Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect / Crashes


  • This topic is locked This topic is locked
22 replies to this topic

#1 CBooth523

CBooth523

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Eastern NC
  • Local time:02:33 PM

Posted 27 September 2011 - 04:41 PM

Hello! I'm new to this site, but I am really frustrated with a computer I just purchased. I have no idea where things came from but I am being redirected every time I click something in Google. Also, my computer has the "blue screen of death" with physical memory dumps about 3 or 4 times a day. The computer is only a couple months old and there really isn't a lot on it. Norton and Malwarebytes aren't detecting anything. What can I do??

Edited by Budapest, 27 September 2011 - 04:58 PM.
Moved from Win7 ~Budapest


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:33 PM

Posted 27 September 2011 - 05:02 PM

Hi CBooth523,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

:step2: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button (the latest update as of this post is 7811)
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware

:step3: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


In your next reply, please include:
  • MiniToolBox log
  • Malwarebytes log
  • GMER log
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 CBooth523

CBooth523
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Eastern NC
  • Local time:02:33 PM

Posted 27 September 2011 - 11:23 PM

MiniToolBox by Farbar 
Ran by Booth Computer (administrator) on 27-09-2011 at 23:17:17
Windows 7 Home Premium  (X64)

***************************************************************************

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ============================== 

========================= Hosts content: =================================



========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : BoothComputer
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-6C-B0-AA-B1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : 68-A3-C4-44-F8-89
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e115:5f3f:14d0:ddc1%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, September 27, 2011 11:14:58 PM
   Lease Expires . . . . . . . . . . : Wednesday, September 28, 2011 11:14:58 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 191407044
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-19-42-5D-68-A3-C4-44-F8-89
   DNS Servers . . . . . . . . . . . : 66.76.227.40
                                       208.180.42.68
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1A31AF92-84B8-4914-9831-BF3B9B05E165}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A7A66E6E-083C-4F35-91E8-75947C9EA49E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.73.104] with 32 bytes of data:
Reply from 74.125.73.104: bytes=32 time=57ms TTL=51
Request timed out.

Ping statistics for 74.125.73.104:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 57ms, Maximum = 57ms, Average = 57ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 209.191.122.70:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...00 26 6c b0 aa b1 ......Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
 11...68 a3 c4 44 f8 89 ......Atheros AR9285 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.102     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.102    281
    192.168.1.102  255.255.255.255         On-link     192.168.1.102    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.102    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.102    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.102    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:4137:9e76:1c2a:1a4a:b491:c1b2/128
                                    On-link
 11    281 fe80::/64                On-link
 14    306 fe80::/64                On-link
 14    306 fe80::1c2a:1a4a:b491:c1b2/128
                                    On-link
 11    281 fe80::e115:5f3f:14d0:ddc1/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/27/2011 11:15:29 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/27/2011 06:02:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 561650

Error: (09/27/2011 06:02:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 561650

Error: (09/27/2011 06:02:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2011 06:02:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 546050

Error: (09/27/2011 06:02:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 546050

Error: (09/27/2011 06:02:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2011 06:02:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 530450

Error: (09/27/2011 06:02:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 530450

Error: (09/27/2011 06:02:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/27/2011 11:15:30 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (09/27/2011 11:14:57 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: 
%%183

Error: (09/27/2011 11:14:57 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error: 
%%183

Error: (09/27/2011 11:15:01 PM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000003, 0xfffffa8003046060, 0xfffff80003fc8518, 0xfffffa8004562c60)C:\windows\MEMORY.DMP092711-16785-01

Error: (09/27/2011 11:14:52 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:52:41 PM on ?9/?27/?2011 was unexpected.

Error: (09/27/2011 05:29:24 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (09/27/2011 05:28:50 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: 
%%183

Error: (09/27/2011 05:28:50 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error: 
%%183

Error: (09/27/2011 05:28:48 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:27:47 PM on ?9/?27/?2011 was unexpected.

Error: (09/27/2011 05:11:27 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.


