Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirected


  • Please log in to reply
13 replies to this topic

#1 smclaugh5

smclaugh5

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 29 November 2011 - 09:59 AM

When clicking links in Firefox, the browser redirects to a search engine and sometimes to a new site. This happens randomly, maybe once in five or ten times. A few weeks ago, my virus software caught a virus when I was at a hotel using public wifi, and I stupidly hit "allow." AVG and Malwarebytes both show a clean system now, but I think I have something harder to find and remove. AVG flagged in its log "Trojan horse Downloader.Generic12.AAIU" and several similar entries. I am requesting help in performing a deeper scan. The browser redirect is the only symptom I have noted, but as I stated, I know AVG alerted me a few weeks ago and I improperly hit "allow".

Steve McLaughlin

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:40 AM

Posted 29 November 2011 - 03:18 PM

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

    Posted Image

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.


Note: Some infections will alter the Proxy settings in Internet Explorer which can affect your ability to browse, update or download tools required for disinfection. If you are experiencing such a problem, check those settings. To do that, please refer to Steps 4-7 under the section Automated Removal Instructions in this guide. If using FireFox, refer to these instructions to check and configure Proxy Settings under Advanced Options > Network tab > Connection Settings.

Also try restoring the default settings in Firefox.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 29 November 2011 - 04:04 PM

OK, TDSS didn't find any threats. Jotti didn't find anything in the suspicious files.

