Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible google redirect virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 davcol46

davcol46

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 02 October 2011 - 05:34 AM

I am using Windows XP with Explorer 8 on an Acer Extensa 5620 using ESET NOD32 runtime and every week I would run SuperAntispyware to clean up spyware etc. I have not had any problems until a few weeks ago I picked up the 'Personal Shield Pro' virus and following instructions posted by grinier on your site I was able to remove this virus. My HOSTS file had not been corrupted and the proxy server box had not been altered. Rkill was downloaded on a second computer and ran ok but no process was 'killed'. Malwarebytes was downloaded and run, problem solved!
EXCEPT when I do a Google search results are listed ok but when selecting one I am redirected to a totally different site. If I copy and paste the URL all is ok. I am fairly sure this redirecting was not a problem prior to first encountering the Shield Pro virus, but...
I have run Malwarebytes, SuperAntispyware and ESET NOD32 full scans in both Normal and Safe mode with no infections/corruptions found.
I have read several other logs and advice and tried a few things I thought safe like getting rid of google add-ons but without success.
Where to from here?

BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:31 PM

Posted 02 October 2011 - 05:51 AM

Hello davcol46,

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Please uncheck the following settings that we do not want in our scan.
    • IAT/EAT
    • Drives/Partition other yhan Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


In your next reply, please copy/paste the contents of the following:
  • Security Checkup.txt
  • MiniToolBox Result.txt
  • gmer.log

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 03 October 2011 - 04:15 AM

Ratman,
I really appreciated your very prompt reply. I have followed your instructions, no surprises, logs follow as requested:

SECURITY CHECK - checkup.txt
Results of screen317's Security Check version 0.99.20
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET NOD32 Antivirus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````


MINITOOLBOX - result.txt
MiniToolBox by Farbar
Ran by Eve (administrator) on 03-10-2011 at 15:43:32
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : PJS-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet

Physical Address. . . . . . . . . : 00-16-D3-E2-7A-18

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.1.1.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.1.1.1

DHCP Server . . . . . . . . . . . : 10.1.1.1

DNS Servers . . . . . . . . . . . : 10.1.1.1

Lease Obtained. . . . . . . . . . : Monday, 3 October 2011 3:42:06 PM

Lease Expires . . . . . . . . . . : Wednesday, 5 October 2011 3:42:06 PM

Server: UnKnown
Address: 10.1.1.1

Name: google.com
Addresses: 74.125.237.16, 74.125.237.17, 74.125.237.20, 74.125.237.19
74.125.237.18



Pinging google.com [74.125.237.19] with 32 bytes of data:



Reply from 74.125.237.19: bytes=32 time=76ms TTL=57

Reply from 74.125.237.19: bytes=32 time=73ms TTL=57



Ping statistics for 74.125.237.19:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 73ms, Maximum = 76ms, Average = 74ms

Server: UnKnown
Address: 10.1.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 67.195.160.76
98.139.180.149



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=290ms TTL=50

Reply from 209.191.122.70: bytes=32 time=293ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 290ms, Maximum = 293ms, Average = 291ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 d3 e2 7a 18 ...... Broadcom NetLink ™ Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.4 20
10.1.1.0 255.255.255.0 10.1.1.4 10.1.1.4 20
10.1.1.4 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.1.1.4 10.1.1.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.1.1.4 10.1.1.4 20
255.255.255.255 255.255.255.255 10.1.1.4 10.1.1.4 1
Default Gateway: 10.1.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/25/2011 02:17:05 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (09/25/2011 02:17:05 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (09/25/2011 02:17:05 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (09/25/2011 02:17:05 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (09/28/2011 01:20:54 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/28/2011 11:20:12 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ehdrv
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (09/28/2011 11:19:14 AM) (Source: DCOM) (User: Eve)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/28/2011 11:19:14 AM) (Source: DCOM) (User: Eve)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/28/2011 11:18:57 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/28/2011 08:37:53 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/28/2011 07:19:15 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ehdrv
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (09/28/2011 07:17:59 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/27/2011 10:14:37 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference error message: The operation completed successfully.
.