Microsoft Office Sessions:
=========================
Error: (09/27/2011 11:15:29 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/27/2011 06:02:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 561650

Error: (09/27/2011 06:02:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 561650

Error: (09/27/2011 06:02:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2011 06:02:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 546050

Error: (09/27/2011 06:02:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 546050

Error: (09/27/2011 06:02:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2011 06:02:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 530450

Error: (09/27/2011 06:02:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 530450

Error: (09/27/2011 06:02:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Reader 9.3 (Version: 9.3.0)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
Atheros Driver Installation Program (Version: 5.2)
ATI Catalyst Install Manager (Version: 3.0.765.0)
BearShare (Version: 9.0.0.99482)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Big Fish Games: Game Manager (Version: 3.0.0.271)
Bonjour (Version: 3.0.0.2)
Build-a-lot 2 (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full Existing (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full New (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Light (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Common (Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0315.1050.17562)
Catalyst Control Center InstallProxy (Version: 2010.0315.1050.17562)
Catalyst Control Center Localization All (Version: 2010.0315.1050.17562)
ccc-core-static (Version: 2010.0315.1050.17562)
ccc-utility64 (Version: 2010.0315.1050.17562)
CCC Help Chinese Standard (Version: 2010.0315.1049.17562)
CCC Help Chinese Traditional (Version: 2010.0315.1049.17562)
CCC Help Czech (Version: 2010.0315.1049.17562)
CCC Help Danish (Version: 2010.0315.1049.17562)
CCC Help Dutch (Version: 2010.0315.1049.17562)
CCC Help English (Version: 2010.0315.1049.17562)
CCC Help Finnish (Version: 2010.0315.1049.17562)
CCC Help French (Version: 2010.0315.1049.17562)
CCC Help German (Version: 2010.0315.1049.17562)
CCC Help Greek (Version: 2010.0315.1049.17562)
CCC Help Hungarian (Version: 2010.0315.1049.17562)
CCC Help Italian (Version: 2010.0315.1049.17562)
CCC Help Japanese (Version: 2010.0315.1049.17562)
CCC Help Korean (Version: 2010.0315.1049.17562)
CCC Help Norwegian (Version: 2010.0315.1049.17562)
CCC Help Polish (Version: 2010.0315.1049.17562)
CCC Help Portuguese (Version: 2010.0315.1049.17562)
CCC Help Russian (Version: 2010.0315.1049.17562)
CCC Help Spanish (Version: 2010.0315.1049.17562)
CCC Help Swedish (Version: 2010.0315.1049.17562)
CCC Help Thai (Version: 2010.0315.1049.17562)
CCC Help Turkish (Version: 2010.0315.1049.17562)
Chuzzle Deluxe (Version: 2.2.0.95)
Conexant HD Audio (Version: 4.119.0.61)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Fairway Solitaire
FATE (Version: 2.2.0.95)
Google Chrome (Version: 14.0.835.186)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.69)
iTunes (Version: 10.4.0.80)
Java(TM) 6 Update 17 (Version: 6.0.170)
Jewel Quest - Heritage (Version: 2.2.0.95)
Junk Mail filter update (Version: 14.0.8117.416)
jZip
Label@Once 1.0 (Version: 1.0)
Mahjongg Artifacts
Malwarebytes' Anti-Malware version 1.51.0.1200 (Version: 1.51.0.1200)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
MSVCRT (Version: 14.0.1468.721)
NOOK for PC (Version: 2.5.5.8763)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.95)
Quickbooks Financial Center (Version: 2.02)
QuickTime (Version: 7.69.80.9)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Skype Launcher (Version: 2.01)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toshiba App Place (Version: 1.0.2.0)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 3.00.11)
Toshiba Book Place (Version: 2.0.3977.0)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA Hardware Setup (Version: 2.00.06)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Laptop Checkup (Version: 2.0.3.198)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.5.10)
Toshiba Online Backup (Version: 2.0.0.24)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Supervisor Password (Version: 2.00.03)
TOSHIBA Value Added Package (Version: 1.3.3.64)
ToshibaRegistration (Version: 1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2583935)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games (Version: 1.0.1.3)
WildTangent ORB Game Console
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Xvid Video Codec (Version: 1.3.1)
Zuma's Revenge (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 2810.9 MB
Available physical RAM: 1538.98 MB
Total Pagefile: 5619.94 MB
Available Pagefile: 4193.78 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.29 MB

========================= Partitions: =====================================

1 Drive c: (TI105948W0D) (Fixed) (Total:287.46 GB) (Free:242.52 GB) NTFS

========================= Users: ========================================

User accounts for \\BOOTHCOMPUTER

Administrator            Booth Computer           Guest                    


**** End of log ****

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7811

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/27/2011 11:31:22 PM
mbam-log-2011-09-27 (23-31-22).txt

Scan type: Quick scan
Objects scanned: 200457
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\Users\booth computer\AppData\Roaming\Owvy\riowi.exe (Trojan.Agent) -> 3096 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{A8CBE5BF-06B2-AD40-F7B6-69D8E3424AC5} (Trojan.Agent) -> Value: {A8CBE5BF-06B2-AD40-F7B6-69D8E3424AC5} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\booth computer\AppData\Roaming\Owvy\riowi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\booth computer\downloads\xvidsetup(1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\booth computer\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

The GMER log was completely empty with a pop-up that said "GMER cannot find any system modifications".