14:48:07.0635 0572 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
14:48:08.0023 0572 ============================================================
14:48:08.0023 0572 Current date / time: 2011/11/29 14:48:08.0023
14:48:08.0023 0572 SystemInfo:
14:48:08.0023 0572
14:48:08.0023 0572 OS Version: 6.0.6002 ServicePack: 2.0
14:48:08.0023 0572 Product type: Workstation
14:48:08.0023 0572 ComputerName: STEVESONY
14:48:08.0024 0572 UserName: Steve
14:48:08.0024 0572 Windows directory: C:\Windows
14:48:08.0024 0572 System windows directory: C:\Windows
14:48:08.0024 0572 Processor architecture: Intel x86
14:48:08.0024 0572 Number of processors: 2
14:48:08.0024 0572 Page size: 0x1000
14:48:08.0024 0572 Boot type: Normal boot
14:48:08.0024 0572 ============================================================
14:48:27.0776 0572 Initialize success
14:48:51.0969 5372 ============================================================
14:48:51.0969 5372 Scan started
14:48:51.0969 5372 Mode: Manual; SigCheck; TDLFS;
14:48:51.0969 5372 ============================================================
14:48:54.0699 5372 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:48:54.0806 5372 ACPI - ok
14:48:54.0937 5372 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:48:55.0004 5372 adp94xx - ok
14:48:55.0169 5372 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:48:55.0188 5372 adpahci - ok
14:48:55.0296 5372 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:48:55.0309 5372 adpu160m - ok
14:48:55.0453 5372 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:48:55.0467 5372 adpu320 - ok
14:48:55.0589 5372 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
14:48:55.0764 5372 AFD - ok
14:48:55.0908 5372 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:48:55.0932 5372 agp440 - ok
14:48:56.0086 5372 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:48:56.0100 5372 aic78xx - ok
14:48:56.0130 5372 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:48:56.0141 5372 aliide - ok
14:48:56.0252 5372 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:48:56.0264 5372 amdagp - ok
14:48:56.0332 5372 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:48:56.0347 5372 amdide - ok
14:48:56.0475 5372 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:48:56.0715 5372 AmdK7 - ok
14:48:56.0838 5372 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:48:56.0932 5372 AmdK8 - ok
14:48:57.0089 5372 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:48:57.0102 5372 arc - ok
14:48:57.0243 5372 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:48:57.0260 5372 arcsas - ok
14:48:57.0409 5372 ArcSoftKsUFilter (97422da56910a24b7ac8d295f5fd9535) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
14:48:57.0445 5372 ArcSoftKsUFilter - ok
14:48:57.0594 5372 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:48:57.0792 5372 AsyncMac - ok
14:48:57.0925 5372 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:48:57.0937 5372 atapi - ok
14:48:58.0117 5372 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:48:58.0128 5372 AVGIDSDriver - ok
14:48:58.0258 5372 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:48:58.0268 5372 AVGIDSEH - ok
14:48:58.0310 5372 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:48:58.0321 5372 AVGIDSFilter - ok
14:48:58.0456 5372 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
14:48:58.0467 5372 AVGIDSShim - ok
14:48:58.0638 5372 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
14:48:58.0660 5372 Avgldx86 - ok
14:48:58.0804 5372 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
14:48:58.0813 5372 Avgmfx86 - ok
14:48:58.0995 5372 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
14:48:59.0005 5372 Avgrkx86 - ok
14:48:59.0077 5372 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
14:48:59.0093 5372 Avgtdix - ok
14:48:59.0203 5372 BdfNdisf (2e82edc5e70163b2f72f7011e251ea63) C:\Windows\system32\DRIVERS\BdfNdisf6.sys
14:48:59.0214 5372 BdfNdisf - ok
14:48:59.0382 5372 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:48:59.0457 5372 Beep - ok
14:48:59.0595 5372 blbdrive - ok
14:48:59.0908 5372 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
14:48:59.0969 5372 bowser - ok
14:49:00.0089 5372 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:49:00.0164 5372 BrFiltLo - ok
14:49:00.0277 5372 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:49:00.0363 5372 BrFiltUp - ok
14:49:00.0503 5372 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:49:00.0579 5372 Brserid - ok
14:49:00.0686 5372 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:49:00.0779 5372 BrSerWdm - ok
14:49:00.0899 5372 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:49:00.0964 5372 BrUsbMdm - ok
14:49:01.0077 5372 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:49:01.0134 5372 BrUsbSer - ok
14:49:01.0268 5372 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
14:49:01.0320 5372 BthEnum - ok
14:49:01.0438 5372 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:49:01.0552 5372 BTHMODEM - ok
14:49:01.0690 5372 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
14:49:01.0766 5372 BthPan - ok
14:49:01.0884 5372 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
14:49:01.0959 5372 BTHPORT - ok
14:49:02.0098 5372 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
14:49:02.0141 5372 BTHUSB - ok
14:49:02.0264 5372 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
14:49:02.0280 5372 btwaudio - ok
14:49:02.0331 5372 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
14:49:02.0342 5372 btwavdt - ok
14:49:02.0437 5372 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:49:02.0449 5372 btwl2cap - ok