Error: (09/27/2011 10:14:37 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acer Crystal Eye webcam (Version: 1.0.11)
Acer Crystal Eye webcam (Version: 5.7.28.500-1.0)
Acer eDataSecurity Management (Version: 2.0.4088)
Acer eDataSecurity Management 2.0.4088 (Version: 2.0.4088)
Acer eLock Management (Version: 2.1.4003)
Acer Empowering Technology (Version: 2.03.4001)
Acer eNet Management (Version: 2.05.4003)
Acer ePower Management (Version: 2.00.4002)
Acer ePresentation Management (Version: 2.00.4000)
Acer eSettings Management (Version: 2.03.4004)
Acer GridVista (Version: 2.68.622)
Acer ScreenSaver (Version: 3.11.20070525.1)
Adobe Reader X (10.1.1) (Version: 10.1.1)
AFPL Ghostscript 8.14
AFPL Ghostscript Fonts
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Broadcom Gigabit Integrated Controller (Version: 10.15.10)
Brother HL-3040CN (Version: 1.00)
BufferChm (Version: 53.0.13.000)
Canon CanoScan Toolbox 4.1
CCleaner (Version: 3.03)
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
DesignPro Business Cards SE (Version: 5.3.705)
Destinations (Version: 53.0.13.000)
DeviceFunctionQFolder (Version: 1.00.0000)
DeviceManagementQFolder (Version: 1.00.0000)
ESET NOD32 Antivirus (Version: 4.2.71.2)
eSupportQFolder (Version: 1.00.0000)
FileZilla Client 3.3.5.1 (Version: 3.3.5.1)
HP Deskjet 3900 series (Version: 5.0)
HP Imaging Device Functions 5.0 (Version: 5.0)
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.0 (Version: 5.0)
HPDeskjet3900Series (Version: 1.00.0000)
HPProductAssistant (Version: 53.0.13.000)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software (Version: 11.01.0.API)
IrfanView (remove only) (Version: 4.28)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.2.4)
jZip
Launch Manager
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Manual CanoScan 3000,3000F
mCore (Version: 9.03.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
mMHouse (Version: 9.03.0000)
mPfMgr (Version: 9.03.0000)
mProSafe (Version: 9.00.0000)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
mWlsSafe (Version: 9.00.0000)
Nerocode MySQL Client (remove only)
NTI Backup NOW! 4.7 (Version: 1.00.0000)
NTI CD & DVD-Maker (Version: 7)
NTI Shadow (Version: 3.7.6.31)
OmniPage SE (Version: 11.00.0001)
PageBreeze Free HTML Editor
PDFill Form Filler 3.0 with FREE PDF Writer and Tools (Version: 3.0)
PDFill PDF Writer
PowerDVD (Version: 7.0.2802.f)
QuickTime (Version: 7.70.80.34)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 5.10.0.5423)
RealUpgrade 1.1 (Version: 1.1.0)
SolutionCenter (Version: 50.0.152.000)
Status (Version: 53.0.13.000)
SUPERAntiSpyware Free Edition (Version: 3.9.0.1008)
Synaptics Pointing Device Driver (Version: 8.2.9.0)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0002)
TIPCI (Version: 2.00.0002)
TrayApp (Version: 53.0.13.000)
Ultr@VNC 1.0.0 RC11d - Win32 (Version: 1.00)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
WIDCOMM Bluetooth Software (Version: 5.1.0.3300)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 2038.36 MB
Available physical RAM: 1290.51 MB
Total Pagefile: 3932.66 MB
Available Pagefile: 3382.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.33 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:71.35 GB) (Free:43.76 GB) NTFS
2 Drive d: (ACERDATA) (Fixed) (Total:71.82 GB) (Free:67.06 GB) FAT32

========================= Users: ========================================

User accounts for \\PJS-PC

Administrator ASPNET Eve
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****


GMER.LOG
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-03 17:09:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0
Running: 0s1coeug.exe; Driver: C:\DOCUME~1\Eve\LOCALS~1\Temp\kxldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0x9E781610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0x9E781C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0x9E781730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0x9E7814B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0x9E781570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0x9E7816D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0x9E781790]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0x9E781690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0x9E781650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0x9E7817D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0x9E781510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0x9E781590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0x9E7814D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0x9E7815D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0x9E781750]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[184] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\program files\real\realplayer\update\realsched.exe[3536] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9ef1ce1
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9ef1ce1 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#4 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 03 October 2011 - 09:52 PM

Hi Ratman,
While we sort out this virus I have continued to use my laptop running ESET NOD32 as antivirus and Malwarebytes runtime.
I have just tested Google again with searches for two different unrelated topics and when choosing one of the results on each search I got the same redirection to http://com.au and Malwarebytes popped up with
'Successfully blocked access to a potentially malicious website: 67.29.139.153'
I don't know if this is helpful but thought I would let you know anyway.
I am in Perth, Western Australia and the time here is 10:51am Tuesday 4 October, sky is cloudy :)
davcol46

#5 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:31 PM

Posted 07 October 2011 - 12:10 PM

Hello davcol46,

Sorry for the delayed response.

Are you getting the redirects in Internet Explorer, Firefox or both?.

Could you please run another SuperAntiSpyware scan and post the log in your next reply.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Report tab.
  • Click the Scan button.
  • Check all seven boxes: Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, a logfile will open Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

In your next reply, please copy/paste the contents of the following:
  • RootRepeal Log
  • SuperAntiSpyware Log


How is your machine working now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#6 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 09 October 2011 - 04:44 AM

Ratman,
Nice work. I had not used Firefox before today but downloaded today and worked fine, redirect problem did not occur.
Ran the two tasks and problem now also resolved with Explorer!! Great stuff, thanks for your help.
Logs follow.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/09/2011 at 04:02 PM

Application Version : 5.0.1128

Core Rules Database Version : 7773
Trace Rules Database Version: 5585

Scan type : Complete Scan
Total Scan Time : 01:04:15

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 553
Memory threats detected : 0
Registry items scanned : 37384
Registry threats detected : 0
File items scanned : 39363
File threats detected : 3

Adware.Tracking Cookie
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\EVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3PAGTRC8.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\EVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3PAGTRC8.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\EVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3PAGTRC8.DEFAULT\COOKIES.SQLITE ]
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2011/10/09 16:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9750A000 Size: 815104 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x964B2000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e610

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796ec10

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e730

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e4b0

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e570

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e6d0

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e790

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e690

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e650

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e7d0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e510

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e590

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x97841640

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\ehdrv.sys" at address 0x9796e5d0

#7 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:31 PM

Posted 09 October 2011 - 06:38 PM

Hello davcol46,

I don't think I've actually cleaned this. The SAS scan clreared nothing significant and RootRepeal doesn't change anything, it only reads and reports!