Also, when I ran the MiniToolBox, I received an error twice during the process that said "The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll"

As of right now, I am still getting redirected every time I try to click on a result in Google search. I haven't had a memory dump yet, but that usually happens when the computer is trying to go to sleep :(

Please let me know if you need anything else to help you help me.
Please let me know if you need anything else.

#4 CBooth523

CBooth523
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Eastern NC
  • Local time:02:33 PM

Posted 28 September 2011 - 06:53 AM

I have used Norton Anti-Virus and done a complete scan which turned up a virus,resolved it and didn't work. Is Norton not good enough??

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:33 PM

Posted 28 September 2011 - 07:42 AM

Hi CBooth523,

I have used Norton Anti-Virus and done a complete scan which turned up a virus,resolved it and didn't work. Is Norton not good enough??

Did you just install Norton? It's not in your list of programs.

Are you redirected in both Internet Explorer and Mozilla Firefox?

:step1: Please carefully follow the steps in the following guide:

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller If you have previously downloaded TDSSkiller, please download a new version, as it is updated often.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 CBooth523

CBooth523
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Eastern NC
  • Local time:02:33 PM

Posted 28 September 2011 - 07:52 AM

I installed Norton two nights ago, and now I can't find it. I ran a scan and it caught like 111 tracking cookies and 2 viruses. But like I said, its no longer on my computer.

I am more concerned with the computer crashing than anything. It hasn't done it since I ran all that stuff for you yesterday, but I don't understand why Norton is no longer on my computer. It has done this probably 4 times now. I run the scan and then it disappears.

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:33 PM

Posted 28 September 2011 - 07:54 AM

The infections may have disabled Norton. Please continue with my instructions from my previous post.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 CBooth523

CBooth523
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Eastern NC
  • Local time:02:33 PM

Posted 28 September 2011 - 07:56 AM

TDSSKiller found no threats.

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:33 PM

Posted 28 September 2011 - 08:15 AM

CBooth523,

Please post the TDSSkiller log anyway.

You didn't answer my previous question: Are you redirected in both Internet Explorer and Mozilla Firefox?

Edited by jntkwx, 28 September 2011 - 08:15 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 CBooth523

CBooth523
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Eastern NC
  • Local time:02:33 PM

