Google keeps redirecting

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages
←
1
2
3
4
→

You cannot start a new topic
This topic is locked

Google keeps redirecting Do not know how to remove it

#31 Kristal08

Member

Group: Members
Posts: 26
Joined: 19-December 11

Posted 29 January 2012 - 04:51 PM

Microsoft Windows [Version 6.0.6001]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>bcdedit /enum all >log.log

C:\Windows\system32>
C:\Windows\system32>
C:\Windows\system32>

Hi all it seems to produce is this...it doesn't scan anything,i've tried it several times but nothing happens

#32 RPMcMurphy

Bleeping *^#@%~

Group: Malware Response Team
Posts: 2,398
Joined: 16-May 10
Gender:Male

Posted 29 January 2012 - 09:07 PM

Kristal08:

We need to try another bootable CD.

1. Please download the following: gparted-live-0.10.0-3.iso (115 MB)

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

2. Now, please boot off of the newly created GParted CD. See How to Set BIOS to Boot from CDROM for information on how to boot from the CD.

You should arrive to the following screen:

Press the ENTER key

By default, "do not touch keymap" is highlighted. Leave this setting alone and press the ENTER key.

Next, choose your language and press the ENTER key. English is the default setting [33]

Once again, at this prompt, press the ENTER key.

You will now be taken to the main GUI screen below

Please take a picture of this screen (camera or phone pictures will work just fine), and post it here for me to see.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may

#33 Kristal08

Member

Group: Members
Posts: 26
Joined: 19-December 11

Posted 05 February 2012 - 10:16 AM

Hi, again this doesn't work...i downloaded the file on the CD but when changing the booting from the CD or the USB the same thing is happening. I have told you before that the option of choosing the USB or CDROM isn't available for me so i can't do this

#34 RPMcMurphy

Bleeping *^#@%~

Group: Malware Response Team
Posts: 2,398
Joined: 16-May 10
Gender:Male

Posted 05 February 2012 - 11:10 AM

Reboot pressing F10 as the PC powers up, which should bring up an 'Edit Boot Options' screen.
If it shows either of the following, hit backspace to remove them, leaving only the /noexecute=optin, then press Enter to continue.

[ /NOEXECUTE=OPTIN /MININT
[ /NOEXECUTE=OPTIN IN/MINT

Let me know if the /MININT entries were present and if you were able to remove them.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may

#35 RPMcMurphy

Bleeping *^#@%~

Group: Malware Response Team
Posts: 2,398
Joined: 16-May 10
Gender:Male

Posted 12 February 2012 - 10:36 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may

#36 RPMcMurphy

Bleeping *^#@%~

Group: Malware Response Team
Posts: 2,398
Joined: 16-May 10
Gender:Male

Posted 15 February 2012 - 05:27 PM

This topic has been re-opened at the request of the person who originally posted.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may

#37 RPMcMurphy

Bleeping *^#@%~

Group: Malware Response Team
Posts: 2,398
Joined: 16-May 10
Gender:Male

Posted 15 February 2012 - 05:31 PM

Delete any existing copies of TDSSKiller and download an new copy HERE. Extract TDSSKiller.exe to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
Post that log, please.

Please include the following in your next post:

TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may

#38 Kristal08

Member

Group: Members
Posts: 26
Joined: 19-December 11

Posted 16 February 2012 - 09:36 AM

14:29:59.0206 3876 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
14:29:59.0685 3876 ============================================================
14:29:59.0686 3876 Current date / time: 2012/02/16 14:29:59.0685
14:29:59.0686 3876 SystemInfo:
14:29:59.0686 3876
14:29:59.0686 3876 OS Version: 6.0.6001 ServicePack: 1.0
14:29:59.0686 3876 Product type: Workstation
14:29:59.0687 3876 ComputerName: ACER2009-PC
14:29:59.0687 3876 UserName: Acer 2009
14:29:59.0687 3876 Windows directory: C:\Windows
14:29:59.0687 3876 System windows directory: C:\Windows
14:29:59.0687 3876 Processor architecture: Intel x86
14:29:59.0687 3876 Number of processors: 1
14:29:59.0687 3876 Page size: 0x1000
14:29:59.0687 3876 Boot type: Normal boot
14:29:59.0687 3876 ============================================================
14:30:01.0115 3876 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:30:01.0143 3876 \Device\Harddisk0\DR0:
14:30:01.0143 3876 MBR used
14:30:01.0143 3876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x176D000, BlocksNum 0x3F07000
14:30:01.0143 3876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5674000, BlocksNum 0x3E9B000
14:30:01.0269 3876 Initialize success
14:30:01.0269 3876 ============================================================
14:30:19.0852 3368 ============================================================
14:30:19.0852 3368 Scan started
14:30:19.0852 3368 Mode: Manual; TDLFS;
14:30:19.0852 3368 ============================================================
14:30:21.0154 3368 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
14:30:21.0160 3368 ACPI - ok
14:30:21.0265 3368 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:30:21.0275 3368 adp94xx - ok
14:30:21.0351 3368 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:30:21.0358 3368 adpahci - ok
14:30:21.0468 3368 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:30:21.0471 3368 adpu160m - ok
14:30:21.0513 3368 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:30:21.0517 3368 adpu320 - ok
14:30:21.0641 3368 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
14:30:21.0647 3368 AFD - ok
14:30:21.0843 3368 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys
14:30:21.0867 3368 AgereSoftModem - ok
14:30:22.0011 3368 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:30:22.0013 3368 agp440 - ok
14:30:22.0076 3368 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:30:22.0078 3368 aic78xx - ok
14:30:22.0126 3368 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:30:22.0127 3368 aliide - ok
14:30:22.0235 3368 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:30:22.0237 3368 amdagp - ok
14:30:22.0296 3368 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:30:22.0297 3368 amdide - ok
14:30:22.0348 3368 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:30:22.0350 3368 AmdK7 - ok
14:30:22.0424 3368 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:30:22.0427 3368 AmdK8 - ok
14:30:22.0543 3368 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:30:22.0546 3368 arc - ok
14:30:22.0994 3368 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:30:22.0997 3368 arcsas - ok
14:30:23.0129 3368 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:30:23.0131 3368 AsyncMac - ok
14:30:23.0230 3368 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
14:30:23.0230 3368 atapi - ok
14:30:23.0403 3368 athr (d5abeb24a3a3138b35f88931fb04e100) C:\Windows\system32\DRIVERS\athr.sys
14:30:23.0423 3368 athr - ok
14:30:23.0673 3368 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:30:23.0677 3368 b57nd60x - ok
14:30:23.0924 3368 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:30:23.0924 3368 Beep - ok
14:30:24.0169 3368 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:30:24.0170 3368 blbdrive - ok
14:30:24.0348 3368 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
14:30:24.0350 3368 bowser - ok
14:30:24.0443 3368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:30:24.0454 3368 BrFiltLo - ok
14:30:24.0484 3368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:30:24.0486 3368 BrFiltUp - ok
14:30:24.0596 3368 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:30:24.0599 3368 Brserid - ok
14:30:24.0713 3368 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:30:24.0715 3368 BrSerWdm - ok
14:30:24.0764 3368 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:30:24.0765 3368 BrUsbMdm - ok
14:30:24.0839 3368 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:30:24.0840 3368 BrUsbSer - ok
14:30:24.0933 3368 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
14:30:24.0935 3368 BthEnum - ok
14:30:24.0996 3368 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
14:30:24.0998 3368 BTHMODEM - ok
14:30:25.0110 3368 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
14:30:25.0113 3368 BthPan - ok
14:30:25.0231 3368 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
14:30:25.0240 3368 BTHPORT - ok
14:30:25.0386 3368 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
14:30:25.0387 3368 BTHUSB - ok
14:30:25.0522 3368 catchme - ok
14:30:25.0668 3368 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:30:25.0670 3368 cdfs - ok
14:30:25.0744 3368 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
14:30:25.0748 3368 cdrom - ok
14:30:25.0881 3368 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:30:25.0882 3368 circlass - ok
14:30:25.0941 3368 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
14:30:25.0947 3368 CLFS - ok
14:30:26.0099 3368 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:30:26.0100 3368 CmBatt - ok
14:30:26.0152 3368 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:30:26.0153 3368 cmdide - ok
14:30:26.0195 3368 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:30:26.0197 3368 Compbatt - ok
14:30:26.0228 3368 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:30:26.0230 3368 crcdisk - ok