I suggest we continue with the following:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Can you now run MiniToolBox again with these settings:

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

In your next reply, please copy/paste the contents of the following:
  • TDSSKiller Log
  • MiniToolBox Result.txt

How is your machine running now?



regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#8 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 09 October 2011 - 08:56 PM

Hi ratman,
You were right. While Firefox and explorer both worked fine last night when I rebooted this morning they are both now infected. I have run tdskiller and minitoolbox, logs follow:

09:44:17.0390 2860 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
09:44:18.0531 2860 ============================================================
09:44:18.0531 2860 Current date / time: 2011/10/10 09:44:18.0531
09:44:18.0531 2860 SystemInfo:
09:44:18.0531 2860
09:44:18.0531 2860 OS Version: 5.1.2600 ServicePack: 3.0
09:44:18.0531 2860 Product type: Workstation
09:44:18.0531 2860 ComputerName: PJS-PC
09:44:18.0531 2860 UserName: Eve
09:44:18.0531 2860 Windows directory: C:\WINDOWS
09:44:18.0531 2860 System windows directory: C:\WINDOWS
09:44:18.0531 2860 Processor architecture: Intel x86
09:44:18.0531 2860 Number of processors: 2
09:44:18.0531 2860 Page size: 0x1000
09:44:18.0531 2860 Boot type: Normal boot
09:44:18.0531 2860 ============================================================
09:44:19.0312 2860 Initialize success
09:44:42.0296 3024 ============================================================
09:44:42.0296 3024 Scan started
09:44:42.0296 3024 Mode: Manual;
09:44:42.0296 3024 ============================================================
09:44:42.0859 3024 Abiosdsk - ok
09:44:42.0921 3024 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:44:42.0984 3024 abp480n5 - ok
09:44:43.0015 3024 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:44:43.0109 3024 ACPI - ok
09:44:43.0125 3024 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:44:43.0171 3024 ACPIEC - ok
09:44:43.0187 3024 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:44:43.0250 3024 adpu160m - ok
09:44:43.0281 3024 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:44:43.0328 3024 aec - ok
09:44:43.0390 3024 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:44:43.0437 3024 AegisP - ok
09:44:43.0500 3024 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
09:44:43.0500 3024 AFD - ok
09:44:43.0515 3024 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:44:43.0515 3024 agp440 - ok
09:44:43.0531 3024 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:44:43.0531 3024 agpCPQ - ok
09:44:43.0546 3024 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:44:43.0593 3024 Aha154x - ok
09:44:43.0625 3024 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:44:43.0625 3024 aic78u2 - ok
09:44:43.0640 3024 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:44:43.0687 3024 aic78xx - ok
09:44:43.0703 3024 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:44:43.0765 3024 AliIde - ok
09:44:43.0765 3024 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:44:43.0828 3024 alim1541 - ok
09:44:43.0843 3024 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:44:43.0843 3024 amdagp - ok
09:44:43.0859 3024 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:44:43.0906 3024 amsint - ok
09:44:43.0953 3024 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:44:43.0953 3024 Arp1394 - ok
09:44:43.0968 3024 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:44:43.0968 3024 asc - ok
09:44:43.0984 3024 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:44:43.0984 3024 asc3350p - ok
09:44:44.0000 3024 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:44:44.0062 3024 asc3550 - ok
09:44:44.0109 3024 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:44:44.0109 3024 AsyncMac - ok
09:44:44.0125 3024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:44:44.0125 3024 atapi - ok
09:44:44.0140 3024 Atdisk - ok
09:44:44.0156 3024 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:44:44.0156 3024 Atmarpc - ok
09:44:44.0187 3024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:44:44.0234 3024 audstub - ok
09:44:44.0265 3024 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:44:44.0359 3024 b57w2k - ok
09:44:44.0390 3024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:44:44.0437 3024 Beep - ok
09:44:44.0515 3024 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
09:44:44.0578 3024 btaudio - ok
09:44:44.0625 3024 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
09:44:44.0718 3024 BTDriver - ok
09:44:44.0765 3024 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
09:44:44.0812 3024 BthEnum - ok
09:44:44.0843 3024 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
09:44:44.0890 3024 BthPan - ok
09:44:44.0937 3024 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
09:44:44.0953 3024 BTHPORT - ok
09:44:45.0000 3024 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
09:44:45.0000 3024 BTHUSB - ok
09:44:45.0078 3024 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:44:45.0187 3024 BTKRNL - ok
09:44:45.0218 3024 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
09:44:45.0281 3024 BTWDNDIS - ok
09:44:45.0296 3024 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
09:44:45.0343 3024 btwhid - ok
09:44:45.0375 3024 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
09:44:45.0375 3024 BTWUSB - ok
09:44:45.0406 3024 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:44:45.0453 3024 cbidf - ok
09:44:45.0468 3024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:44:45.0468 3024 cbidf2k - ok
09:44:45.0500 3024 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:44:45.0546 3024 CCDECODE - ok
09:44:45.0562 3024 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:44:45.0562 3024 cd20xrnt - ok
09:44:45.0593 3024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:44:45.0640 3024 Cdaudio - ok
09:44:45.0656 3024 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:44:45.0703 3024 Cdfs - ok
09:44:45.0734 3024 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:44:45.0781 3024 Cdrom - ok
09:44:45.0796 3024 Changer - ok
09:44:45.0843 3024 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:44:45.0843 3024 CmBatt - ok
09:44:45.0859 3024 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:44:45.0906 3024 CmdIde - ok
09:44:45.0921 3024 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:44:45.0921 3024 Compbatt - ok
09:44:45.0953 3024 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:44:46.0000 3024 Cpqarray - ok
09:44:46.0015 3024 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:44:46.0078 3024 dac2w2k - ok
