrnt - ok
21:13:59.0843 3612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:13:59.0843 3612 Cdaudio - ok
21:13:59.0859 3612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:13:59.0859 3612 Cdfs - ok
21:13:59.0875 3612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:13:59.0906 3612 Cdrom - ok
21:13:59.0906 3612 Changer - ok
21:13:59.0937 3612 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:13:59.0937 3612 CmdIde - ok
21:13:59.0968 3612 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:13:59.0968 3612 Cpqarray - ok
21:13:59.0984 3612 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:13:59.0984 3612 dac2w2k - ok
21:14:00.0000 3612 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:14:00.0000 3612 dac960nt - ok
21:14:00.0062 3612 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
21:14:00.0062 3612 dfmirage - ok
21:14:00.0062 3612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:14:00.0062 3612 Disk - ok
21:14:00.0109 3612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:14:00.0140 3612 dmboot - ok
21:14:00.0156 3612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:14:00.0156 3612 dmio - ok
21:14:00.0156 3612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:14:00.0171 3612 dmload - ok
21:14:00.0203 3612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:14:00.0203 3612 DMusic - ok
21:14:00.0234 3612 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:14:00.0234 3612 dpti2o - ok
21:14:00.0265 3612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:14:00.0265 3612 drmkaud - ok
21:14:00.0296 3612 e1kexpress (9f7ae949202f0ef6b17dd3cc5c117ad3) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
21:14:00.0296 3612 e1kexpress - ok
21:14:00.0343 3612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:14:00.0359 3612 Fastfat - ok
21:14:00.0390 3612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:14:00.0390 3612 Fdc - ok
21:14:00.0421 3612 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
21:14:00.0421 3612 FilterService - ok
21:14:00.0453 3612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:14:00.0453 3612 Fips - ok
21:14:00.0468 3612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:14:00.0484 3612 Flpydisk - ok
21:14:00.0531 3612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:14:00.0531 3612 FltMgr - ok
21:14:00.0546 3612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:14:00.0546 3612 Fs_Rec - ok
21:14:00.0562 3612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:14:00.0562 3612 Ftdisk - ok
21:14:00.0609 3612 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:14:00.0609 3612 GEARAspiWDM - ok
21:14:00.0656 3612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:14:00.0656 3612 Gpc - ok
21:14:00.0687 3612 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
21:14:00.0687 3612 hamachi - ok
21:14:00.0703 3612 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:14:00.0703 3612 HDAudBus - ok
21:14:00.0750 3612 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:14:00.0765 3612 hidusb - ok
21:14:00.0781 3612 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:14:00.0781 3612 hpn - ok
21:14:00.0828 3612 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:14:00.0828 3612 HPZid412 - ok
21:14:00.0859 3612 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:14:00.0859 3612 HPZipr12 - ok
21:14:00.0921 3612 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:14:00.0921 3612 HPZius12 - ok
21:14:00.0984 3612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:14:00.0984 3612 HTTP - ok
21:14:01.0031 3612 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:14:01.0031 3612 i2omgmt - ok
21:14:01.0031 3612 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:14:01.0031 3612 i2omp - ok
21:14:01.0062 3612 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:14:01.0078 3612 iaStor - ok
21:14:01.0093 3612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:14:01.0093 3612 Imapi - ok
21:14:01.0125 3612 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:14:01.0125 3612 ini910u - ok
21:14:01.0140 3612 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:14:01.0140 3612 IntelIde - ok
21:14:01.0156 3612 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:14:01.0156 3612 intelppm - ok
21:14:01.0171 3612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:14:01.0187 3612 Ip6Fw - ok
21:14:01.0203 3612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:14:01.0203 3612 IpFilterDriver - ok
21:14:01.0203 3612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:14:01.0218 3612 IpInIp - ok
21:14:01.0250 3612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:14:01.0250 3612 IpNat - ok
21:14:01.0281 3612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:14:01.0281 3612 IPSec - ok
21:14:01.0312 3612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:14:01.0312 3612 IRENUM - ok
21:14:01.0343 3612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:14:01.0343 3612 isapnp - ok
21:14:01.0375 3612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:14:01.0375 3612 Kbdclass - ok
21:14:01.0406 3612 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:14:01.0406 3612 kbdhid - ok
21:14:01.0437 3612 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
21:14:01.0468 3612 KL1 - ok
21:14:01.0500 3612 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
21:14:01.0500 3612 kl2 - ok
21:14:01.0531 3612 KLIF (44ec6b3dbe167c7fa818f9918d2cbf22) C:\WINDOWS\system32\DRIVERS\klif.sys
21:14:01.0546 3612 KLIF - ok
21:14:01.0562 3612 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
21:14:01.0562 3612 klim5 - ok
21:14:01.0578 3612 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
21:14:01.0578 3612 klmouflt - ok
21:14:01.0609 3612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:14:01.0625 3612 kmixer - ok
21:14:01.0640 3612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:14:01.0640 3612 KSecDD - ok
21:14:01.0656 3612 lbrtfdc - ok
21:14:01.0906 3612 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
21:14:01.0921 3612 LVcKap - ok
21:14:02.0078 3612 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