14:30:26.0272 3368 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:30:26.0276 3368 Crusoe - ok
14:30:26.0462 3368 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
14:30:26.0476 3368 DfsC - ok
14:30:26.0664 3368 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
14:30:26.0665 3368 DgiVecp - ok
14:30:26.0785 3368 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
14:30:26.0787 3368 disk - ok
14:30:26.0891 3368 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
14:30:26.0892 3368 DKbFltr - ok
14:30:26.0995 3368 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
14:30:26.0997 3368 DritekPortIO - ok
14:30:27.0138 3368 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:30:27.0140 3368 drmkaud - ok
14:30:27.0226 3368 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
14:30:27.0240 3368 DXGKrnl - ok
14:30:27.0406 3368 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:30:27.0409 3368 E1G60 - ok
14:30:27.0577 3368 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
14:30:27.0580 3368 Ecache - ok
14:30:27.0756 3368 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:30:27.0764 3368 elxstor - ok
14:30:27.0929 3368 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:30:27.0930 3368 ErrDev - ok
14:30:28.0087 3368 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
14:30:28.0091 3368 exfat - ok
14:30:28.0189 3368 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
14:30:28.0195 3368 fastfat - ok
14:30:28.0259 3368 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:30:28.0261 3368 fdc - ok
14:30:28.0309 3368 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:30:28.0311 3368 FileInfo - ok
14:30:28.0413 3368 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:30:28.0415 3368 Filetrace - ok
14:30:28.0466 3368 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:30:28.0468 3368 flpydisk - ok
14:30:28.0513 3368 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
14:30:28.0517 3368 FltMgr - ok
14:30:28.0565 3368 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:30:28.0566 3368 Fs_Rec - ok
14:30:28.0680 3368 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:30:28.0682 3368 gagp30kx - ok
14:30:28.0894 3368 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:30:28.0899 3368 HdAudAddService - ok
14:30:28.0999 3368 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:30:29.0000 3368 HDAudBus - ok
14:30:29.0075 3368 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:30:29.0077 3368 HidBth - ok
14:30:29.0155 3368 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:30:29.0157 3368 HidIr - ok
14:30:29.0227 3368 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
14:30:29.0228 3368 HidUsb - ok
14:30:29.0331 3368 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:30:29.0333 3368 HpCISSs - ok
14:30:29.0428 3368 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:30:29.0433 3368 HSFHWAZL - ok
14:30:29.0575 3368 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:30:29.0599 3368 HSF_DPV - ok
14:30:29.0726 3368 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:30:29.0733 3368 HSXHWAZL - ok
14:30:29.0815 3368 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
14:30:29.0824 3368 HTTP - ok
14:30:29.0937 3368 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:30:29.0939 3368 i2omp - ok
14:30:30.0009 3368 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:30:30.0010 3368 i8042prt - ok
14:30:30.0136 3368 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:30:30.0142 3368 iaStorV - ok
14:30:30.0323 3368 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:30:30.0372 3368 igfx - ok
14:30:30.0502 3368 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:30:30.0503 3368 iirsp - ok
14:30:30.0663 3368 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
14:30:30.0664 3368 int15 - ok
14:30:30.0868 3368 IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys
14:30:30.0911 3368 IntcAzAudAddService - ok
14:30:31.0047 3368 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:30:31.0048 3368 intelide - ok
14:30:31.0093 3368 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:30:31.0095 3368 intelppm - ok
14:30:31.0163 3368 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:30:31.0165 3368 IpFilterDriver - ok
14:30:31.0267 3368 IpInIp - ok
14:30:31.0389 3368 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:30:31.0393 3368 IPMIDRV - ok
14:30:31.0450 3368 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:30:31.0453 3368 IPNAT - ok
14:30:31.0492 3368 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:30:31.0493 3368 IRENUM - ok
14:30:31.0530 3368 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:30:31.0532 3368 isapnp - ok
14:30:31.0650 3368 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
14:30:31.0655 3368 iScsiPrt - ok
14:30:31.0742 3368 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:30:31.0744 3368 iteatapi - ok
14:30:31.0828 3368 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:30:31.0829 3368 iteraid - ok
14:30:31.0900 3368 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:30:31.0904 3368 kbdclass - ok
14:30:31.0953 3368 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
14:30:31.0955 3368 kbdhid - ok
14:30:32.0065 3368 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
14:30:32.0075 3368 KSecDD - ok
14:30:32.0225 3368 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:30:32.0227 3368 lltdio - ok
14:30:32.0326 3368 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:30:32.0329 3368 LSI_FC - ok
14:30:32.0368 3368 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:30:32.0371 3368 LSI_SAS - ok
14:30:32.0474 3368 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:30:32.0477 3368 LSI_SCSI - ok
14:30:32.0552 3368 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:30:32.0554 3368 luafv - ok
14:30:32.0591 3368 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:30:32.0593 3368 mdmxsdk - ok
