Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with Google Redirect Virus


  • Please log in to reply
10 replies to this topic

#1 Parker1028

Parker1028

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 20 November 2011 - 04:45 PM

The kids computer has gotten this virus and I've tried all the Anti Malware programs to no avail. Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 20 November 2011 - 08:43 PM

Hello amd welcome.

Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Parker1028

Parker1028
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 21 November 2011 - 01:01 AM

Ran the 3 programs suggested and here are the results:

TDSSKiller Log:

00:18:39.0209 5096 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
00:18:39.0568 5096 ============================================================
00:18:39.0568 5096 Current date / time: 2011/11/21 00:18:39.0568
00:18:39.0568 5096 SystemInfo:
00:18:39.0568 5096
00:18:39.0568 5096 OS Version: 6.0.6002 ServicePack: 2.0
00:18:39.0568 5096 Product type: Workstation
00:18:39.0568 5096 ComputerName: PARKERFAMILY-PC
00:18:39.0568 5096 UserName: John 1
00:18:39.0568 5096 Windows directory: C:\Windows
00:18:39.0568 5096 System windows directory: C:\Windows
00:18:39.0568 5096 Processor architecture: Intel x86
00:18:39.0568 5096 Number of processors: 2
00:18:39.0568 5096 Page size: 0x1000
00:18:39.0568 5096 Boot type: Normal boot
00:18:39.0568 5096 ============================================================
00:18:41.0003 5096 Initialize success
00:18:44.0685 6032 ============================================================
00:18:44.0685 6032 Scan started
00:18:44.0685 6032 Mode: Manual;
00:18:44.0685 6032 ============================================================
00:18:48.0101 6032 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:18:48.0101 6032 ACPI - ok
00:18:48.0164 6032 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:18:48.0179 6032 adp94xx - ok
00:18:48.0226 6032 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:18:48.0226 6032 adpahci - ok
00:18:48.0257 6032 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:18:48.0257 6032 adpu160m - ok
00:18:48.0273 6032 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:18:48.0288 6032 adpu320 - ok
00:18:48.0444 6032 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
00:18:48.0444 6032 Afc - ok
00:18:48.0491 6032 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:18:48.0507 6032 AFD - ok
00:18:48.0554 6032 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
00:18:48.0554 6032 agp440 - ok
00:18:48.0569 6032 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:18:48.0585 6032 aic78xx - ok
00:18:48.0600 6032 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
00:18:48.0600 6032 aliide - ok
00:18:48.0616 6032 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
00:18:48.0616 6032 amdagp - ok
00:18:48.0632 6032 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
00:18:48.0632 6032 amdide - ok
00:18:48.0756 6032 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:18:48.0756 6032 AmdK7 - ok
00:18:48.0788 6032 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
00:18:48.0788 6032 AmdK8 - ok
00:18:48.0975 6032 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:18:48.0990 6032 arc - ok
00:18:49.0146 6032 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:18:49.0146 6032 arcsas - ok
00:18:49.0209 6032 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:18:49.0209 6032 AsyncMac - ok
00:18:49.0271 6032 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:18:49.0271 6032 atapi - ok
00:18:49.0443 6032 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:18:49.0443 6032 Beep - ok
00:18:49.0474 6032 blbdrive - ok
00:18:49.0552 6032 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:18:49.0552 6032 bowser - ok
00:18:49.0614 6032 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:18:49.0614 6032 BrFiltLo - ok
00:18:49.0646 6032 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:18:49.0646 6032 BrFiltUp - ok
00:18:49.0708 6032 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:18:49.0708 6032 Brserid - ok
00:18:49.0739 6032 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:18:49.0739 6032 BrSerWdm - ok
00:18:49.0770 6032 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:18:49.0770 6032 BrUsbMdm - ok
00:18:49.0786 6032 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:18:49.0786 6032 BrUsbSer - ok
00:18:49.0817 6032 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:18:49.0817 6032 BTHMODEM - ok
00:18:49.0895 6032 catchme - ok
00:18:50.0004 6032 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:18:50.0004 6032 cdfs - ok
00:18:50.0098 6032 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:18:50.0098 6032 cdrom - ok
00:18:50.0129 6032 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:18:50.0129 6032 circlass - ok
00:18:50.0192 6032 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:18:50.0192 6032 CLFS - ok
00:18:50.0270 6032 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
00:18:50.0270 6032 cmdide - ok
00:18:50.0285 6032 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
00:18:50.0285 6032 Compbatt - ok
00:18:50.0316 6032 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:18:50.0316 6032 crcdisk - ok
00:18:50.0332 6032 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:18:50.0332 6032 Crusoe - ok
00:18:50.0441 6032 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:18:50.0441 6032 DfsC - ok
00:18:50.0566 6032 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:18:50.0566 6032 disk - ok
00:18:50.0644 6032 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:18:50.0644 6032 drmkaud - ok