09:44:46.0093 3024 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:44:46.0140 3024 dac960nt - ok
09:44:46.0187 3024 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:44:46.0234 3024 Disk - ok
09:44:46.0265 3024 DKbFltr (060db81dfb79c8244eb65d10b6c7873f) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
09:44:46.0265 3024 DKbFltr - ok
09:44:46.0343 3024 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:44:46.0343 3024 dmboot - ok
09:44:46.0375 3024 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:44:46.0375 3024 dmio - ok
09:44:46.0390 3024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:44:46.0437 3024 dmload - ok
09:44:46.0484 3024 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:44:46.0500 3024 DMusic - ok
09:44:46.0515 3024 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:44:46.0515 3024 dpti2o - ok
09:44:46.0531 3024 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:44:46.0578 3024 drmkaud - ok
09:44:46.0609 3024 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
09:44:46.0656 3024 eamon - ok
09:44:46.0734 3024 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
09:44:46.0796 3024 ehdrv - ok
09:44:46.0843 3024 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
09:44:46.0843 3024 epfwtdir - ok
09:44:46.0875 3024 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
09:44:46.0875 3024 EpmPsd - ok
09:44:46.0890 3024 EpmShd (2d0c4a7077f6c68449479f5444c580a7) C:\WINDOWS\system32\drivers\epm-shd.sys
09:44:46.0890 3024 EpmShd - ok
09:44:46.0937 3024 eRootDrv (766c6bf944ff1aef4ada3682667d7572) C:\WINDOWS\system32\DRIVERS\eRootDrv.sys
09:44:46.0984 3024 eRootDrv - ok
09:44:47.0046 3024 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:44:47.0093 3024 Fastfat - ok
09:44:47.0125 3024 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:44:47.0171 3024 Fdc - ok
09:44:47.0218 3024 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
09:44:47.0218 3024 FETNDIS - ok
09:44:47.0234 3024 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:44:47.0281 3024 Fips - ok
09:44:47.0343 3024 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:44:47.0390 3024 Flpydisk - ok
09:44:47.0406 3024 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:44:47.0468 3024 FltMgr - ok
09:44:47.0484 3024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:44:47.0531 3024 Fs_Rec - ok
09:44:47.0546 3024 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:44:47.0562 3024 Ftdisk - ok
09:44:47.0578 3024 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
09:44:47.0625 3024 gagp30kx - ok
09:44:47.0656 3024 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:44:47.0703 3024 Gpc - ok
09:44:47.0734 3024 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:44:47.0781 3024 HDAudBus - ok
09:44:47.0843 3024 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:44:47.0890 3024 HidUsb - ok
09:44:47.0906 3024 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:44:47.0906 3024 hpn - ok
09:44:47.0968 3024 HSFHWAZL (7d33d2b81bd8b4bc51b536b113295d51) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:44:47.0968 3024 HSFHWAZL - ok
09:44:48.0015 3024 HSF_DPV (fb6ad8a16e22c91d5978b26e0300a331) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:44:48.0031 3024 HSF_DPV - ok
09:44:48.0078 3024 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:44:48.0093 3024 HTTP - ok
09:44:48.0109 3024 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:44:48.0156 3024 i2omgmt - ok
09:44:48.0171 3024 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:44:48.0218 3024 i2omp - ok
09:44:48.0234 3024 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:44:48.0234 3024 i8042prt - ok
09:44:48.0515 3024 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:44:48.0593 3024 ialm - ok
09:44:48.0640 3024 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:44:48.0640 3024 iaStor - ok
09:44:48.0703 3024 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:44:48.0750 3024 Imapi - ok
09:44:48.0765 3024 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:44:48.0765 3024 ini910u - ok
09:44:48.0828 3024 int15 (f8f75594c17fe7bce1b4045bb7199868) C:\WINDOWS\system32\drivers\int15.sys
09:44:48.0828 3024 int15 - ok
09:44:48.0921 3024 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
09:44:48.0921 3024 int15.sys - ok
09:44:49.0156 3024 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:44:49.0218 3024 IntcAzAudAddService - ok
09:44:49.0234 3024 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:44:49.0234 3024 IntelIde - ok
09:44:49.0281 3024 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:44:49.0281 3024 intelppm - ok
09:44:49.0328 3024 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:44:49.0421 3024 Ip6Fw - ok
09:44:49.0453 3024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:44:49.0546 3024 IpFilterDriver - ok
09:44:49.0578 3024 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:44:49.0578 3024 IpInIp - ok
09:44:49.0609 3024 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:44:49.0656 3024 IpNat - ok
09:44:49.0703 3024 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:44:49.0703 3024 IPSec - ok
09:44:49.0750 3024 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
09:44:49.0796 3024 irda - ok
09:44:49.0828 3024 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:44:49.0875 3024 IRENUM - ok
09:44:49.0937 3024 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:44:49.0937 3024 isapnp - ok
09:44:49.0984 3024 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:44:49.0984 3024 Kbdclass - ok
09:44:50.0015 3024 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:44:50.0078 3024 kbdhid - ok
09:44:50.0125 3024 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:44:50.0125 3024 kmixer - ok
09:44:50.0156 3024 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:44:50.0203 3024 KSecDD - ok
09:44:50.0234 3024 lbrtfdc - ok
09:44:50.0281 3024 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
09:44:50.0281 3024 MBAMProtector - ok
09:44:50.0328 3024 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:44:50.0343 3024 mdmxsdk - ok
09:44:50.0375 3024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:44:50.0421 3024 mnmdd - ok
09:44:50.0484 3024 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:44:50.0484 3024 Modem - ok
09:44:50.0515 3024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:44:50.0562 3024 Mouclass - ok
09:44:50.0609 3024 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:44:50.0609 3024 mouhid - ok
09:44:50.0625 3024 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:44:50.0671 3024 MountMgr - ok
09:44:50.0687 3024 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:44:50.0687 3024 mraid35x - ok