Posted 28 September 2011 - 08:23 AM

08:54:59.0582 3452	TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
08:54:59.0894 3452	============================================================
08:54:59.0894 3452	Current date / time: 2011/09/28 08:54:59.0894
08:54:59.0894 3452	SystemInfo:
08:54:59.0894 3452	
08:54:59.0894 3452	OS Version: 6.1.7600 ServicePack: 0.0
08:54:59.0894 3452	Product type: Workstation
08:54:59.0894 3452	ComputerName: BOOTHCOMPUTER
08:54:59.0894 3452	UserName: Booth Computer
08:54:59.0894 3452	Windows directory: C:\windows
08:54:59.0894 3452	System windows directory: C:\windows
08:54:59.0894 3452	Running under WOW64
08:54:59.0894 3452	Processor architecture: Intel x64
08:54:59.0894 3452	Number of processors: 2
08:54:59.0894 3452	Page size: 0x1000
08:54:59.0894 3452	Boot type: Normal boot
08:54:59.0894 3452	============================================================
08:55:01.0267 3452	Initialize success
08:55:10.0471 0972	============================================================
08:55:10.0471 0972	Scan started
08:55:10.0471 0972	Mode: Manual; 
08:55:10.0471 0972	============================================================
08:55:11.0501 0972	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
08:55:11.0501 0972	1394ohci - ok
08:55:11.0610 0972	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
08:55:11.0610 0972	ACPI - ok
08:55:11.0703 0972	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
08:55:11.0703 0972	AcpiPmi - ok
08:55:11.0844 0972	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
08:55:11.0844 0972	adp94xx - ok
08:55:11.0953 0972	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
08:55:11.0953 0972	adpahci - ok
08:55:12.0078 0972	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
08:55:12.0078 0972	adpu320 - ok
08:55:12.0218 0972	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
08:55:12.0234 0972	AFD - ok
08:55:12.0374 0972	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
08:55:12.0374 0972	agp440 - ok
08:55:12.0530 0972	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
08:55:12.0530 0972	aliide - ok
08:55:12.0639 0972	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
08:55:12.0639 0972	amdide - ok
08:55:12.0764 0972	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
08:55:12.0764 0972	AmdK8 - ok
08:55:13.0029 0972	amdkmdag        (aefaf27f1b7e52c705df4fb6c96732f6) C:\windows\system32\DRIVERS\atipmdag.sys
08:55:13.0170 0972	amdkmdag - ok
08:55:13.0310 0972	amdkmdap        (8149db73be27950ec72767a1193153a6) C:\windows\system32\DRIVERS\atikmpag.sys
08:55:13.0310 0972	amdkmdap - ok
08:55:13.0435 0972	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
08:55:13.0435 0972	AmdPPM - ok
08:55:13.0607 0972	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
08:55:13.0607 0972	amdsata - ok
08:55:14.0090 0972	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
08:55:14.0090 0972	amdsbs - ok
08:55:14.0246 0972	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
08:55:14.0246 0972	amdxata - ok
08:55:14.0418 0972	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
08:55:14.0418 0972	AppID - ok
08:55:14.0901 0972	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
08:55:14.0901 0972	arc - ok
08:55:14.0995 0972	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
08:55:14.0995 0972	arcsas - ok
08:55:15.0120 0972	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
08:55:15.0120 0972	AsyncMac - ok
08:55:15.0198 0972	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
08:55:15.0198 0972	atapi - ok
08:55:15.0354 0972	athr            (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
08:55:15.0369 0972	athr - ok
08:55:15.0494 0972	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
08:55:15.0510 0972	AtiPcie - ok
08:55:15.0635 0972	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
08:55:15.0635 0972	b06bdrv - ok
08:55:15.0744 0972	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
08:55:15.0759 0972	b57nd60a - ok
08:55:15.0869 0972	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
08:55:15.0869 0972	Beep - ok
08:55:16.0009 0972	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
08:55:16.0009 0972	blbdrive - ok
08:55:16.0118 0972	bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
08:55:16.0134 0972	bowser - ok
08:55:16.0243 0972	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:55:16.0243 0972	BrFiltLo - ok
08:55:16.0321 0972	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:55:16.0321 0972	BrFiltUp - ok
08:55:16.0415 0972	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
08:55:16.0430 0972	Brserid - ok
08:55:16.0633 0972	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
08:55:16.0633 0972	BrSerWdm - ok
08:55:16.0727 0972	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
08:55:16.0727 0972	BrUsbMdm - ok
08:55:16.0805 0972	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
08:55:16.0805 0972	BrUsbSer - ok
08:55:16.0914 0972	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
08:55:16.0914 0972	BTHMODEM - ok
08:55:17.0007 0972	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
08:55:17.0007 0972	cdfs - ok
08:55:17.0148 0972	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
08:55:17.0148 0972	cdrom - ok
08:55:17.0288 0972	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
08:55:17.0288 0972	circlass - ok
08:55:17.0366 0972	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
08:55:17.0366 0972	CLFS - ok
08:55:17.0507 0972	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
08:55:17.0507 0972	CmBatt - ok
08:55:17.0631 0972	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
08:55:17.0631 0972	cmdide - ok
08:55:17.0725 0972	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
08:55:17.0725 0972	CNG - ok
08:55:17.0850 0972	CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
08:55:17.0865 0972	CnxtHdAudService - ok
08:55:17.0975 0972	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
08:55:17.0975 0972	Compbatt - ok
08:55:18.0084 0972	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
08:55:18.0084 0972	CompositeBus - ok
08:55:18.0209 0972	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
08:55:18.0209 0972	crcdisk - ok
08:55:18.0349 0972	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
08:55:18.0349 0972	DfsC - ok
08:55:18.0474 0972	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
08:55:18.0474 0972	discache - ok
08:55:18.0614 0972	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
08:55:18.0614 0972	Disk - ok
08:55:18.0739 0972	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
08:55:18.0739 0972	drmkaud - ok
08:55:18.0864 0972	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
08:55:18.0879 0972	DXGKrnl - ok
08:55:19.0082 0972	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
08:55:19.0160 0972	ebdrv - ok
08:55:19.0332 0972	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