00:18:50.0706 6032 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:18:50.0722 6032 DXGKrnl - ok
00:18:50.0769 6032 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
00:18:50.0769 6032 e1express - ok
00:18:50.0800 6032 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:18:50.0800 6032 E1G60 - ok
00:18:50.0862 6032 EagleNT - ok
00:18:50.0972 6032 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:18:50.0972 6032 Ecache - ok
00:18:51.0034 6032 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:18:51.0034 6032 elxstor - ok
00:18:51.0128 6032 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:18:51.0143 6032 exfat - ok
00:18:51.0206 6032 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:18:51.0221 6032 fastfat - ok
00:18:51.0284 6032 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:18:51.0284 6032 fdc - ok
00:18:51.0346 6032 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:18:51.0346 6032 FileInfo - ok
00:18:51.0408 6032 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:18:51.0408 6032 Filetrace - ok
00:18:51.0455 6032 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:18:51.0455 6032 flpydisk - ok
00:18:51.0518 6032 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:18:51.0533 6032 FltMgr - ok
00:18:51.0627 6032 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:18:51.0627 6032 Fs_Rec - ok
00:18:51.0674 6032 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:18:51.0674 6032 gagp30kx - ok
00:18:51.0767 6032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
00:18:51.0767 6032 GEARAspiWDM - ok
00:18:51.0876 6032 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:18:51.0892 6032 HDAudBus - ok
00:18:51.0923 6032 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:18:51.0939 6032 HidBth - ok
00:18:51.0954 6032 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:18:51.0954 6032 HidIr - ok
00:18:52.0032 6032 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:18:52.0032 6032 HidUsb - ok
00:18:52.0110 6032 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\Windows\system32\drivers\hitmanpro35.sys
00:18:52.0110 6032 hitmanpro35 - ok
00:18:52.0142 6032 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:18:52.0142 6032 HpCISSs - ok
00:18:52.0188 6032 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:18:52.0235 6032 HSF_DPV - ok
00:18:52.0266 6032 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
00:18:52.0266 6032 HSXHWBS2 - ok
00:18:52.0298 6032 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:18:52.0313 6032 HTTP - ok
00:18:52.0344 6032 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:18:52.0344 6032 i2omp - ok
00:18:52.0438 6032 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:18:52.0438 6032 i8042prt - ok
00:18:52.0485 6032 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
00:18:52.0500 6032 iaStor - ok
00:18:52.0547 6032 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:18:52.0547 6032 iaStorV - ok
00:18:52.0656 6032 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:18:52.0719 6032 igfx - ok
00:18:52.0781 6032 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:18:52.0781 6032 iirsp - ok
00:18:52.0906 6032 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
00:18:52.0984 6032 IntcAzAudAddService - ok
00:18:53.0093 6032 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
00:18:53.0093 6032 intelide - ok
00:18:53.0156 6032 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:18:53.0156 6032 intelppm - ok
00:18:53.0249 6032 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:18:53.0249 6032 IpFilterDriver - ok
00:18:53.0249 6032 IpInIp - ok
00:18:53.0296 6032 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:18:53.0296 6032 IPMIDRV - ok
00:18:53.0343 6032 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:18:53.0343 6032 IPNAT - ok
00:18:53.0390 6032 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:18:53.0390 6032 IRENUM - ok
00:18:53.0436 6032 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
00:18:53.0436 6032 isapnp - ok
00:18:53.0483 6032 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:18:53.0499 6032 iScsiPrt - ok
00:18:53.0530 6032 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:18:53.0530 6032 iteatapi - ok
00:18:53.0561 6032 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:18:53.0561 6032 iteraid - ok
00:18:53.0624 6032 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:18:53.0624 6032 kbdclass - ok
00:18:53.0686 6032 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:18:53.0702 6032 kbdhid - ok
00:18:53.0764 6032 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
00:18:53.0780 6032 KSecDD - ok
00:18:53.0951 6032 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
00:18:53.0951 6032 Lavasoft Kernexplorer - ok
00:18:54.0060 6032 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
00:18:54.0060 6032 Lbd - ok
00:18:54.0154 6032 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:18:54.0154 6032 lltdio - ok
00:18:54.0216 6032 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:18:54.0216 6032 LSI_FC - ok
00:18:54.0263 6032 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:18:54.0263 6032 LSI_SAS - ok
00:18:54.0294 6032 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:18:54.0310 6032 LSI_SCSI - ok
00:18:54.0341 6032 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:18:54.0357 6032 luafv - ok
00:18:54.0388 6032 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys
00:18:54.0388 6032 MBAMSwissArmy - ok
00:18:54.0419 6032 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:18:54.0435 6032 mdmxsdk - ok