09:44:50.0718 3024 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:44:50.0812 3024 MRxDAV - ok
09:44:50.0875 3024 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:44:50.0890 3024 MRxSmb - ok
09:44:50.0937 3024 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:44:50.0984 3024 Msfs - ok
09:44:51.0015 3024 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:44:51.0015 3024 MSKSSRV - ok
09:44:51.0031 3024 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:44:51.0046 3024 MSPCLOCK - ok
09:44:51.0093 3024 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:44:51.0140 3024 MSPQM - ok
09:44:51.0187 3024 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:44:51.0234 3024 mssmbios - ok
09:44:51.0265 3024 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:44:51.0265 3024 MSTEE - ok
09:44:51.0296 3024 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:44:51.0343 3024 Mup - ok
09:44:51.0390 3024 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:44:51.0390 3024 NABTSFEC - ok
09:44:51.0453 3024 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:44:51.0453 3024 NDIS - ok
09:44:51.0500 3024 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:44:51.0500 3024 NdisIP - ok
09:44:51.0546 3024 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:44:51.0546 3024 NdisTapi - ok
09:44:51.0578 3024 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:44:51.0578 3024 Ndisuio - ok
09:44:51.0609 3024 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:44:51.0656 3024 NdisWan - ok
09:44:51.0703 3024 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:44:51.0750 3024 NDProxy - ok
09:44:51.0765 3024 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:44:51.0765 3024 NetBIOS - ok
09:44:51.0828 3024 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:44:51.0828 3024 NetBT - ok
09:44:52.0000 3024 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
09:44:52.0046 3024 NETw4x32 - ok
09:44:52.0093 3024 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:44:52.0093 3024 NIC1394 - ok
09:44:52.0156 3024 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
09:44:52.0203 3024 NPF - ok
09:44:52.0218 3024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:44:52.0281 3024 Npfs - ok
09:44:52.0312 3024 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
09:44:52.0312 3024 NSCIRDA - ok
09:44:52.0390 3024 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:44:52.0453 3024 Ntfs - ok
09:44:52.0500 3024 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
09:44:52.0500 3024 NTIDrvr - ok
09:44:52.0531 3024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:44:52.0578 3024 Null - ok
09:44:52.0609 3024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:44:52.0609 3024 NwlnkFlt - ok
09:44:52.0640 3024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:44:52.0640 3024 NwlnkFwd - ok
09:44:52.0671 3024 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:44:52.0765 3024 ohci1394 - ok
09:44:52.0906 3024 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:44:52.0953 3024 Parport - ok
09:44:52.0968 3024 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:44:53.0015 3024 PartMgr - ok
09:44:53.0062 3024 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:44:53.0109 3024 ParVdm - ok
09:44:53.0140 3024 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:44:53.0187 3024 PCI - ok
09:44:53.0203 3024 PCIDump - ok
09:44:53.0218 3024 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:44:53.0281 3024 PCIIde - ok
09:44:53.0296 3024 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:44:53.0390 3024 Pcmcia - ok
09:44:53.0406 3024 PDCOMP - ok
09:44:53.0421 3024 PDFRAME - ok
09:44:53.0453 3024 PDRELI - ok
09:44:53.0468 3024 PDRFRAME - ok
09:44:53.0484 3024 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:44:53.0484 3024 perc2 - ok
09:44:53.0500 3024 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:44:53.0500 3024 perc2hib - ok
09:44:53.0562 3024 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:44:53.0562 3024 PptpMiniport - ok
09:44:53.0593 3024 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:44:53.0640 3024 Processor - ok
09:44:53.0671 3024 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:44:53.0671 3024 PSched - ok
09:44:53.0718 3024 psdfilter (32338659e9da79055406f2157cd0e1df) C:\WINDOWS\system32\Drivers\psdfilter.sys
09:44:53.0718 3024 psdfilter - ok
09:44:53.0750 3024 psdvdisk (4c7947014674df40b7af52342a9157d0) C:\WINDOWS\system32\Drivers\psdvdisk.sys
09:44:53.0796 3024 psdvdisk - ok
09:44:53.0812 3024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:44:53.0812 3024 Ptilink - ok
09:44:53.0828 3024 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:44:53.0921 3024 ql1080 - ok
09:44:53.0937 3024 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:44:53.0953 3024 Ql10wnt - ok
09:44:53.0968 3024 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:44:53.0968 3024 ql12160 - ok
09:44:53.0984 3024 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:44:53.0984 3024 ql1240 - ok
09:44:54.0000 3024 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:44:54.0062 3024 ql1280 - ok
09:44:54.0093 3024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:44:54.0093 3024 RasAcd - ok
09:44:54.0109 3024 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:44:54.0156 3024 Rasirda - ok
09:44:54.0171 3024 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:44:54.0171 3024 Rasl2tp - ok
09:44:54.0203 3024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:44:54.0203 3024 RasPppoe - ok
09:44:54.0218 3024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:44:54.0218 3024 Raspti - ok
09:44:54.0250 3024 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:44:54.0250 3024 Rdbss - ok
09:44:54.0281 3024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:44:54.0281 3024 RDPCDD - ok
09:44:54.0296 3024 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:44:54.0312 3024 rdpdr - ok
09:44:54.0343 3024 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:44:54.0390 3024 RDPWD - ok
09:44:54.0437 3024 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:44:54.0484 3024 redbook - ok
09:44:54.0546 3024 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
09:44:54.0546 3024 RFCOMM - ok
09:44:54.0625 3024 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:44:54.0625 3024 s24trans - ok
09:44:54.0750 3024 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:44:54.0750 3024 SASDIFSV - ok
09:44:54.0796 3024 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
09:44:54.0796 3024 SASENUM - ok
09:44:54.0812 3024 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
09:44:54.0828 3024 SASKUTIL - ok
09:44:54.0875 3024 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:44:55.0015 3024 sdbus - ok