21:14:02.0078 3612 LVMVDrv - ok
21:14:02.0140 3612 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
21:14:02.0140 3612 lvpopflt - ok
21:14:02.0187 3612 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:14:02.0187 3612 LVPr2Mon - ok
21:14:02.0218 3612 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:14:02.0218 3612 LVRS - ok
21:14:02.0359 3612 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:14:02.0468 3612 LVUVC - ok
21:14:02.0562 3612 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:14:02.0562 3612 MBAMProtector - ok
21:14:02.0562 3612 MBAMSwissArmy - ok
21:14:02.0609 3612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:14:02.0687 3612 mnmdd - ok
21:14:02.0718 3612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:14:02.0718 3612 Modem - ok
21:14:02.0734 3612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:14:02.0734 3612 Mouclass - ok
21:14:02.0765 3612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:14:02.0765 3612 mouhid - ok
21:14:02.0812 3612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:14:02.0812 3612 MountMgr - ok
21:14:02.0828 3612 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:14:02.0828 3612 mraid35x - ok
21:14:02.0859 3612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:14:02.0859 3612 MRxDAV - ok
21:14:02.0890 3612 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:14:02.0906 3612 MRxSmb - ok
21:14:02.0921 3612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:14:02.0921 3612 Msfs - ok
21:14:02.0953 3612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:14:02.0953 3612 MSKSSRV - ok
21:14:02.0984 3612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:14:02.0984 3612 MSPCLOCK - ok
21:14:03.0000 3612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:14:03.0000 3612 MSPQM - ok
21:14:03.0031 3612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:14:03.0031 3612 mssmbios - ok
21:14:03.0078 3612 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:14:03.0093 3612 MSTEE - ok
21:14:03.0156 3612 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:14:03.0171 3612 Mup - ok
21:14:03.0218 3612 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:14:03.0218 3612 NABTSFEC - ok
21:14:03.0265 3612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:14:03.0265 3612 NDIS - ok
21:14:03.0281 3612 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:14:03.0296 3612 NdisIP - ok
21:14:03.0296 3612 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:14:03.0312 3612 NdisTapi - ok
21:14:03.0328 3612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:14:03.0328 3612 Ndisuio - ok
21:14:03.0359 3612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:14:03.0359 3612 NdisWan - ok
21:14:03.0375 3612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:14:03.0375 3612 NDProxy - ok
21:14:03.0390 3612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:14:03.0390 3612 NetBIOS - ok
21:14:03.0406 3612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:14:03.0406 3612 NetBT - ok
21:14:03.0453 3612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:14:03.0453 3612 Npfs - ok
21:14:03.0500 3612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:14:03.0500 3612 Ntfs - ok
21:14:03.0546 3612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:14:03.0546 3612 Null - ok
21:14:03.0656 3612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:14:03.0656 3612 NwlnkFlt - ok
21:14:03.0656 3612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:14:03.0656 3612 NwlnkFwd - ok
21:14:03.0687 3612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:14:03.0687 3612 Parport - ok
21:14:03.0718 3612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:14:03.0734 3612 PartMgr - ok
21:14:03.0765 3612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:14:03.0765 3612 ParVdm - ok
21:14:03.0781 3612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:14:03.0781 3612 PCI - ok
21:14:03.0796 3612 PCIDump - ok
21:14:03.0812 3612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:14:03.0812 3612 PCIIde - ok
21:14:03.0843 3612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:14:03.0843 3612 Pcmcia - ok
21:14:03.0875 3612 PDCOMP - ok
21:14:03.0875 3612 PDFRAME - ok
21:14:03.0890 3612 PDRELI - ok
21:14:03.0890 3612 PDRFRAME - ok
21:14:03.0937 3612 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:14:03.0937 3612 perc2 - ok
21:14:04.0062 3612 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:14:04.0109 3612 perc2hib - ok
21:14:04.0296 3612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:14:04.0328 3612 PptpMiniport - ok
21:14:04.0453 3612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:14:04.0453 3612 PSched - ok
21:14:04.0484 3612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:14:04.0484 3612 Ptilink - ok
21:14:04.0500 3612 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:14:04.0500 3612 PxHelp20 - ok
21:14:04.0531 3612 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:14:04.0531 3612 ql1080 - ok
21:14:04.0578 3612 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:14:04.0578 3612 Ql10wnt - ok
21:14:04.0625 3612 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:14:04.0625 3612 ql12160 - ok
21:14:04.0625 3612 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:14:04.0625 3612 ql1240 - ok
21:14:04.0640 3612 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:14:04.0640 3612 ql1280 - ok
21:14:04.0640 3612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:14:04.0640 3612 RasAcd - ok
21:14:04.0671 3612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:14:04.0671 3612 Rasl2tp - ok
21:14:04.0687 3612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:14:04.0687 3612 RasPppoe - ok
21:14:04.0703 3612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:14:04.0703 3612 Raspti - ok
21:14:04.0718 3612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:14:04.0718 3612 Rdbss - ok
21:14:04.0734 3612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:14:04.0734 3612 RDPCDD - ok
21:14:04.0750 3612 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:14:04.0750 3612 rdpdr - ok