14:30:32.0716 3368 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:30:32.0719 3368 megasas - ok
14:30:32.0810 3368 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:30:32.0818 3368 MegaSR - ok
14:30:32.0960 3368 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
14:30:32.0962 3368 mferkdk - ok
14:30:33.0191 3368 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
14:30:33.0193 3368 mfesmfk - ok
14:30:33.0314 3368 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:30:33.0315 3368 Modem - ok
14:30:33.0397 3368 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:30:33.0399 3368 monitor - ok
14:30:33.0443 3368 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:30:33.0444 3368 mouclass - ok
14:30:33.0480 3368 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:30:33.0482 3368 mouhid - ok
14:30:33.0583 3368 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:30:33.0586 3368 MountMgr - ok
14:30:33.0652 3368 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:30:33.0655 3368 mpio - ok
14:30:33.0695 3368 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:30:33.0698 3368 mpsdrv - ok
14:30:33.0795 3368 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:30:33.0796 3368 Mraid35x - ok
14:30:33.0867 3368 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
14:30:33.0870 3368 MRxDAV - ok
14:30:33.0925 3368 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:30:33.0928 3368 mrxsmb - ok
14:30:34.0034 3368 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:30:34.0040 3368 mrxsmb10 - ok
14:30:34.0122 3368 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:30:34.0124 3368 mrxsmb20 - ok
14:30:34.0224 3368 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:30:34.0226 3368 msahci - ok
14:30:34.0304 3368 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:30:34.0307 3368 msdsm - ok
14:30:34.0361 3368 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:30:34.0363 3368 Msfs - ok
14:30:34.0483 3368 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:30:34.0484 3368 msisadrv - ok
14:30:34.0583 3368 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:30:34.0584 3368 MSKSSRV - ok
14:30:34.0617 3368 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:30:34.0619 3368 MSPCLOCK - ok
14:30:34.0722 3368 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:30:34.0723 3368 MSPQM - ok
14:30:34.0795 3368 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
14:30:34.0802 3368 MsRPC - ok
14:30:34.0842 3368 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:30:34.0843 3368 mssmbios - ok
14:30:34.0958 3368 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:30:34.0959 3368 MSTEE - ok
14:30:35.0030 3368 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
14:30:35.0032 3368 Mup - ok
14:30:35.0113 3368 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
14:30:35.0117 3368 NativeWifiP - ok
14:30:35.0247 3368 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
14:30:35.0260 3368 NDIS - ok
14:30:35.0402 3368 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:30:35.0403 3368 NdisTapi - ok
14:30:35.0487 3368 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:30:35.0488 3368 Ndisuio - ok
14:30:35.0523 3368 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
14:30:35.0526 3368 NdisWan - ok
14:30:35.0556 3368 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:30:35.0558 3368 NDProxy - ok
14:30:35.0688 3368 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:30:35.0690 3368 NetBIOS - ok
14:30:35.0763 3368 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
14:30:35.0767 3368 netbt - ok
14:30:35.0824 3368 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:30:35.0825 3368 nfrd960 - ok
14:30:35.0858 3368 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
14:30:35.0859 3368 Npfs - ok
14:30:35.0898 3368 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:30:35.0902 3368 nsiproxy - ok
14:30:36.0035 3368 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
14:30:36.0058 3368 Ntfs - ok
14:30:36.0209 3368 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
14:30:36.0210 3368 NTIDrvr - ok
14:30:36.0299 3368 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:30:36.0300 3368 ntrigdigi - ok
14:30:36.0326 3368 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:30:36.0327 3368 Null - ok
14:30:36.0368 3368 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:30:36.0371 3368 nvraid - ok
14:30:36.0472 3368 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:30:36.0474 3368 nvstor - ok
14:30:36.0560 3368 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:30:36.0563 3368 nv_agp - ok
14:30:36.0587 3368 NwlnkFlt - ok
14:30:36.0614 3368 NwlnkFwd - ok
14:30:36.0646 3368 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:30:36.0648 3368 ohci1394 - ok
14:30:36.0757 3368 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:30:36.0759 3368 Parport - ok
14:30:36.0840 3368 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
14:30:36.0841 3368 partmgr - ok
14:30:36.0878 3368 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:30:36.0880 3368 Parvdm - ok
14:30:36.0945 3368 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
14:30:36.0949 3368 pci - ok
14:30:37.0053 3368 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:30:37.0055 3368 pciide - ok
14:30:37.0129 3368 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:30:37.0140 3368 pcmcia - ok
14:30:37.0283 3368 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:30:37.0302 3368 PEAUTH - ok
14:30:37.0524 3368 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:30:37.0526 3368 PptpMiniport - ok
14:30:37.0598 3368 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:30:37.0600 3368 Processor - ok
14:30:37.0737 3368 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
14:30:37.0738 3368 PSched - ok
14:30:37.0821 3368 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
14:30:37.0823 3368 PSDFilter - ok
14:30:37.0857 3368 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
14:30:37.0858 3368 PSDNServ - ok