09:44:55.0062 3024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:44:55.0125 3024 Secdrv - ok
09:44:55.0156 3024 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:44:55.0250 3024 Serial - ok
09:44:55.0281 3024 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:44:55.0328 3024 Sfloppy - ok
09:44:55.0359 3024 Simbad - ok
09:44:55.0406 3024 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:44:55.0453 3024 sisagp - ok
09:44:55.0484 3024 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:44:55.0500 3024 SLIP - ok
09:44:55.0625 3024 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
09:44:55.0687 3024 SNP2UVC - ok
09:44:55.0734 3024 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:44:55.0734 3024 SONYPVU1 - ok
09:44:55.0765 3024 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:44:55.0812 3024 Sparrow - ok
09:44:55.0843 3024 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:44:55.0843 3024 splitter - ok
09:44:55.0875 3024 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:44:55.0875 3024 sr - ok
09:44:55.0921 3024 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:44:55.0921 3024 Srv - ok
09:44:55.0968 3024 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:44:55.0968 3024 streamip - ok
09:44:56.0000 3024 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:44:56.0046 3024 swenum - ok
09:44:56.0078 3024 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:44:56.0171 3024 swmidi - ok
09:44:56.0203 3024 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:44:56.0250 3024 symc810 - ok
09:44:56.0265 3024 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:44:56.0312 3024 symc8xx - ok
09:44:56.0343 3024 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:44:56.0406 3024 sym_hi - ok
09:44:56.0421 3024 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:44:56.0468 3024 sym_u3 - ok
09:44:56.0500 3024 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:44:56.0500 3024 SynTP - ok
09:44:56.0515 3024 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:44:56.0531 3024 sysaudio - ok
09:44:56.0578 3024 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:44:56.0593 3024 Tcpip - ok
09:44:56.0625 3024 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:44:56.0671 3024 TDPIPE - ok
09:44:56.0703 3024 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:44:56.0750 3024 TDTCP - ok
09:44:56.0765 3024 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:44:56.0906 3024 TermDD - ok
09:44:56.0953 3024 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys
09:44:56.0953 3024 tifm21 - ok
09:44:56.0984 3024 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:44:57.0031 3024 TosIde - ok
09:44:57.0093 3024 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
09:44:57.0093 3024 tvicport - ok
09:44:57.0109 3024 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
09:44:57.0156 3024 UBHelper - ok
09:44:57.0187 3024 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:44:57.0234 3024 Udfs - ok
09:44:57.0250 3024 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:44:57.0343 3024 ultra - ok
09:44:57.0390 3024 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:44:57.0484 3024 Update - ok
09:44:57.0546 3024 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:44:57.0593 3024 USBAAPL - ok
09:44:57.0640 3024 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
09:44:57.0640 3024 usbbus - ok
09:44:57.0687 3024 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:44:57.0687 3024 usbccgp - ok
09:44:57.0734 3024 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
09:44:57.0734 3024 UsbDiag - ok
09:44:57.0796 3024 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:44:57.0796 3024 usbehci - ok
09:44:57.0890 3024 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:44:57.0937 3024 usbhub - ok
09:44:58.0000 3024 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
09:44:58.0000 3024 USBModem - ok
09:44:58.0062 3024 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:44:58.0062 3024 usbprint - ok
09:44:58.0125 3024 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:44:58.0171 3024 usbscan - ok
09:44:58.0234 3024 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:44:58.0250 3024 usbstor - ok
09:44:58.0296 3024 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:44:58.0343 3024 usbuhci - ok
09:44:58.0406 3024 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:44:58.0421 3024 usbvideo - ok
09:44:58.0437 3024 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:44:58.0484 3024 VgaSave - ok
09:44:58.0546 3024 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:44:58.0640 3024 viaagp - ok
09:44:58.0656 3024 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:44:58.0656 3024 ViaIde - ok
09:44:58.0687 3024 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:44:58.0734 3024 VolSnap - ok
09:44:58.0765 3024 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:44:58.0812 3024 Wanarp - ok
09:44:58.0859 3024 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
09:44:58.0906 3024 WDC_SAM - ok
09:44:58.0921 3024 WDICA - ok
09:44:58.0953 3024 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:44:58.0953 3024 wdmaud - ok
09:44:59.0031 3024 winachsf (9692ab8ba2dcd649a86b1b9b81154278) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:44:59.0093 3024 winachsf - ok
09:44:59.0171 3024 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:44:59.0218 3024 WmiAcpi - ok
09:44:59.0281 3024 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:44:59.0281 3024 WS2IFSL - ok
09:44:59.0312 3024 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:44:59.0359 3024 WSTCODEC - ok
09:44:59.0406 3024 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:44:59.0406 3024 WudfPf - ok
09:44:59.0421 3024 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:44:59.0421 3024 WudfRd - ok
09:44:59.0484 3024 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
09:44:59.0531 3024 zntport - ok
09:44:59.0578 3024 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
09:45:01.0359 3024 \Device\Harddisk0\DR0 - ok
09:45:01.0406 3024 Boot (0x1200) (249260b88fd521f80340c812e7199e67) \Device\Harddisk0\DR0\Partition0
09:45:01.0406 3024 \Device\Harddisk0\DR0\Partition0 - ok
09:45:01.0437 3024 Boot (0x1200) (eefe09835744b5d94e783795275df061) \Device\Harddisk0\DR0\Partition1
09:45:01.0437 3024 \Device\Harddisk0\DR0\Partition1 - ok
09:45:01.0437 3024 ============================================================
09:45:01.0437 3024 Scan finished
09:45:01.0437 3024 ============================================================
09:45:01.0453 2348 Detected object count: 0
09:45:01.0453 2348 Actual detected object count: 0
09:45:37.0687 3492 Deinitialize success