00:18:54.0466 6032 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:18:54.0466 6032 megasas - ok
00:18:54.0528 6032 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:18:54.0528 6032 Modem - ok
00:18:54.0575 6032 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:18:54.0575 6032 monitor - ok
00:18:54.0622 6032 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:18:54.0622 6032 mouclass - ok
00:18:54.0638 6032 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:18:54.0638 6032 mouhid - ok
00:18:54.0684 6032 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:18:54.0684 6032 MountMgr - ok
00:18:54.0731 6032 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:18:54.0731 6032 mpio - ok
00:18:54.0794 6032 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:18:54.0794 6032 mpsdrv - ok
00:18:54.0825 6032 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:18:54.0825 6032 Mraid35x - ok
00:18:54.0887 6032 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:18:54.0887 6032 MRxDAV - ok
00:18:54.0950 6032 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:18:54.0950 6032 mrxsmb - ok
00:18:55.0012 6032 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:18:55.0012 6032 mrxsmb10 - ok
00:18:55.0028 6032 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:18:55.0028 6032 mrxsmb20 - ok
00:18:55.0074 6032 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
00:18:55.0074 6032 msahci - ok
00:18:55.0121 6032 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:18:55.0121 6032 msdsm - ok
00:18:55.0184 6032 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:18:55.0184 6032 Msfs - ok
00:18:55.0246 6032 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:18:55.0246 6032 msisadrv - ok
00:18:55.0293 6032 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:18:55.0293 6032 MSKSSRV - ok
00:18:55.0340 6032 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:18:55.0340 6032 MSPCLOCK - ok
00:18:55.0386 6032 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:18:55.0386 6032 MSPQM - ok
00:18:55.0449 6032 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:18:55.0449 6032 MsRPC - ok
00:18:55.0511 6032 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:18:55.0511 6032 mssmbios - ok
00:18:55.0542 6032 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:18:55.0542 6032 MSTEE - ok
00:18:55.0605 6032 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:18:55.0605 6032 Mup - ok
00:18:55.0714 6032 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:18:55.0714 6032 NativeWifiP - ok
00:18:55.0776 6032 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:18:55.0823 6032 NDIS - ok
00:18:55.0948 6032 NDISKIO - ok
00:18:56.0026 6032 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:18:56.0026 6032 NdisTapi - ok
00:18:56.0088 6032 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:18:56.0088 6032 Ndisuio - ok
00:18:56.0166 6032 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:18:56.0166 6032 NdisWan - ok
00:18:56.0244 6032 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:18:56.0244 6032 NDProxy - ok
00:18:56.0307 6032 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:18:56.0307 6032 NetBIOS - ok
00:18:56.0478 6032 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:18:56.0494 6032 netbt - ok
00:18:56.0572 6032 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:18:56.0572 6032 nfrd960 - ok
00:18:56.0650 6032 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
00:18:56.0650 6032 NPF - ok
00:18:56.0728 6032 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:18:56.0728 6032 Npfs - ok
00:18:56.0790 6032 nsak_A3EFC647 - ok
00:18:56.0900 6032 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:18:56.0900 6032 nsiproxy - ok
00:18:57.0009 6032 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:18:57.0087 6032 Ntfs - ok
00:18:57.0149 6032 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:18:57.0149 6032 ntrigdigi - ok
00:18:57.0212 6032 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:18:57.0212 6032 Null - ok
00:18:57.0243 6032 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:18:57.0243 6032 nvraid - ok
00:18:57.0274 6032 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:18:57.0274 6032 nvstor - ok
00:18:57.0305 6032 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
00:18:57.0305 6032 nv_agp - ok
00:18:57.0336 6032 NwlnkFlt - ok
00:18:57.0368 6032 NwlnkFwd - ok
00:18:57.0414 6032 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
00:18:57.0414 6032 ohci1394 - ok
00:18:57.0461 6032 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:18:57.0461 6032 Parport - ok
00:18:57.0524 6032 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:18:57.0524 6032 partmgr - ok
00:18:57.0539 6032 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:18:57.0539 6032 Parvdm - ok
00:18:57.0617 6032 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:18:57.0633 6032 pci - ok
00:18:57.0758 6032 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:18:57.0758 6032 pciide - ok
00:18:57.0789 6032 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:18:57.0789 6032 pcmcia - ok
00:18:57.0820 6032 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:18:57.0836 6032 PEAUTH - ok
00:18:57.0976 6032 pnarp (b63a3ae87ed0ac525b3aa88b39608bfc) C:\Windows\system32\DRIVERS\pnarp.sys
00:18:57.0976 6032 pnarp - ok
00:18:58.0038 6032 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:18:58.0054 6032 PptpMiniport - ok
00:18:58.0070 6032 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:18:58.0085 6032 Processor - ok
00:18:58.0179 6032 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:18:58.0179 6032 PSched - ok