21:14:04.0781 3612 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:14:04.0781 3612 RDPWD - ok
21:14:04.0812 3612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:14:04.0812 3612 redbook - ok
21:14:04.0859 3612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:14:04.0875 3612 Secdrv - ok
21:14:04.0906 3612 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:14:04.0921 3612 senfilt - ok
21:14:04.0984 3612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:14:05.0015 3612 serenum - ok
21:14:05.0015 3612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:14:05.0015 3612 Serial - ok
21:14:05.0062 3612 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
21:14:05.0062 3612 SFAUDIO - ok
21:14:05.0078 3612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:14:05.0078 3612 Sfloppy - ok
21:14:05.0078 3612 Simbad - ok
21:14:05.0109 3612 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:14:05.0109 3612 sisagp - ok
21:14:05.0140 3612 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:14:05.0171 3612 SLIP - ok
21:14:05.0203 3612 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
21:14:05.0203 3612 smwdm - ok
21:14:05.0250 3612 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:14:05.0250 3612 Sparrow - ok
21:14:05.0265 3612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:14:05.0281 3612 splitter - ok
21:14:05.0328 3612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:14:05.0328 3612 sr - ok
21:14:05.0359 3612 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
21:14:05.0359 3612 Srv - ok
21:14:05.0390 3612 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:14:05.0406 3612 streamip - ok
21:14:05.0437 3612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:14:05.0437 3612 swenum - ok
21:14:05.0484 3612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:14:05.0484 3612 swmidi - ok
21:14:05.0515 3612 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:14:05.0515 3612 symc810 - ok
21:14:05.0531 3612 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:14:05.0531 3612 symc8xx - ok
21:14:05.0546 3612 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:14:05.0546 3612 sym_hi - ok
21:14:05.0578 3612 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:14:05.0578 3612 sym_u3 - ok
21:14:05.0609 3612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:14:05.0609 3612 sysaudio - ok
21:14:05.0656 3612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:14:05.0671 3612 Tcpip - ok
21:14:05.0703 3612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:14:05.0703 3612 TDPIPE - ok
21:14:05.0703 3612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:14:05.0703 3612 TDTCP - ok
21:14:05.0734 3612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:14:05.0734 3612 TermDD - ok
21:14:05.0750 3612 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:14:05.0750 3612 TosIde - ok
21:14:05.0796 3612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:14:05.0796 3612 Udfs - ok
21:14:05.0828 3612 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:14:05.0828 3612 ultra - ok
21:14:05.0843 3612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:14:05.0859 3612 Update - ok
21:14:05.0875 3612 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:14:05.0890 3612 USBAAPL - ok
21:14:05.0937 3612 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:14:05.0937 3612 usbaudio - ok
21:14:05.0984 3612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:14:06.0000 3612 usbccgp - ok
21:14:06.0031 3612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:14:06.0031 3612 usbehci - ok
21:14:06.0062 3612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:14:06.0062 3612 usbhub - ok
21:14:06.0093 3612 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:14:06.0093 3612 usbprint - ok
21:14:06.0125 3612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:14:06.0125 3612 usbscan - ok
21:14:06.0156 3612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:14:06.0156 3612 USBSTOR - ok
21:14:06.0187 3612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:14:06.0187 3612 usbuhci - ok
21:14:06.0218 3612 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:14:06.0218 3612 usbvideo - ok
21:14:06.0250 3612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:14:06.0250 3612 VgaSave - ok
21:14:06.0281 3612 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:14:06.0281 3612 viaagp - ok
21:14:06.0296 3612 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:14:06.0296 3612 ViaIde - ok
21:14:06.0312 3612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:14:06.0312 3612 VolSnap - ok
21:14:06.0343 3612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:14:06.0359 3612 Wanarp - ok
21:14:06.0359 3612 WDICA - ok
21:14:06.0390 3612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:14:06.0406 3612 wdmaud - ok
21:14:06.0453 3612 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:14:06.0453 3612 WmiAcpi - ok
21:14:06.0500 3612 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:14:06.0500 3612 WSTCODEC - ok
21:14:06.0531 3612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:14:06.0531 3612 WudfPf - ok
21:14:06.0531 3612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:14:06.0531 3612 WudfRd - ok
21:14:06.0562 3612 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:14:06.0765 3612 \Device\Harddisk0\DR0 - ok
21:14:06.0765 3612 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR3
21:14:06.0765 3612 \Device\Harddisk1\DR3 - ok
21:14:06.0765 3612 Boot (0x1200) (bbbcf019c993a4afd9dad1248e9d2c04) \Device\Harddisk0\DR0\Partition0
21:14:06.0765 3612 \Device\Harddisk0\DR0\Partition0 - ok
21:14:06.0781 3612 Boot (0x1200) (336c4b7d02cdc292bb14a7a8bb24840f) \Device\Harddisk1\DR3\Partition0
21:14:06.0781 3612 \Device\Harddisk1\DR3\Partition0 - ok
21:14:06.0781 3612 ============================================================
21:14:06.0781 3612 Scan finished
21:14:06.0781 3612 ============================================================
21:14:06.0796 2272 Detected object count: 0
21:14:06.0796 2272 Actual detected object count: 0