08:55:19.0332 0972	elxstor - ok
08:55:19.0441 0972	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
08:55:19.0441 0972	ErrDev - ok
08:55:19.0566 0972	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
08:55:19.0566 0972	exfat - ok
08:55:19.0644 0972	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
08:55:19.0659 0972	fastfat - ok
08:55:19.0753 0972	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
08:55:19.0753 0972	fdc - ok
08:55:19.0878 0972	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
08:55:19.0878 0972	FileInfo - ok
08:55:19.0956 0972	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
08:55:19.0956 0972	Filetrace - ok
08:55:20.0049 0972	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
08:55:20.0049 0972	flpydisk - ok
08:55:20.0174 0972	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
08:55:20.0174 0972	FltMgr - ok
08:55:20.0268 0972	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
08:55:20.0283 0972	FsDepends - ok
08:55:20.0361 0972	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
08:55:20.0361 0972	Fs_Rec - ok
08:55:20.0502 0972	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
08:55:20.0517 0972	fvevol - ok
08:55:20.0642 0972	FwLnk           (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
08:55:20.0642 0972	FwLnk - ok
08:55:20.0751 0972	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
08:55:20.0751 0972	gagp30kx - ok
08:55:20.0876 0972	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
08:55:20.0876 0972	GEARAspiWDM - ok
08:55:21.0017 0972	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
08:55:21.0032 0972	hcw85cir - ok
08:55:21.0173 0972	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
08:55:21.0173 0972	HdAudAddService - ok
08:55:21.0313 0972	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
08:55:21.0313 0972	HDAudBus - ok
08:55:21.0407 0972	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
08:55:21.0407 0972	HidBatt - ok
08:55:21.0500 0972	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
08:55:21.0500 0972	HidBth - ok
08:55:21.0594 0972	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
08:55:21.0594 0972	HidIr - ok
08:55:21.0703 0972	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
08:55:21.0719 0972	HidUsb - ok
08:55:21.0843 0972	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
08:55:21.0843 0972	HpSAMD - ok
08:55:21.0984 0972	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
08:55:21.0984 0972	HTTP - ok
08:55:22.0077 0972	hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
08:55:22.0077 0972	hwpolicy - ok
08:55:22.0202 0972	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
08:55:22.0202 0972	i8042prt - ok
08:55:22.0311 0972	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
08:55:22.0311 0972	iaStorV - ok
08:55:22.0436 0972	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
08:55:22.0436 0972	iirsp - ok
08:55:22.0561 0972	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
08:55:22.0561 0972	intelide - ok
08:55:22.0639 0972	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
08:55:22.0639 0972	intelppm - ok
08:55:22.0717 0972	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:55:22.0717 0972	IpFilterDriver - ok
08:55:22.0795 0972	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
08:55:22.0795 0972	IPMIDRV - ok
08:55:22.0873 0972	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
08:55:22.0873 0972	IPNAT - ok
08:55:22.0998 0972	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
08:55:22.0998 0972	IRENUM - ok
08:55:23.0123 0972	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
08:55:23.0123 0972	isapnp - ok
08:55:23.0216 0972	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
08:55:23.0216 0972	iScsiPrt - ok
08:55:23.0325 0972	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
08:55:23.0325 0972	kbdclass - ok
08:55:23.0466 0972	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
08:55:23.0466 0972	kbdhid - ok
08:55:23.0544 0972	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
08:55:23.0559 0972	KSecDD - ok
08:55:23.0637 0972	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
08:55:23.0637 0972	KSecPkg - ok
08:55:23.0762 0972	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
08:55:23.0762 0972	ksthunk - ok
08:55:23.0887 0972	L1C             (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys
08:55:23.0887 0972	L1C - ok
08:55:24.0043 0972	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
08:55:24.0043 0972	lltdio - ok
08:55:24.0183 0972	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
08:55:24.0183 0972	LSI_FC - ok
08:55:24.0293 0972	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
08:55:24.0308 0972	LSI_SAS - ok
08:55:24.0417 0972	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:55:24.0433 0972	LSI_SAS2 - ok
08:55:24.0558 0972	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:55:24.0558 0972	LSI_SCSI - ok
08:55:24.0667 0972	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
08:55:24.0667 0972	luafv - ok
08:55:24.0792 0972	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
08:55:24.0792 0972	megasas - ok
08:55:24.0917 0972	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
08:55:24.0932 0972	MegaSR - ok
08:55:25.0010 0972	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
08:55:25.0010 0972	Modem - ok
08:55:25.0104 0972	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
08:55:25.0104 0972	monitor - ok
08:55:25.0213 0972	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
08:55:25.0229 0972	mouclass - ok
08:55:25.0338 0972	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
08:55:25.0338 0972	mouhid - ok
08:55:25.0431 0972	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
08:55:25.0431 0972	mountmgr - ok
08:55:25.0509 0972	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
08:55:25.0509 0972	mpio - ok
08:55:25.0603 0972	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
08:55:25.0603 0972	mpsdrv - ok
08:55:25.0681 0972	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
08:55:25.0681 0972	MRxDAV - ok
08:55:25.0775 0972	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
08:55:25.0790 0972	mrxsmb - ok
08:55:25.0868 0972	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:55:25.0868 0972	mrxsmb10 - ok
08:55:25.0946 0972	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:55:25.0946 0972	mrxsmb20 - ok
08:55:26.0024 0972	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
08:55:26.0024 0972	msahci - ok
08:55:26.0133 0972	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
08:55:26.0133 0972	msdsm - ok
08:55:26.0258 0972	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
08:55:26.0258 0972	Msfs - ok
08:55:26.0383 0972	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
08:55:26.0383 0972	mshidkmdf - ok
08:55:26.0477 0972	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