00:18:58.0210 6032 purendis (633cc728d6493c4263368a86928b0bfd) C:\Windows\system32\DRIVERS\purendis.sys
00:18:58.0210 6032 purendis - ok
00:18:58.0257 6032 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
00:18:58.0257 6032 PxHelp20 - ok
00:18:58.0335 6032 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:18:58.0350 6032 ql2300 - ok
00:18:58.0413 6032 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:18:58.0413 6032 ql40xx - ok
00:18:58.0475 6032 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:18:58.0475 6032 QWAVEdrv - ok
00:18:58.0569 6032 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
00:18:58.0631 6032 R300 - ok
00:18:58.0694 6032 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:18:58.0694 6032 RasAcd - ok
00:18:58.0740 6032 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:18:58.0756 6032 Rasl2tp - ok
00:18:58.0818 6032 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:18:58.0818 6032 RasPppoe - ok
00:18:58.0896 6032 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:18:58.0896 6032 RasSstp - ok
00:18:58.0959 6032 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:18:58.0959 6032 rdbss - ok
00:18:59.0006 6032 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:18:59.0006 6032 RDPCDD - ok
00:18:59.0052 6032 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
00:18:59.0052 6032 rdpdr - ok
00:18:59.0052 6032 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:18:59.0068 6032 RDPENCDD - ok
00:18:59.0130 6032 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:18:59.0130 6032 RDPWD - ok
00:18:59.0193 6032 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:18:59.0208 6032 rspndr - ok
00:18:59.0349 6032 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:18:59.0349 6032 SASDIFSV - ok
00:18:59.0396 6032 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:18:59.0396 6032 SASKUTIL - ok
00:18:59.0489 6032 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:18:59.0489 6032 sbp2port - ok
00:18:59.0552 6032 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:18:59.0552 6032 secdrv - ok
00:18:59.0598 6032 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:18:59.0598 6032 Serenum - ok
00:18:59.0630 6032 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:18:59.0630 6032 Serial - ok
00:18:59.0676 6032 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:18:59.0676 6032 sermouse - ok
00:18:59.0739 6032 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
00:18:59.0739 6032 sffdisk - ok
00:18:59.0754 6032 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
00:18:59.0754 6032 sffp_mmc - ok
00:18:59.0786 6032 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
00:18:59.0786 6032 sffp_sd - ok
00:18:59.0801 6032 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:18:59.0801 6032 sfloppy - ok
00:18:59.0848 6032 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
00:18:59.0848 6032 sisagp - ok
00:18:59.0864 6032 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:18:59.0879 6032 SiSRaid2 - ok
00:18:59.0895 6032 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:18:59.0895 6032 SiSRaid4 - ok
00:18:59.0973 6032 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:18:59.0973 6032 Smb - ok
00:19:00.0066 6032 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:19:00.0066 6032 spldr - ok
00:19:00.0144 6032 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:19:00.0144 6032 srv - ok
00:19:00.0222 6032 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:19:00.0222 6032 srv2 - ok
00:19:00.0254 6032 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:19:00.0254 6032 srvnet - ok
00:19:00.0332 6032 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:19:00.0332 6032 swenum - ok
00:19:00.0378 6032 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:19:00.0378 6032 Symc8xx - ok
00:19:00.0410 6032 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:19:00.0410 6032 Sym_hi - ok
00:19:00.0425 6032 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:19:00.0425 6032 Sym_u3 - ok
00:19:00.0503 6032 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\Windows\system32\DRIVERS\szkg.sys
00:19:00.0503 6032 szkg5 - ok
00:19:00.0534 6032 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\Windows\system32\drivers\szkgfs.sys
00:19:00.0534 6032 szkgfs - ok
00:19:00.0659 6032 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
00:19:00.0690 6032 Tcpip - ok
00:19:00.0706 6032 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
00:19:00.0706 6032 Tcpip6 - ok
00:19:00.0768 6032 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:19:00.0784 6032 tcpipreg - ok
00:19:00.0815 6032 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:19:00.0815 6032 TDPIPE - ok
00:19:00.0846 6032 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:19:00.0846 6032 TDTCP - ok
00:19:00.0909 6032 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:19:00.0909 6032 tdx - ok
00:19:00.0971 6032 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:19:00.0971 6032 TermDD - ok
00:19:01.0080 6032 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:19:01.0080 6032 tssecsrv - ok
00:19:01.0143 6032 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:19:01.0143 6032 tunmp - ok
00:19:01.0221 6032 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:19:01.0221 6032 tunnel - ok
00:19:01.0268 6032 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:19:01.0268 6032 uagp35 - ok
00:19:01.0330 6032 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:19:01.0346 6032 udfs - ok
00:19:01.0408 6032 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
00:19:01.0408 6032 uliagpkx - ok
00:19:01.0424 6032 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:19:01.0439 6032 uliahci - ok