14:30:37.0949 3368 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
14:30:37.0951 3368 psdvdisk - ok
14:30:38.0078 3368 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:30:38.0107 3368 ql2300 - ok
14:30:38.0336 3368 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:30:38.0339 3368 ql40xx - ok
14:30:38.0477 3368 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:30:38.0478 3368 QWAVEdrv - ok
14:30:38.0543 3368 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:30:38.0544 3368 RasAcd - ok
14:30:38.0594 3368 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:38.0596 3368 Rasl2tp - ok
14:30:38.0644 3368 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:38.0646 3368 RasPppoe - ok
14:30:38.0744 3368 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
14:30:38.0746 3368 RasSstp - ok
14:30:38.0825 3368 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
14:30:38.0831 3368 rdbss - ok
14:30:38.0870 3368 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:38.0872 3368 RDPCDD - ok
14:30:38.0982 3368 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:30:38.0988 3368 rdpdr - ok
14:30:39.0132 3368 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:30:39.0133 3368 RDPENCDD - ok
14:30:39.0224 3368 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
14:30:39.0229 3368 RDPWD - ok
14:30:39.0360 3368 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
14:30:39.0362 3368 RFCOMM - ok
14:30:39.0464 3368 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:30:39.0466 3368 rspndr - ok
14:30:39.0550 3368 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:30:39.0552 3368 SASDIFSV - ok
14:30:39.0575 3368 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:30:39.0579 3368 SASKUTIL - ok
14:30:39.0723 3368 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:30:39.0726 3368 sbp2port - ok
14:30:39.0835 3368 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:30:39.0836 3368 secdrv - ok
14:30:39.0885 3368 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:30:39.0886 3368 Serenum - ok
14:30:39.0988 3368 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:30:39.0991 3368 Serial - ok
14:30:40.0074 3368 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:30:40.0075 3368 sermouse - ok
14:30:40.0133 3368 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:30:40.0134 3368 sffdisk - ok
14:30:40.0227 3368 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:30:40.0229 3368 sffp_mmc - ok
14:30:40.0321 3368 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:30:40.0322 3368 sffp_sd - ok
14:30:40.0353 3368 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:30:40.0355 3368 sfloppy - ok
14:30:40.0466 3368 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:30:40.0468 3368 sisagp - ok
14:30:40.0539 3368 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:30:40.0542 3368 SiSRaid2 - ok
14:30:40.0591 3368 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:30:40.0593 3368 SiSRaid4 - ok
14:30:40.0703 3368 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
14:30:40.0706 3368 Smb - ok
14:30:40.0791 3368 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:30:40.0792 3368 spldr - ok
14:30:40.0953 3368 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
14:30:40.0969 3368 sptd - ok
14:30:41.0109 3368 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
14:30:41.0116 3368 srv - ok
14:30:41.0252 3368 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
14:30:41.0256 3368 srv2 - ok
14:30:41.0320 3368 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
14:30:41.0326 3368 srvnet - ok
14:30:41.0413 3368 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
14:30:41.0414 3368 SSPORT - ok
14:30:41.0502 3368 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:30:41.0503 3368 swenum - ok
14:30:41.0611 3368 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:30:41.0613 3368 Symc8xx - ok
14:30:41.0663 3368 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:30:41.0667 3368 Sym_hi - ok
14:30:41.0766 3368 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:30:41.0767 3368 Sym_u3 - ok
14:30:41.0861 3368 SynTP (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys
14:30:41.0866 3368 SynTP - ok
14:30:42.0019 3368 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
14:30:42.0038 3368 Tcpip - ok
14:30:42.0208 3368 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
14:30:42.0215 3368 Tcpip6 - ok
14:30:42.0356 3368 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
14:30:42.0357 3368 tcpipreg - ok
14:30:42.0445 3368 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:30:42.0446 3368 TDPIPE - ok
14:30:42.0487 3368 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:30:42.0489 3368 TDTCP - ok
14:30:42.0582 3368 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
14:30:42.0586 3368 tdx - ok
14:30:42.0663 3368 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
14:30:42.0668 3368 TermDD - ok
14:30:42.0735 3368 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:42.0737 3368 tssecsrv - ok
14:30:42.0853 3368 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:30:42.0854 3368 tunmp - ok
14:30:42.0945 3368 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
14:30:42.0946 3368 tunnel - ok
14:30:42.0986 3368 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:30:42.0989 3368 uagp35 - ok
14:30:43.0092 3368 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
14:30:43.0097 3368 udfs - ok
14:30:43.0212 3368 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:30:43.0214 3368 uliagpkx - ok
14:30:43.0257 3368 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:30:43.0263 3368 uliahci - ok
14:30:43.0647 3368 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:30:43.0650 3368 UlSata - ok
14:30:43.0802 3368 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:30:43.0805 3368 ulsata2 - ok
14:30:43.0875 3368 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:30:43.0877 3368 umbus - ok
14:30:43.0931 3368 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:30:43.0933 3368 usbccgp - ok