08:55:26.0477 0972	msisadrv - ok
08:55:26.0633 0972	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
08:55:26.0633 0972	MSKSSRV - ok
08:55:26.0773 0972	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
08:55:26.0773 0972	MSPCLOCK - ok
08:55:26.0867 0972	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
08:55:26.0867 0972	MSPQM - ok
08:55:26.0960 0972	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
08:55:26.0960 0972	MsRPC - ok
08:55:27.0038 0972	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
08:55:27.0054 0972	mssmbios - ok
08:55:27.0163 0972	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
08:55:27.0163 0972	MSTEE - ok
08:55:27.0241 0972	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
08:55:27.0241 0972	MTConfig - ok
08:55:27.0350 0972	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
08:55:27.0350 0972	Mup - ok
08:55:27.0491 0972	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
08:55:27.0506 0972	NativeWifiP - ok
08:55:27.0631 0972	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
08:55:27.0647 0972	NDIS - ok
08:55:27.0771 0972	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
08:55:27.0771 0972	NdisCap - ok
08:55:27.0881 0972	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
08:55:27.0881 0972	NdisTapi - ok
08:55:28.0021 0972	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
08:55:28.0021 0972	Ndisuio - ok
08:55:28.0099 0972	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
08:55:28.0099 0972	NdisWan - ok
08:55:28.0177 0972	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
08:55:28.0193 0972	NDProxy - ok
08:55:28.0271 0972	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
08:55:28.0271 0972	NetBIOS - ok
08:55:28.0364 0972	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
08:55:28.0364 0972	NetBT - ok
08:55:28.0505 0972	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
08:55:28.0505 0972	nfrd960 - ok
08:55:28.0614 0972	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
08:55:28.0614 0972	Npfs - ok
08:55:28.0739 0972	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
08:55:28.0739 0972	nsiproxy - ok
08:55:28.0848 0972	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
08:55:28.0863 0972	Ntfs - ok
08:55:28.0941 0972	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
08:55:28.0957 0972	Null - ok
08:55:29.0066 0972	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
08:55:29.0066 0972	nvraid - ok
08:55:29.0191 0972	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
08:55:29.0191 0972	nvstor - ok
08:55:29.0300 0972	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
08:55:29.0300 0972	nv_agp - ok
08:55:29.0394 0972	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
08:55:29.0394 0972	ohci1394 - ok
08:55:29.0534 0972	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
08:55:29.0534 0972	Parport - ok
08:55:29.0612 0972	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
08:55:29.0612 0972	partmgr - ok
08:55:29.0753 0972	pci             (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
08:55:29.0753 0972	pci - ok
08:55:29.0831 0972	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
08:55:29.0846 0972	pciide - ok
08:55:29.0924 0972	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
08:55:29.0940 0972	pcmcia - ok
08:55:30.0018 0972	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
08:55:30.0049 0972	pcw - ok
08:55:30.0143 0972	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
08:55:30.0158 0972	PEAUTH - ok
08:55:30.0330 0972	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
08:55:30.0330 0972	PptpMiniport - ok
08:55:30.0423 0972	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
08:55:30.0423 0972	Processor - ok
08:55:30.0548 0972	Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
08:55:30.0548 0972	Psched - ok
08:55:30.0704 0972	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
08:55:30.0720 0972	ql2300 - ok
08:55:30.0829 0972	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
08:55:30.0845 0972	ql40xx - ok
08:55:30.0938 0972	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
08:55:30.0938 0972	QWAVEdrv - ok
08:55:31.0016 0972	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
08:55:31.0016 0972	RasAcd - ok
08:55:31.0141 0972	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
08:55:31.0157 0972	RasAgileVpn - ok
08:55:31.0281 0972	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
08:55:31.0281 0972	Rasl2tp - ok
08:55:31.0391 0972	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
08:55:31.0391 0972	RasPppoe - ok
08:55:31.0515 0972	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
08:55:31.0515 0972	RasSstp - ok
08:55:31.0609 0972	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
08:55:31.0609 0972	rdbss - ok
08:55:31.0703 0972	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
08:55:31.0703 0972	rdpbus - ok
08:55:31.0781 0972	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
08:55:31.0781 0972	RDPCDD - ok
08:55:31.0921 0972	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
08:55:31.0921 0972	RDPENCDD - ok
08:55:31.0999 0972	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
08:55:31.0999 0972	RDPREFMP - ok
08:55:32.0077 0972	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
08:55:32.0093 0972	RDPWD - ok
08:55:32.0202 0972	rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
08:55:32.0217 0972	rdyboost - ok
08:55:32.0342 0972	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
08:55:32.0342 0972	rspndr - ok
08:55:32.0451 0972	RSUSBSTOR       (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
08:55:32.0467 0972	RSUSBSTOR - ok
08:55:32.0561 0972	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
08:55:32.0561 0972	sbp2port - ok
08:55:32.0670 0972	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
08:55:32.0670 0972	scfilter - ok
08:55:32.0795 0972	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
08:55:32.0795 0972	secdrv - ok
08:55:32.0904 0972	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
08:55:32.0904 0972	Serenum - ok
08:55:33.0029 0972	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
08:55:33.0029 0972	Serial - ok
08:55:33.0107 0972	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
08:55:33.0107 0972	sermouse - ok
08:55:33.0200 0972	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
08:55:33.0200 0972	sffdisk - ok
08:55:33.0294 0972	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
08:55:33.0294 0972	sffp_mmc - ok
08:55:33.0372 0972	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
08:55:33.0372 0972	sffp_sd - ok
08:55:33.0450 0972	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
08:55:33.0450 0972	sfloppy - ok
08:55:33.0590 0972	Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
08:55:33.0606 0972	Sftfs - ok
08:55:33.0731 0972	Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
08:55:33.0731 0972	Sftplay - ok