00:19:01.0486 6032 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:19:01.0486 6032 UlSata - ok
00:19:01.0502 6032 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:19:01.0502 6032 ulsata2 - ok
00:19:01.0548 6032 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:19:01.0548 6032 umbus - ok
00:19:01.0611 6032 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
00:19:01.0611 6032 USBAAPL - ok
00:19:01.0704 6032 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:19:01.0704 6032 usbaudio - ok
00:19:01.0751 6032 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:19:01.0751 6032 usbccgp - ok
00:19:01.0782 6032 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:19:01.0782 6032 usbcir - ok
00:19:01.0845 6032 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:19:01.0845 6032 usbehci - ok
00:19:01.0923 6032 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:19:01.0923 6032 usbhub - ok
00:19:01.0954 6032 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:19:01.0954 6032 usbohci - ok
00:19:01.0970 6032 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
00:19:01.0985 6032 usbprint - ok
00:19:02.0048 6032 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:19:02.0048 6032 USBSTOR - ok
00:19:02.0094 6032 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:19:02.0094 6032 usbuhci - ok
00:19:02.0141 6032 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
00:19:02.0141 6032 vga - ok
00:19:02.0188 6032 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:19:02.0188 6032 VgaSave - ok
00:19:02.0219 6032 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
00:19:02.0219 6032 viaagp - ok
00:19:02.0266 6032 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:19:02.0266 6032 ViaC7 - ok
00:19:02.0297 6032 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
00:19:02.0297 6032 viaide - ok
00:19:02.0344 6032 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:19:02.0344 6032 volmgr - ok
00:19:02.0453 6032 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:19:02.0453 6032 volmgrx - ok
00:19:02.0516 6032 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:19:02.0516 6032 volsnap - ok
00:19:02.0594 6032 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:19:02.0594 6032 vsmraid - ok
00:19:02.0734 6032 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\Windows\system32\DRIVERS\VX3000.sys
00:19:02.0781 6032 VX3000 - ok
00:19:02.0921 6032 wacmoumonitor (826a053968d0faf39afd8aecff580cb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
00:19:02.0921 6032 wacmoumonitor - ok
00:19:02.0984 6032 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
00:19:02.0984 6032 wacommousefilter - ok
00:19:03.0046 6032 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:19:03.0046 6032 WacomPen - ok
00:19:03.0171 6032 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
00:19:03.0171 6032 wacomvhid - ok
00:19:03.0249 6032 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
00:19:03.0249 6032 WacomVKHid - ok
00:19:03.0327 6032 WacomVTHid (799c84ce3bd9600172aa53b4ead8357a) C:\Windows\system32\DRIVERS\WacomVTHid.sys
00:19:03.0327 6032 WacomVTHid - ok
00:19:03.0374 6032 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:19:03.0374 6032 Wanarp - ok
00:19:03.0389 6032 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:19:03.0389 6032 Wanarpv6 - ok
00:19:03.0483 6032 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:19:03.0483 6032 Wd - ok
00:19:03.0530 6032 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:19:03.0545 6032 Wdf01000 - ok
00:19:03.0623 6032 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:19:03.0639 6032 winachsf - ok
00:19:03.0779 6032 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
00:19:03.0779 6032 WmiAcpi - ok
00:19:03.0857 6032 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:19:03.0857 6032 WpdUsb - ok
00:19:03.0935 6032 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:19:03.0935 6032 ws2ifsl - ok
00:19:04.0091 6032 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:19:04.0091 6032 WUDFRd - ok
00:19:04.0154 6032 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
00:19:04.0154 6032 XAudio - ok
00:19:04.0200 6032 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:19:04.0216 6032 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
00:19:04.0216 6032 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
00:19:04.0232 6032 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:19:04.0247 6032 \Device\Harddisk1\DR1 - ok
00:19:04.0278 6032 Boot (0x1200) (f64b2e250724ae66929b9327bba95312) \Device\Harddisk0\DR0\Partition0
00:19:04.0278 6032 \Device\Harddisk0\DR0\Partition0 - ok
00:19:04.0294 6032 Boot (0x1200) (8ed93b9d185922d4fd74280dae5e702d) \Device\Harddisk0\DR0\Partition1
00:19:04.0294 6032 \Device\Harddisk0\DR0\Partition1 - ok
00:19:04.0294 6032 Boot (0x1200) (10bd8bb6e6b0c641bc9544692aa62d0e) \Device\Harddisk1\DR1\Partition0
00:19:04.0294 6032 \Device\Harddisk1\DR1\Partition0 - ok
00:19:04.0294 6032 ============================================================
00:19:04.0294 6032 Scan finished
00:19:04.0294 6032 ============================================================
00:19:04.0325 4668 Detected object count: 1
00:19:04.0325 4668 Actual detected object count: 1
00:19:14.0013 4668 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
00:19:14.0013 4668 \Device\Harddisk0\DR0 - ok
00:19:14.0013 4668 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
00:19:18.0896 4780 Deinitialize success
-----------------------------------------------------------------------------------------------------------------------------

Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8205

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/21/2011 12:49:35 AM
mbam-log-2011-11-21 (00-49-35).txt

Scan type: Quick scan
Objects scanned: 274276
Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------------------------------------

Mini Toolbox Log:

MiniToolBox by Farbar
Ran by John 1 (administrator) on 21-11-2011 at 00:51:08
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ParkerFamily-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-1A-A0-95-0D-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::80dd:d4ab:8c5a:1736%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 21, 2011 12:22:24 AM
Lease Expires . . . . . . . . . . : Tuesday, November 22, 2011 12:22:23 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201333408
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-73-FF-6B-00-1A-A0-95-0D-D8
DNS Servers . . . . . . . . . . . : 167.206.254.1
167.206.254.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:34c9:800:3f57:fe9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::34c9:800:3f57:fe9a%8(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{F7B673FE-51F7-4E69-9480-30ECC3FB3206}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vdns1.srv.hcvlny.cv.net
Address: 167.206.254.1

Name: google.com
Addresses: 74.125.226.243
74.125.226.240
74.125.226.244
74.125.226.241
74.125.226.242



Pinging google.com [74.125.226.241] with 32 bytes of data:

Reply from 74.125.226.241: bytes=32 time=9ms TTL=55

Reply from 74.125.226.241: bytes=32 time=9ms TTL=55



Ping statistics for 74.125.226.241:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 9ms, Maximum = 9ms, Average = 9ms

Server: vdns1.srv.hcvlny.cv.net
Address: 167.206.254.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=67ms TTL=51

Reply from 209.191.122.70: bytes=32 time=67ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 67ms, Maximum = 67ms, Average = 67ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1a a0 95 0d d8 ...... Intel® 82562V-2 10/100 Network Connection
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 isatap.{F7B673FE-51F7-4E69-9480-30ECC3FB3206}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
8 38 ::/0 On-link
1 306 ::1/128 On-link
8 38 2001::/32 On-link
8 286 2001:0:4137:9e76:34c9:800:3f57:fe9a/128
On-link
9 276 fe80::/64 On-link
8 286 fe80::/64 On-link
8 286 fe80::34c9:800:3f57:fe9a/128
On-link
9 276 fe80::80dd:d4ab:8c5a:1736/128
On-link
1 306 ff00::/8 On-link
8 286 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/20/2011 10:45:13 PM) (Source: Application Error) (User: )
Description: Faulting application GoogleToolbarUser.exe, version 0.0.0.0, time stamp 0x4913aa33, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x5f6abca0,
process id 0x136c, application start time 0xGoogleToolbarUser.exe0.

Error: (11/20/2011 07:22:49 PM) (Source: Application Error) (User: )
Description: Faulting application GoogleToolbarUser.exe, version 0.0.0.0, time stamp 0x4913aa33, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x5f6abca0,
process id 0x828, application start time 0xGoogleToolbarUser.exe0.

Error: (11/20/2011 04:14:51 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe Files\Hitman Pro 3.5\HitmanPro35.exe" ; Descripton = ?????; Hr = 0x80070057).

Error: (11/20/2011 03:19:52 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (11/20/2011 09:25:34 AM) (Source: Application Error) (User: )
Description: Faulting application GoogleToolbarUser.exe, version 0.0.0.0, time stamp 0x4913aa33, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x6ad3bca0,
process id 0x10c0, application start time 0xGoogleToolbarUser.exe0.

Error: (11/20/2011 06:15:29 AM) (Source: Application Error) (User: )
Description: Faulting application GoogleToolbarUser.exe, version 0.0.0.0, time stamp 0x4913aa33, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000005, fault offset 0x000664c8,
process id 0x1680, application start time 0xGoogleToolbarUser.exe0.

Error: (11/19/2011 06:14:26 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16421, time stamp 0x4d76255d, faulting module MSHTML.dll, version 9.0.8112.16437, time stamp 0x4e5eef87, exception code 0xc0000005, fault offset 0x0017941a,
process id 0x12d4, application start time 0xiexplore.exe0.

Error: (11/19/2011 05:32:00 PM) (Source: Application Error) (User: )
Description: Faulting application GoogleToolbarUser.exe, version 0.0.0.0, time stamp 0x4913aa33, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x6ac8bca0,
process id 0x136c, application start time 0xGoogleToolbarUser.exe0.

Error: (11/19/2011 06:18:13 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16421, time stamp 0x4d76255d, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0xc0000005, fault offset 0x0003fc56,
process id 0x13b4, application start time 0xiexplore.exe0.

Error: (11/17/2011 03:16:54 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.


System errors:
=============
Error: (11/21/2011 00:22:41 AM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgentAVGIDSDriver

Error: (11/21/2011 00:20:28 AM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (11/19/2011 00:56:49 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.106 for the Network Card with network address 001AA0950DD8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/16/2011 10:32:15 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{F7B673FE-51F7-4E69-9480-30ECC3FB3206}.
The backup browser is stopping.

Error: (11/16/2011 10:16:00 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgentAVGIDSDriver

Error: (11/16/2011 10:13:06 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (11/16/2011 10:12:21 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (11/16/2011 09:38:48 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (11/16/2011 09:07:37 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (11/16/2011 09:07:23 PM) (Source: Service Control Manager) (User: )
Description: Linksys Updater1


Microsoft Office Sessions:
=========================
Error: (11/20/2011 10:45:13 PM) (Source: Application Error)(User: )
Description: GoogleToolbarUser.exe0.0.0.04913aa33unknown0.0.0.000000000c00000055f6abca0136c01cca7fe6dc171a9

Error: (11/20/2011 07:22:49 PM) (Source: Application Error)(User: )
Description: GoogleToolbarUser.exe0.0.0.04913aa33unknown0.0.0.000000000c00000055f6abca082801cca7e22723fea9