MiniToolBox by Farbar
Ran by Eve (administrator) on 10-10-2011 at 09:46:26
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : PJS-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet

Physical Address. . . . . . . . . : 00-16-D3-E2-7A-18

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.1.1.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.1.1.1

DHCP Server . . . . . . . . . . . : 10.1.1.1

DNS Servers . . . . . . . . . . . : 10.1.1.1

Lease Obtained. . . . . . . . . . : Monday, 10 October 2011 9:20:51 AM

Lease Expires . . . . . . . . . . : Wednesday, 12 October 2011 9:20:51 AM

Server: UnKnown
Address: 10.1.1.1

Name: google.com
Addresses: 74.125.237.52, 74.125.237.51, 74.125.237.49, 74.125.237.50
74.125.237.48



Pinging google.com [74.125.237.52] with 32 bytes of data:



Reply from 74.125.237.52: bytes=32 time=68ms TTL=51

Reply from 74.125.237.52: bytes=32 time=67ms TTL=53



Ping statistics for 74.125.237.52:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 67ms, Maximum = 68ms, Average = 67ms

Server: UnKnown
Address: 10.1.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 209.191.122.70, 98.139.180.149, 98.137.149.56
67.195.160.76



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=248ms TTL=54

Reply from 72.30.2.43: bytes=32 time=248ms TTL=54



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 248ms, Maximum = 248ms, Average = 248ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 d3 e2 7a 18 ...... Broadcom NetLink ™ Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.4 20
10.1.1.0 255.255.255.0 10.1.1.4 10.1.1.4 20
10.1.1.4 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.1.1.4 10.1.1.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.1.1.4 10.1.1.4 20
255.255.255.255 255.255.255.255 10.1.1.4 10.1.1.4 1
Default Gateway: 10.1.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/10/2011 09:37:55 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/10/2011 09:37:55 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/25/2011 02:17:05 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (09/25/2011 02:17:05 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (09/25/2011 02:17:05 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (09/25/2011 02:17:05 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (10/10/2011 09:21:37 AM) (Source: Service Control Manager) (User: )
Description: The Remote Registry service failed to start due to the following error:
%%1069

Error: (10/10/2011 09:21:37 AM) (Source: Service Control Manager) (User: )
Description: The RemoteRegistry service was unable to log on as NT AUTHORITY\LocalService with the currently configured
password due to the following error:
%%5

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (10/07/2011 09:04:15 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5D3AFE28-D0CA-4960-B1F2-1424EEEF44FB}.
The backup browser is stopping.