14:49:02.0497 5372 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
14:49:02.0508 5372 btwrchid - ok
14:49:02.0642 5372 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:49:02.0687 5372 cdfs - ok
14:49:02.0805 5372 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:49:02.0869 5372 cdrom - ok
14:49:02.0935 5372 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:49:03.0005 5372 circlass - ok
14:49:03.0095 5372 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:49:03.0113 5372 CLFS - ok
14:49:03.0284 5372 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:49:03.0342 5372 CmBatt - ok
14:49:03.0458 5372 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:49:03.0469 5372 cmdide - ok
14:49:03.0539 5372 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:49:03.0550 5372 Compbatt - ok
14:49:03.0665 5372 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:49:03.0677 5372 crcdisk - ok
14:49:03.0723 5372 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:49:03.0810 5372 Crusoe - ok
14:49:03.0921 5372 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
14:49:03.0964 5372 DfsC - ok
14:49:04.0119 5372 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:49:04.0133 5372 disk - ok
14:49:04.0224 5372 dlkmd (a4949370238c55aef82317af36d8b939) C:\Windows\system32\drivers\dlkmd.sys
14:49:04.0240 5372 dlkmd - ok
14:49:04.0401 5372 dlkmdldr (c8e26d7e2b8e354982d5e37e2c05fdba) C:\Windows\system32\drivers\dlkmdldr.sys
14:49:04.0410 5372 dlkmdldr - ok
14:49:04.0480 5372 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
14:49:04.0490 5372 DMICall - ok
14:49:04.0631 5372 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:49:04.0703 5372 drmkaud - ok
14:49:04.0906 5372 DVR2EXP (5378daab6f527ef433316ff1a8bde3b8) C:\Windows\system32\Drivers\dvr2exp.SYS
14:49:04.0997 5372 DVR2EXP - ok
14:49:05.0134 5372 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
14:49:05.0227 5372 DXGKrnl - ok
14:49:05.0378 5372 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:49:05.0457 5372 E1G60 - ok
14:49:05.0593 5372 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:49:05.0609 5372 Ecache - ok
14:49:05.0681 5372 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:49:05.0700 5372 elxstor - ok
14:49:05.0837 5372 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:49:05.0957 5372 exfat - ok
14:49:06.0091 5372 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:49:06.0133 5372 fastfat - ok
14:49:06.0183 5372 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:49:06.0237 5372 fdc - ok
14:49:06.0364 5372 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:49:06.0376 5372 FileInfo - ok
14:49:06.0461 5372 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:49:06.0497 5372 Filetrace - ok
14:49:06.0583 5372 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:49:06.0655 5372 flpydisk - ok
14:49:06.0767 5372 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:49:06.0785 5372 FltMgr - ok
14:49:06.0944 5372 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:49:06.0980 5372 Fs_Rec - ok
14:49:07.0087 5372 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
14:49:07.0099 5372 FTDIBUS - ok
14:49:07.0148 5372 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
14:49:07.0160 5372 FTSER2K - ok
14:49:07.0257 5372 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:49:07.0271 5372 gagp30kx - ok
14:49:07.0413 5372 gdfs (dea39c24969adae4c5949d9ab65626a7) C:\Windows\system32\drivers\gdfs.sys
14:49:07.0435 5372 gdfs ( UnsignedFile.Multi.Generic ) - warning
14:49:07.0435 5372 gdfs - detected UnsignedFile.Multi.Generic (1)
14:49:07.0517 5372 GDVirtualDiskNP - ok
14:49:07.0670 5372 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:49:07.0680 5372 GEARAspiWDM - ok
14:49:07.0738 5372 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:49:07.0799 5372 HdAudAddService - ok
14:49:07.0912 5372 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:49:08.0011 5372 HDAudBus - ok
14:49:08.0150 5372 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:49:08.0236 5372 HidBth - ok
14:49:08.0367 5372 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:49:08.0434 5372 HidIr - ok
14:49:08.0560 5372 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:49:08.0610 5372 HidUsb - ok
14:49:08.0724 5372 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:49:08.0738 5372 HpCISSs - ok
14:49:08.0877 5372 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:49:08.0921 5372 HSFHWAZL - ok
14:49:09.0051 5372 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:49:09.0218 5372 HSF_DPV - ok
14:49:09.0386 5372 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:49:09.0463 5372 HSXHWAZL - ok
14:49:09.0590 5372 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:49:09.0761 5372 HTTP - ok
14:49:10.0094 5372 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:49:10.0168 5372 hwdatacard - ok
14:49:10.0369 5372 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:49:10.0382 5372 i2omp - ok
14:49:10.0552 5372 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:49:10.0601 5372 i8042prt - ok
14:49:10.0724 5372 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:49:10.0740 5372 iaStorV - ok
14:49:10.0912 5372 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:49:11.0326 5372 igfx - ok
14:49:11.0502 5372 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:49:11.0516 5372 iirsp - ok
14:49:11.0747 5372 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
14:49:12.0083 5372 IntcAzAudAddService - ok
14:49:12.0229 5372 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