#6 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 25 November 2011 - 09:29 PM

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#7 User is offline   pamz 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 24-November 11

Posted 25 November 2011 - 11:11 PM

aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-25 22:13:10
-----------------------------
22:13:10.671 OS Version: Windows 5.1.2600 Service Pack 3
22:13:10.671 Number of processors: 2 586 0x170A
22:13:10.671 ComputerName: WW-8G2V1P1 UserName: lehr0e3
22:13:13.250 Initialize success
22:16:08.640 AVAST engine defs: 11112501
22:46:04.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:46:04.140 Disk 0 Vendor: SAMSUNG_HD161GJ 1AC01122 Size: 152587MB BusType: 3
22:46:06.156 Disk 0 MBR read successfully
22:46:06.156 Disk 0 MBR scan
22:46:06.187 Disk 0 Windows XP default MBR code
22:46:06.187 Disk 0 scanning sectors +312496380
22:46:06.281 Disk 0 scanning C:\WINDOWS\system32\drivers
22:46:14.453 Service scanning
22:46:15.000 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
22:46:15.000 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
22:46:15.000 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
22:46:15.000 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:46:15.640 Modules scanning
22:46:35.046 Disk 0 trace - called modules:
22:46:35.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
22:46:35.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b291ab8]
22:46:35.062 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b25ad98]
22:46:35.406 AVAST engine scan C:\WINDOWS
22:46:43.078 AVAST engine scan C:\WINDOWS\system32
22:47:52.921 AVAST engine scan C:\WINDOWS\system32\drivers
22:48:01.343 AVAST engine scan C:\Documents and Settings\lehr0e3
22:53:34.703 AVAST engine scan C:\Documents and Settings\All Users
22:59:25.546 Scan finished successfully
23:09:26.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\lehr0e3\Desktop\MBR.dat"
23:09:26.468 The log file has been saved successfully to "C:\Documents and Settings\lehr0e3\Desktop\aswMBR.txt"

#8 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 25 November 2011 - 11:17 PM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#9 User is offline   pamz 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 24-November 11

Posted 03 December 2011 - 06:00 AM

I have completed the steps in the guide and have started my topic in malware removal.

#10 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 03 December 2011 - 11:35 AM

Cool :)
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#11 User is online   Orange Blossom 

  • OBleepin Investigator
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 29,827
  • Joined: 14-July 06
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 03 December 2011 - 12:43 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic430512.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users