08:55:33.0855 0972	Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
08:55:33.0855 0972	Sftredir - ok
08:55:33.0949 0972	Sftvol          (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
08:55:33.0949 0972	Sftvol - ok
08:55:34.0043 0972	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:55:34.0043 0972	SiSRaid2 - ok
08:55:34.0121 0972	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
08:55:34.0121 0972	SiSRaid4 - ok
08:55:34.0230 0972	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
08:55:34.0245 0972	Smb - ok
08:55:34.0370 0972	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
08:55:34.0370 0972	spldr - ok
08:55:34.0479 0972	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
08:55:34.0479 0972	srv - ok
08:55:34.0573 0972	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
08:55:34.0573 0972	srv2 - ok
08:55:34.0651 0972	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
08:55:34.0667 0972	srvnet - ok
08:55:34.0776 0972	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
08:55:34.0776 0972	stexstor - ok
08:55:34.0901 0972	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
08:55:34.0901 0972	swenum - ok
08:55:35.0025 0972	SynTP           (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
08:55:35.0025 0972	SynTP - ok
08:55:35.0197 0972	Tcpip           (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
08:55:35.0213 0972	Tcpip - ok
08:55:35.0384 0972	TCPIP6          (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
08:55:35.0384 0972	TCPIP6 - ok
08:55:35.0478 0972	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
08:55:35.0478 0972	tcpipreg - ok
08:55:35.0587 0972	tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
08:55:35.0587 0972	tdcmdpst - ok
08:55:35.0681 0972	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
08:55:35.0681 0972	TDPIPE - ok
08:55:35.0759 0972	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
08:55:35.0759 0972	TDTCP - ok
08:55:35.0868 0972	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
08:55:35.0868 0972	tdx - ok
08:55:35.0961 0972	TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
08:55:35.0961 0972	TermDD - ok
08:55:36.0164 0972	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
08:55:36.0164 0972	tssecsrv - ok
08:55:36.0305 0972	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
08:55:36.0305 0972	tunnel - ok
08:55:36.0414 0972	TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
08:55:36.0414 0972	TVALZ - ok
08:55:36.0507 0972	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
08:55:36.0507 0972	uagp35 - ok
08:55:36.0632 0972	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
08:55:36.0632 0972	udfs - ok
08:55:36.0741 0972	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
08:55:36.0741 0972	uliagpkx - ok
08:55:36.0866 0972	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
08:55:36.0866 0972	umbus - ok
08:55:36.0975 0972	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
08:55:36.0975 0972	UmPass - ok
08:55:37.0053 0972	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\drivers\usbccgp.sys
08:55:37.0053 0972	usbccgp - ok
08:55:37.0131 0972	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
08:55:37.0147 0972	usbcir - ok
08:55:37.0225 0972	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
08:55:37.0225 0972	usbehci - ok
08:55:37.0350 0972	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
08:55:37.0350 0972	usbhub - ok
08:55:37.0428 0972	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\DRIVERS\usbohci.sys
08:55:37.0428 0972	usbohci - ok
08:55:37.0506 0972	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
08:55:37.0506 0972	usbprint - ok
08:55:37.0584 0972	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:55:37.0584 0972	USBSTOR - ok
08:55:37.0662 0972	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
08:55:37.0662 0972	usbuhci - ok
08:55:37.0740 0972	usbvideo        (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys
08:55:37.0740 0972	usbvideo - ok
08:55:37.0833 0972	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
08:55:37.0849 0972	vdrvroot - ok
08:55:37.0958 0972	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
08:55:37.0974 0972	vga - ok
08:55:38.0036 0972	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
08:55:38.0036 0972	VgaSave - ok
08:55:38.0130 0972	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
08:55:38.0130 0972	vhdmp - ok
08:55:38.0192 0972	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
08:55:38.0208 0972	viaide - ok
08:55:38.0270 0972	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
08:55:38.0270 0972	volmgr - ok
08:55:38.0364 0972	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
08:55:38.0364 0972	volmgrx - ok
08:55:38.0473 0972	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
08:55:38.0489 0972	volsnap - ok
08:55:38.0613 0972	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
08:55:38.0613 0972	vsmraid - ok
08:55:38.0723 0972	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
08:55:38.0723 0972	vwifibus - ok
08:55:38.0832 0972	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
08:55:38.0847 0972	vwififlt - ok
08:55:38.0910 0972	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
08:55:38.0925 0972	WacomPen - ok
08:55:39.0035 0972	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
08:55:39.0035 0972	WANARP - ok
08:55:39.0050 0972	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
08:55:39.0050 0972	Wanarpv6 - ok
08:55:39.0159 0972	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
08:55:39.0159 0972	Wd - ok
08:55:39.0253 0972	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
08:55:39.0253 0972	Wdf01000 - ok
08:55:39.0393 0972	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
08:55:39.0393 0972	WfpLwf - ok
08:55:39.0471 0972	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
08:55:39.0471 0972	WIMMount - ok
08:55:39.0612 0972	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
08:55:39.0612 0972	WmiAcpi - ok
08:55:39.0737 0972	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
08:55:39.0737 0972	ws2ifsl - ok
08:55:39.0830 0972	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
08:55:39.0830 0972	WudfPf - ok
08:55:39.0955 0972	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
08:55:39.0955 0972	WUDFRd - ok
08:55:40.0017 0972	MBR (0x1B8)     (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
08:55:40.0033 0972	\Device\Harddisk0\DR0 - ok
08:55:40.0049 0972	Boot (0x1200)   (8f97caf375b2b0afa027714d70a14a3a) \Device\Harddisk0\DR0\Partition0
08:55:40.0049 0972	\Device\Harddisk0\DR0\Partition0 - ok
08:55:40.0049 0972	============================================================
08:55:40.0049 0972	Scan finished
08:55:40.0049 0972	============================================================
08:55:40.0064 4200	Detected object count: 0
08:55:40.0064 4200	Actual detected object count: 0