14:30:44.0026 3368 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:30:44.0029 3368 usbcir - ok
14:30:44.0117 3368 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
14:30:44.0121 3368 usbehci - ok
14:30:44.0165 3368 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
14:30:44.0172 3368 usbhub - ok
14:30:44.0286 3368 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:30:44.0287 3368 usbohci - ok
14:30:44.0382 3368 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:30:44.0383 3368 usbprint - ok
14:30:44.0490 3368 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:30:44.0492 3368 usbscan - ok
14:30:44.0571 3368 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:44.0573 3368 USBSTOR - ok
14:30:44.0634 3368 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:30:44.0636 3368 usbuhci - ok
14:30:44.0751 3368 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:30:44.0753 3368 vga - ok
14:30:44.0825 3368 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:30:44.0827 3368 VgaSave - ok
14:30:44.0869 3368 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:30:44.0871 3368 viaagp - ok
14:30:44.0970 3368 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:30:44.0972 3368 ViaC7 - ok
14:30:45.0040 3368 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:30:45.0042 3368 viaide - ok
14:30:45.0074 3368 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:30:45.0076 3368 volmgr - ok
14:30:45.0121 3368 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
14:30:45.0127 3368 volmgrx - ok
14:30:45.0260 3368 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
14:30:45.0266 3368 volsnap - ok
14:30:45.0353 3368 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:30:45.0357 3368 vsmraid - ok
14:30:45.0413 3368 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:30:45.0416 3368 WacomPen - ok
14:30:45.0537 3368 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:45.0539 3368 Wanarp - ok
14:30:45.0550 3368 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:45.0551 3368 Wanarpv6 - ok
14:30:45.0641 3368 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:30:45.0643 3368 Wd - ok
14:30:45.0694 3368 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:30:45.0706 3368 Wdf01000 - ok
14:30:45.0862 3368 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:30:45.0877 3368 winachsf - ok
14:30:46.0069 3368 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:30:46.0071 3368 WmiAcpi - ok
14:30:46.0203 3368 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:30:46.0205 3368 ws2ifsl - ok
14:30:46.0352 3368 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:30:46.0355 3368 WUDFRd - ok
14:30:46.0430 3368 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
14:30:46.0431 3368 XAudio - ok
14:30:46.0530 3368 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
14:30:46.0570 3368 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
14:30:46.0570 3368 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
14:30:46.0637 3368 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:30:46.0637 3368 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:30:46.0674 3368 Boot (0x1200) (1e59f49bfa987d01a678e7755a2584fd) \Device\Harddisk0\DR0\Partition0
14:30:46.0675 3368 \Device\Harddisk0\DR0\Partition0 - ok
14:30:46.0702 3368 Boot (0x1200) (245e1f5b8dc537c227d2020bbdb9c056) \Device\Harddisk0\DR0\Partition1
14:30:46.0704 3368 \Device\Harddisk0\DR0\Partition1 - ok
14:30:46.0708 3368 ============================================================
14:30:46.0708 3368 Scan finished
14:30:46.0708 3368 ============================================================
14:30:46.0731 3840 Detected object count: 2
14:30:46.0731 3840 Actual detected object count: 2
14:31:18.0747 3840 \Device\Harddisk0\DR0\# - copied to quarantine
14:31:18.0748 3840 \Device\Harddisk0\DR0 - copied to quarantine
14:31:18.0895 3840 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
14:31:18.0902 3840 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
14:31:18.0908 3840 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
14:31:18.0912 3840 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
14:31:18.0913 3840 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
14:31:18.0955 3840 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
14:31:19.0037 3840 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
14:31:19.0039 3840 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
14:31:19.0041 3840 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
14:31:19.0043 3840 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:31:19.0045 3840 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:31:19.0047 3840 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:31:19.0068 3840 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:31:19.0069 3840 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
14:31:19.0071 3840 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
14:31:19.0073 3840 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
14:31:19.0092 3840 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
14:31:19.0631 3840 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
14:31:19.0634 3840 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
14:31:19.0636 3840 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
14:31:19.0640 3840 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
14:31:19.0645 3840 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
14:31:19.0648 3840 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
14:31:19.0731 3840 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
14:31:19.0777 3840 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
14:31:19.0778 3840 \Device\Harddisk0\DR0 - ok
14:31:26.0794 3840 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
14:31:26.0797 3840 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:31:26.0798 3840 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:31:34.0392 2012 Deinitialize success