Error: (11/20/2011 04:14:51 PM) (Source: System Restore)(User: )
Description: C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe Files\Hitman Pro 3.5\HitmanPro35.exe" ?????0x80070057

Error: (11/20/2011 03:19:52 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (11/20/2011 09:25:34 AM) (Source: Application Error)(User: )
Description: GoogleToolbarUser.exe0.0.0.04913aa33unknown0.0.0.000000000c00000056ad3bca010c001cca78c76778319

Error: (11/20/2011 06:15:29 AM) (Source: Application Error)(User: )
Description: GoogleToolbarUser.exe0.0.0.04913aa33ntdll.dll6.0.6002.183274cb73436c0000005000664c8168001cca77231f56031

Error: (11/19/2011 06:14:26 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dMSHTML.dll9.0.8112.164374e5eef87c00000050017941a12d401cca70e80c9ba81

Error: (11/19/2011 05:32:00 PM) (Source: Application Error)(User: )
Description: GoogleToolbarUser.exe0.0.0.04913aa33unknown0.0.0.000000000c00000056ac8bca0136c01cca707cdc7ace1

Error: (11/19/2011 06:18:13 AM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dkernel32.dll6.0.6002.184494da47967c00000050003fc5613b401cca5058f65ef89

Error: (11/17/2011 03:16:54 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.


=========================== Installed Programs ============================

3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
Ad-Aware
Ad-Aware (Version: 9.0.0)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader 8.1.2 (Version: 8.1.2)
AIM 7
AOL Install (Version: 1.0.0)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.1.116)
ArcSoft MediaImpression for Kodak (Version: 2.0.24.761)
ArtRage 2 (Version: 2.6.0)
Ask Toolbar (Version: 1.9.1.0)
Audacity 1.2.6
Audiosurf Demo
AVG 2011 (Version: 10.0.1410)
AVG 2011 (Version: 10.0.1520)
Bamboo
Bonjour (Version: 2.0.4.0)
Browser Address Error Redirector (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant D850 PCI V.92 Modem
Dell DataSafe Online (Version: 1.0.21)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 2.0.07311)
Digital Line Detect (Version: 1.21)
Disney Pirates of the Caribbean Online (Version: )
Disney Toontown Online (Version: )
Download Updater (AOL LLC)
EA Download Manager (Version: 5.0.0.255)
EarthLink Setup Files (Version: 2005.2.178.0.2.2)
FlipShare (Version: 5.0.5.52727)
FrostWire 4.17.2 (Version: 4.17.2.0)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.11.0 (Version: )
Internet Service Offers Launcher (Version: 1.00.0000)
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
kSolo Recorder
Linksys EasyLink Advisor (Version: 3.0.8122.29)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft LifeCam (Version: 1.40.164.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Modem Diagnostic Tool (Version: 1.0.17.8)
Mozilla Firefox 5.0.1 (x86 en-US) (Version: 5.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music, Photos & Videos Launcher (Version: 1.00.0000)
NetWaiting (Version: 2.5.44)
Network Play System (Patching)
Nike+ Utility (Version: 1.00.0000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenAL
Pando Media Booster (Version: 2.3.3.6)
PMB (Version: 5.0.02.11130)
Portal
Product Documentation Launcher (Version: 1.00.0000)
Pure Networks Platform (Version: 10.1.8116.1)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Skype Toolbars (Version: 5.5.7896)
Skype™ 5.3 (Version: 5.3.120)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
SpongeBob SquarePants Employee of the Month
Spotify (Version: 0.5.2)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 4.47.1000)
Team Fortress 2
The Movies™ (Version: 1.0)
The Sims
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
The Sims™ 3 (Version: 1.21.123)
The Sims™ 3 Ambitions (Version: 4.0.87)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 High-End Loft Stuff (Version: 3.0.38)
The Sims™ 3 Late Night (Version: 6.5.1)
The Sims™ 3 World Adventures (Version: 2.3.33)
TreeSize Free V2.5 (Version: 2.5)
Trend Micro RUBotted 2.0 Beta (Version: 2.0.0.1030)
User's Guides
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebEx Support Manager for Internet Explorer (Version: 6.5.47)
Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)
Windows Live installer (Version: 12.0.1471.1025)
Windows Live Messenger (Version: 8.5.1302.1018)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)
WinPcap 4.1.1 (Version: 4.1.0.1753)
WinRAR archiver
Wise Disk Cleaner 5.82
Wise Registry Cleaner 5.8.9 (Version: 5.8.9)
Wizard101 (Version: 1.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 2036.45 MB
Available physical RAM: 631.01 MB
Total Pagefile: 4318.18 MB
Available Pagefile: 2877.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.93 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:19.84 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.94 GB) NTFS
3 Drive e: (Sims3EP04) (CDROM) (Total:4.93 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\PARKERFAMILY-PC