And yes, it does it in both Mozilla and Internet Explorer.

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:33 PM

Posted 28 September 2011 - 08:24 AM

Hi CBooth523,

Let's reset your router....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 CBooth523

CBooth523
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Eastern NC
  • Local time:02:33 PM

Posted 28 September 2011 - 08:29 AM

I'm sorry, but I can't find the Start>Run that you are talking about.

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:33 PM

Posted 28 September 2011 - 08:29 AM

There isn't a Run option in Vista or 7, just type into the Search box at the bottom of the Start menu.

Edited by jntkwx, 28 September 2011 - 08:30 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 CBooth523

CBooth523
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Eastern NC
  • Local time:02:33 PM

Posted 28 September 2011 - 08:32 AM

When I type in ipconfig /registerdns I get a response of "The requested operation requires elevation". Is that normal?

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:33 PM

Posted 28 September 2011 - 08:36 AM

Hi CBooth523,

That's normal if you don't run cmd as Administrator. Please carefully read and follow my instructions:

1. Click on the Start menu
2. In the search box, type in cmd. In Vista and Windows 7, while holding CTRL, and SHIFT, press Enter (this starts the command prompt, cmd, as Administrator. Another way to start the command prompt as Administrator is to right click on cmd, listed under programs after you search for it, right click on it, and click on Run As Administrator.)

3. In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users