14:49:12.0239 5372 intelide - ok
14:49:12.0339 5372 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:49:12.0373 5372 intelppm - ok
14:49:12.0528 5372 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:49:12.0567 5372 IpFilterDriver - ok
14:49:12.0600 5372 IpInIp - ok
14:49:12.0633 5372 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:49:12.0707 5372 IPMIDRV - ok
14:49:12.0847 5372 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:49:12.0884 5372 IPNAT - ok
14:49:13.0045 5372 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:49:13.0088 5372 IRENUM - ok
14:49:13.0136 5372 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:49:13.0149 5372 isapnp - ok
14:49:13.0263 5372 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:49:13.0286 5372 iScsiPrt - ok
14:49:13.0337 5372 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:49:13.0351 5372 iteatapi - ok
14:49:13.0430 5372 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:49:13.0445 5372 iteraid - ok
14:49:13.0523 5372 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:49:13.0542 5372 kbdclass - ok
14:49:13.0584 5372 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:49:13.0630 5372 kbdhid - ok
14:49:13.0754 5372 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:49:13.0816 5372 KSecDD - ok
14:49:13.0998 5372 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:49:14.0068 5372 lltdio - ok
14:49:14.0205 5372 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
14:49:14.0214 5372 LMIInfo - ok
14:49:14.0340 5372 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
14:49:14.0349 5372 lmimirr - ok
14:49:14.0392 5372 LMIRfsClientNP - ok
14:49:14.0491 5372 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
14:49:14.0500 5372 LMIRfsDriver - ok
14:49:14.0620 5372 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:49:14.0633 5372 LSI_FC - ok
14:49:14.0666 5372 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:49:14.0679 5372 LSI_SAS - ok
14:49:14.0782 5372 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:49:14.0796 5372 LSI_SCSI - ok
14:49:14.0873 5372 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:49:14.0916 5372 luafv - ok
14:49:15.0017 5372 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:49:15.0040 5372 mdmxsdk - ok
14:49:15.0089 5372 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:49:15.0102 5372 megasas - ok
14:49:15.0210 5372 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:49:15.0250 5372 Modem - ok
14:49:15.0373 5372 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:49:15.0407 5372 monitor - ok
14:49:15.0508 5372 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:49:15.0522 5372 mouclass - ok
14:49:15.0550 5372 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:49:15.0584 5372 mouhid - ok
14:49:15.0690 5372 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:49:15.0705 5372 MountMgr - ok
14:49:15.0798 5372 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:49:15.0816 5372 mpio - ok
14:49:15.0923 5372 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:49:15.0987 5372 mpsdrv - ok
14:49:16.0050 5372 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:49:16.0062 5372 Mraid35x - ok
14:49:16.0157 5372 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:49:16.0268 5372 MRxDAV - ok
14:49:16.0386 5372 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:49:16.0460 5372 mrxsmb - ok
14:49:16.0573 5372 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:49:16.0606 5372 mrxsmb10 - ok
14:49:16.0722 5372 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:49:16.0745 5372 mrxsmb20 - ok
14:49:16.0791 5372 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:49:16.0809 5372 msahci - ok
14:49:16.0908 5372 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:49:16.0923 5372 msdsm - ok
14:49:17.0010 5372 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:49:17.0058 5372 Msfs - ok
14:49:17.0162 5372 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:49:17.0180 5372 msisadrv - ok
14:49:17.0254 5372 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:49:17.0300 5372 MSKSSRV - ok
14:49:17.0368 5372 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:49:17.0422 5372 MSPCLOCK - ok
14:49:17.0543 5372 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:49:17.0570 5372 MSPQM - ok
14:49:17.0627 5372 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:49:17.0643 5372 MsRPC - ok
14:49:17.0746 5372 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:49:17.0757 5372 mssmbios - ok
14:49:17.0841 5372 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:49:17.0887 5372 MSTEE - ok
14:49:17.0990 5372 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:49:18.0002 5372 Mup - ok
14:49:18.0054 5372 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:49:18.0100 5372 NativeWifiP - ok
14:49:18.0273 5372 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:49:18.0328 5372 NDIS - ok
14:49:18.0525 5372 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:49:18.0560 5372 NdisTapi - ok
14:49:18.0691 5372 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:49:18.0734 5372 Ndisuio - ok
14:49:18.0831 5372 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:49:18.0864 5372 NdisWan - ok
14:49:18.0934 5372 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:49:18.0980 5372 NDProxy - ok
14:49:19.0119 5372 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:49:19.0167 5372 NetBIOS - ok
14:49:19.0229 5372 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:49:19.0280 5372 netbt - ok
14:49:19.0449 5372 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