Administrator Andrew Andrew 1
Ellen Guest John
John 1 Steph1 Stephanie

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini010111-01.dmp
C:\Windows\Minidump\Mini010111-02.dmp
C:\Windows\Minidump\Mini022011-01.dmp
C:\Windows\Minidump\Mini022211-01.dmp
C:\Windows\Minidump\Mini060508-01.dmp
C:\Windows\Minidump\Mini060709-01.dmp
C:\Windows\Minidump\Mini060809-01.dmp
C:\Windows\Minidump\Mini070311-01.dmp
C:\Windows\Minidump\Mini071310-01.dmp
C:\Windows\Minidump\Mini071510-01.dmp
C:\Windows\Minidump\Mini100310-01.dmp
C:\Windows\Minidump\Mini111211-01.dmp
C:\Windows\Minidump\Mini111310-01.dmp
C:\Windows\Minidump\Mini111310-02.dmp
C:\Windows\Minidump\Mini111809-01.dmp
C:\Windows\Minidump\Mini121510-01.dmp
C:\Windows\Minidump\Mini121910-01.dmp
C:\Windows\Minidump\Mini122010-01.dmp
C:\Windows\Minidump\Mini122010-02.dmp
C:\Windows\Minidump\Mini122010-03.dmp
C:\Windows\Minidump\Mini122210-01.dmp
C:\Windows\Minidump\Mini122210-02.dmp
C:\Windows\Minidump\Mini123010-01.dmp

**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 21 November 2011 - 03:18 PM

Ok ,, you needed to reboot the system after that.

One more scan than I feel we can mop up.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Parker1028

Parker1028
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 November 2011 - 12:10 AM

Did the ESET Online scan. Here is the log for that:

C:\Qoobox\Quarantine\C\Program Files\SGPSA\BHO.dll.vir a variant of Win32/BHO.OCS trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\tio57zbv.default\extensions\{000fb384-da4b-44f6-8bd6-65897dddf8a5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\tio57zbv.default\extensions\{000fb384-da4b-44f6-8bd6-65897dddf8a5}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Andrew 1\AppData\Roaming\Mozilla\Firefox\Profiles\bdr8x32l.default\extensions\{000fb384-da4b-44f6-8bd6-65897dddf8a5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Andrew 1\AppData\Roaming\Mozilla\Firefox\Profiles\bdr8x32l.default\extensions\{000fb384-da4b-44f6-8bd6-65897dddf8a5}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Steph1\AppData\Roaming\Mozilla\Firefox\Profiles\geht9s52.default\extensions\{000fb384-da4b-44f6-8bd6-65897dddf8a5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Steph1\AppData\Roaming\Mozilla\Firefox\Profiles\geht9s52.default\extensions\{000fb384-da4b-44f6-8bd6-65897dddf8a5}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined
C:\Users\Andrew 1\Documents\FrostWire\Saved\broadway im on a boat cover.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Andrew 1\Documents\FrostWire\Saved\Good Ol Days Authority Zero.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Andrew 1\Documents\LimeWire\Saved\type zebrahead MTV.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Andrew 1\Downloads\vshare-toolbar.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Default\gdaoiiemcddfceapfbobegfllghinpbn\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UU5NSG91\cbead93a[1].htm JS/Tivso.Gen trojan cleaned by deleting - quarantined
C:\Users\John 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T82J156\index[1].htm JS/TrojanDownloader.FraudLoad.NAN trojan cleaned by deleting - quarantined
C:\Users\Steph1\AppData\Local\Google\Chrome\User Data\Default\Default\gdaoiiemcddfceapfbobegfllghinpbn\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Steph1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XOKBJ1BN\publicviral_weebly_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Steph1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-27f717d3 Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 22 November 2011 - 10:13 AM

Was the ComboFix scan run for this infection.

How is iy running now?

You will need to update to Java7 and Adobe Reader X or10
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.



Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Parker1028

Parker1028
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 November 2011 - 09:27 PM

Updated Java and Adobe Reader. I did run Combofix before contacting you. I have that scan if you need to see it or I could do it again. I didn't want to use the computer until we were done but I just checked it out by trying to find some stuff on Google and I didn't get the redirect so that looks good. The only issue I have left is with AVG. The pop up keeps coming up telling me to reboot for an update even after I've just rebooted. Thinking I should just clear it out of the computer and reload it. Thoughts?

And thank you so much for you help! It is greatly appreciated.
jp

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 22 November 2011 - 09:43 PM

Hi,probably just need to uninstall AVG and reinstall or (unless you paid ) replace it,my choice.
I will recommend different AV's if you'd like.


Note you really should not run ComboFix on your own.
http://www.bleepingcomputer.com/forums/topic428923.html

Edited by boopme, 22 November 2011 - 09:44 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Parker1028

Parker1028
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 November 2011 - 09:58 PM

Understood on the Combo Fix. Love to get your other AV recommendations.

jp

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 22 November 2011 - 10:18 PM

For free, use either AVira or Avast,I personally use Avira.

See our list here.. L@@K


Also change your email and and financial passwords on this machine. The found Trojan Tracur has stolen them.


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Parker1028

Parker1028
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 23 November 2011 - 11:14 PM

Thank you for your help and have a Happy Thanksgiving!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users