By the way do you want me to do the other thing by pressing f10 because i did do that and the /MININT entries were present i just didn't delete anything

This post has been edited by Kristal08: 16 February 2012 - 09:38 AM

#39 RPMcMurphy

Bleeping *^#@%~

Group: Malware Response Team
Posts: 2,398
Joined: 16-May 10
Gender:Male

Posted 16 February 2012 - 04:04 PM

That looks promising! Please do this:

Posted Image

Run ListParts again and post the log for me.

Posted Image

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Uncheck any entries from C:\System Volume Information or C:\Qoobox
Make sure that everything else is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Posted Image

Please go to here to run an online scan with ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click on Advanced Settings and ensure these options are ticked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan
Wait for the scan to finish
If any threats were found, click the 'List of found threats' , then click Export to text file....
Save it to your desktop, then please copy and paste that log as a reply to this topic.

Please include the following in your next post:

ListParts log
MBAM log
ESET log

How is the computer running now?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may

#40 Kristal08

Member

Group: Members
Posts: 26
Joined: 19-December 11

Posted 18 February 2012 - 10:34 AM

ListParts by Farbar
Ran by Acer 2009 on 18-02-2012 at 11:48:26
Windows Vista (X86)
Running From: C:\Users\Acer 2009\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83HWBMV9
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 66%
Total physical RAM: 1013.25 MB
Available physical RAM: 337.19 MB
Total Pagefile: 2290.84 MB
Available Pagefile: 1228.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.73 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:31.51 GB) (Free:4.63 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (DATA) (Fixed) (Total:31.3 GB) (Free:31.19 GB) NTFS
3 Drive e: (GParted-live) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 12 GB 32 KB
Partition 2 Primary 32 GB 12 GB
Partition 3 Primary 31 GB 43 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 32 GB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 31 GB Healthy

****** End Of Log ******

Malwarebyes

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.18.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Acer 2009 :: ACER2009-PC [administrator]

18/02/2012 11:57:18
mbam-log-2012-02-18 (11-57-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 280069
Time elapsed: 1 hour(s), 2 minute(s), 4 second(s)