Error: (10/06/2011 05:30:57 PM) (Source: Print) (User: SYSTEM)
Description: Sharing printer failed + 1722, Printer PDFill PDF Writer share name Printer.

Error: (10/06/2011 10:10:15 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference error message: The operation completed successfully.
.

Error: (10/06/2011 10:10:15 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (10/06/2011 10:10:15 AM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (10/06/2011 10:09:36 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference error message: The operation completed successfully.
.

Error: (10/06/2011 10:09:36 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (10/06/2011 10:09:36 AM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acer Crystal Eye webcam (Version: 1.0.11)
Acer Crystal Eye webcam (Version: 5.7.28.500-1.0)
Acer eDataSecurity Management (Version: 2.0.4088)
Acer eDataSecurity Management 2.0.4088 (Version: 2.0.4088)
Acer eLock Management (Version: 2.1.4003)
Acer Empowering Technology (Version: 2.03.4001)
Acer eNet Management (Version: 2.05.4003)
Acer ePower Management (Version: 2.00.4002)
Acer ePresentation Management (Version: 2.00.4000)
Acer eSettings Management (Version: 2.03.4004)
Acer GridVista (Version: 2.68.622)
Acer ScreenSaver (Version: 3.11.20070525.1)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader X (10.1.1) (Version: 10.1.1)
AFPL Ghostscript 8.14
AFPL Ghostscript Fonts
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Broadcom Gigabit Integrated Controller (Version: 10.15.10)
Brother HL-3040CN (Version: 1.00)
BufferChm (Version: 53.0.13.000)
Canon CanoScan Toolbox 4.1
CCleaner (Version: 3.03)
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
DesignPro Business Cards SE (Version: 5.3.705)
Destinations (Version: 53.0.13.000)
DeviceFunctionQFolder (Version: 1.00.0000)
DeviceManagementQFolder (Version: 1.00.0000)
ESET NOD32 Antivirus (Version: 4.2.71.2)
eSupportQFolder (Version: 1.00.0000)
FileZilla Client 3.3.5.1 (Version: 3.3.5.1)
HP Deskjet 3900 series (Version: 5.0)
HP Imaging Device Functions 5.0 (Version: 5.0)
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.0 (Version: 5.0)
HPDeskjet3900Series (Version: 1.00.0000)
HPProductAssistant (Version: 53.0.13.000)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software (Version: 11.01.0.API)
IrfanView (remove only) (Version: 4.28)
Java Auto Updater (Version: 2.0.2.4)
jZip
Launch Manager
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Manual CanoScan 3000,3000F
mCore (Version: 9.03.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
mMHouse (Version: 9.03.0000)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
mPfMgr (Version: 9.03.0000)
mProSafe (Version: 9.00.0000)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
mWlsSafe (Version: 9.00.0000)
Nerocode MySQL Client (remove only)
NTI Backup NOW! 4.7 (Version: 1.00.0000)
NTI CD & DVD-Maker (Version: 7)
NTI Shadow (Version: 3.7.6.31)
OmniPage SE (Version: 11.00.0001)
PageBreeze Free HTML Editor
PDFill Form Filler 3.0 with FREE PDF Writer and Tools (Version: 3.0)
PDFill PDF Writer
PowerDVD (Version: 7.0.2802.f)
QuickTime (Version: 7.70.80.34)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 5.10.0.5423)
RealUpgrade 1.1 (Version: 1.1.0)
SolutionCenter (Version: 50.0.152.000)
Status (Version: 53.0.13.000)
SUPERAntiSpyware Free Edition (Version: 3.9.0.1008)
Synaptics Pointing Device Driver (Version: 8.2.9.0)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0002)
TIPCI (Version: 2.00.0002)
TrayApp (Version: 53.0.13.000)
Ultr@VNC 1.0.0 RC11d - Win32 (Version: 1.00)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
WIDCOMM Bluetooth Software (Version: 5.1.0.3300)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 2038.36 MB
Available physical RAM: 1339 MB
Total Pagefile: 3932.66 MB
Available Pagefile: 3428.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.56 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:71.35 GB) (Free:43.54 GB) NTFS
2 Drive d: (ACERDATA) (Fixed) (Total:71.82 GB) (Free:67.1 GB) FAT32

========================= Users: ========================================

User accounts for \\PJS-PC

Administrator ASPNET Eve
Guest HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#9 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 09 October 2011 - 09:13 PM

Apologies, meant to add that both Explorer and Firefox are working fine now thanks.
After google search 99% of links go where they should, only the odd ones fail or get redirected to some group coupon site or shopping site.
davcol46

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:31 PM

Posted 10 October 2011 - 02:32 AM

Hello davcol46,

!% of redirects says to me that there is still a problem here. I need to refer you to the malware removal team who can look deeper into this.

I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#11 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 10 October 2011 - 11:13 PM

Completed all steps and opened thread in Malware removal forum.
davcol46

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:31 PM

Posted 13 October 2011 - 02:07 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic422873.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users