Memory Processes Detected: 1
C:\Users\Acer 2009\AppData\Local\dplaysvr.exe (Trojan.FakeMS) -> 2940 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.FakeMS) -> Data: C:\Users\Acer 2009\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F47C1815-E123-497A-6219-29151A589D7F} (Trojan.Cryptbel.Gen) -> Data: "C:\Users\Acer 2009\AppData\Roaming\Giil\goev.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 12
C:\Users\Acer 2009\AppData\Local\dplaysvr.exe (Trojan.FakeMS) -> Delete on reboot.
C:\Users\Acer 2009\AppData\Roaming\Giil\goev.exe (Trojan.Cryptbel.Gen) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.02.2012_14.29.59\mbr0000\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.02.2012_14.29.59\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.02.2012_14.29.59\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.02.2012_14.29.59\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.02.2012_14.29.59\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.02.2012_14.29.59\mbr0000\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.02.2012_14.29.59\mbr0000\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.02.2012_14.29.59\mbr0000\tdlfs0000\tsk0020.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Acer 2009\AppData\Local\svc2dll.exe (Trojan.Cryptpin.Gen) -> Quarantined and deleted successfully.
C:\Users\Acer 2009\AppData\Local\temp\870B.tmp (Trojan.Cryptpin.Gen) -> Quarantined and deleted successfully.

(end)

C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application
C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application
C:\TDSSKiller_Quarantine\16.02.2012_14.29.59\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan
C:\Users\Acer 2009\AppData\Local\dplayx.dll a variant of Win32/Kryptik.ZHN trojan

So far the browsing problem seems to be fixed ^-^

#41 RPMcMurphy

Bleeping *^#@%~

Group: Malware Response Team
Posts: 2,398
Joined: 16-May 10
Gender:Male

Posted 18 February 2012 - 11:55 PM

ESET flagged your VeohWebPlayer because they considere it to be adware, it installs toolbars or has other unclear objectives. If you no longer want that apps, uninstall it via Control Panel > Programs > Uninstall a program. This will take care of the one detection that isn't already in quarantine:

Posted Image

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:Files
C:\Users\Acer 2009\AppData\Local\dplayx.dll
:Commands
[EmptyFlash]
[EmptyTemp]
[ResetHosts]
[Reboot]
```
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please include the following in your next post:

OTM log

Are there any remaining problems that we have not addressed?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may

#42 Kristal08

Member

Group: Members
Posts: 26
Joined: 19-December 11

Posted 19 February 2012 - 07:30 AM

All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\Users\Acer 2009\AppData\Local\dplayx.dll
C:\Users\Acer 2009\AppData\Local\dplayx.dll moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Acer 2009
->Flash cache emptied: 2045022 bytes

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 2.00 mb

[EMPTYTEMP]

User: Acer 2009
->Temp folder emptied: 187326284 bytes
->Temporary Internet Files folder emptied: 259507784 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2140766 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2638202 bytes
RecycleBin emptied: 125331 bytes

Total Files Cleaned = 431.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.19.0 log created on 02192012_120649

I do have another problem with the laptop, but it's only minor i don't mind if it doesn't get fixed. I can't remember when but while i was following your instructions something happened and now when i start my laptop a black screen with a message keeps showing saying:

Broadcom UNDI PXE-2.1 v10.0.9
Copyright © 2000-2006 Broadcom Corporation
Copyright © 1997-2000 Intel Corporation
All rights reserved.
PXE-E61: Media test failure, check cable
PXE-M0F: Existing Broadcom PXE ROM

By the way i have a new file called Qoobox which i remember you referring to it before...is it safe to delete that now or not

This post has been edited by Kristal08: 19 February 2012 - 09:06 AM

#43 RPMcMurphy

Bleeping *^#@%~

Group: Malware Response Team
Posts: 2,398
Joined: 16-May 10
Gender:Male

Posted 19 February 2012 - 11:48 AM

Your logs look good! That error message may be a result of trying to boot from the USB or CD - go back in and make sure one of those isn't trying to boot first. Now I have some very important cleanup for you to take care of:

Posted Image

Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image

Uninstall ComboFix

Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
Combofix /Uninstall

Delete the following tools along with any other logs you saved from our work:

DDS
GMER
MiniToolBox
MBRCheck
ListParts
xPUD
gparted
TDSSKiller

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

Restart any anti-malware programs that we disabled while we were cleaning your machine.
Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may

#44 Kristal08

Member

Group: Members
Posts: 26
Joined: 19-December 11

Posted 21 February 2012 - 04:13 PM

Everything is completely fixed...Thank You SO MUCH for helping me out and being so patient! ^-^

#45 RPMcMurphy

Bleeping *^#@%~

Group: Malware Response Team
Posts: 2,398
Joined: 16-May 10
Gender:Male

Posted 21 February 2012 - 05:29 PM

You're welcome, Kristal. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may