14:49:19.0922 5372 NETw4v32 - ok
14:49:20.0069 5372 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:49:20.0085 5372 nfrd960 - ok
14:49:20.0140 5372 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:49:20.0177 5372 Npfs - ok
14:49:20.0288 5372 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:49:20.0315 5372 nsiproxy - ok
14:49:20.0516 5372 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:49:20.0553 5372 Ntfs - ok
14:49:20.0653 5372 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:49:20.0712 5372 ntrigdigi - ok
14:49:20.0780 5372 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:49:20.0828 5372 Null - ok
14:49:20.0917 5372 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:49:20.0930 5372 nvraid - ok
14:49:20.0975 5372 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:49:20.0988 5372 nvstor - ok
14:49:21.0081 5372 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:49:21.0094 5372 nv_agp - ok
14:49:21.0111 5372 NwlnkFlt - ok
14:49:21.0128 5372 NwlnkFwd - ok
14:49:21.0257 5372 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:49:21.0290 5372 ohci1394 - ok
14:49:21.0447 5372 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:49:21.0501 5372 Parport - ok
14:49:21.0550 5372 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:49:21.0564 5372 partmgr - ok
14:49:21.0661 5372 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:49:21.0716 5372 Parvdm - ok
14:49:21.0773 5372 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:49:21.0789 5372 pci - ok
14:49:21.0890 5372 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
14:49:21.0904 5372 pciide - ok
14:49:22.0051 5372 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
14:49:22.0070 5372 pcmcia - ok
14:49:22.0205 5372 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:49:22.0487 5372 PEAUTH - ok
14:49:22.0652 5372 PICOPP (3caf901e7e2293c6b9abe595e9111635) C:\Windows\system32\Drivers\picopp.sys
14:49:22.0664 5372 PICOPP - ok
14:49:22.0808 5372 pneteth (28460e94ffdf40bb28efdb3d97e959e8) C:\Windows\system32\DRIVERS\pneteth.sys
14:49:22.0897 5372 pneteth - ok
14:49:23.0032 5372 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys
14:49:23.0068 5372 Point32 - ok
14:49:23.0209 5372 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:49:23.0295 5372 PptpMiniport - ok
14:49:23.0354 5372 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:49:23.0439 5372 Processor - ok
14:49:23.0580 5372 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:49:23.0648 5372 PSched - ok
14:49:23.0757 5372 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
14:49:23.0767 5372 PxHelp20 - ok
14:49:23.0854 5372 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:49:23.0898 5372 ql2300 - ok
14:49:24.0004 5372 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:49:24.0018 5372 ql40xx - ok
14:49:24.0108 5372 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:49:24.0161 5372 QWAVEdrv - ok
14:49:24.0262 5372 R5U870FLx86 (68e04f3944e6f82c64b53f8a8f13fb3a) C:\Windows\system32\Drivers\R5U870FLx86.sys
14:49:24.0332 5372 R5U870FLx86 - ok
14:49:24.0458 5372 R5U870FUx86 (7f1356060d1894b46554a0d8e6f13958) C:\Windows\system32\Drivers\R5U870FUx86.sys
14:49:24.0501 5372 R5U870FUx86 - ok
14:49:24.0652 5372 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:49:24.0705 5372 RasAcd - ok
14:49:24.0789 5372 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:49:24.0818 5372 Rasl2tp - ok
14:49:24.0917 5372 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:49:24.0961 5372 RasPppoe - ok
14:49:25.0016 5372 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:49:25.0059 5372 RasSstp - ok
14:49:25.0169 5372 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:49:25.0194 5372 rdbss - ok
14:49:25.0293 5372 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:49:25.0334 5372 RDPCDD - ok
14:49:25.0434 5372 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:49:25.0511 5372 rdpdr - ok
14:49:25.0640 5372 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:49:25.0683 5372 RDPENCDD - ok
14:49:25.0747 5372 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:49:25.0787 5372 RDPWD - ok
14:49:25.0909 5372 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
14:49:25.0920 5372 regi - ok
14:49:26.0070 5372 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
14:49:26.0115 5372 RFCOMM - ok
14:49:26.0246 5372 RimUsb (5ec6fa6386ab2580b5ae3cf39ac1dfaf) C:\Windows\system32\Drivers\RimUsb.sys
14:49:26.0274 5372 RimUsb - ok
14:49:26.0381 5372 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
14:49:26.0435 5372 RimVSerPort - ok
14:49:26.0557 5372 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
14:49:26.0593 5372 ROOTMODEM - ok
14:49:26.0765 5372 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:49:26.0792 5372 rspndr - ok
14:49:26.0845 5372 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:49:26.0896 5372 RTL8169 - ok
14:49:26.0990 5372 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:49:27.0003 5372 sbp2port - ok
14:49:27.0053 5372 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:49:27.0111 5372 secdrv - ok
14:49:27.0209 5372 ser2plms (227df2e68510d25462ee80136722374e) C:\Windows\system32\DRIVERS\ser2plms.sys
14:49:27.0272 5372 ser2plms - ok
14:49:27.0383 5372 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
14:49:27.0448 5372 Serenum - ok
14:49:27.0559 5372 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:49:27.0629 5372 Serial - ok
14:49:27.0756 5372 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:49:27.0798 5372 sermouse - ok
14:49:27.0924 5372 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
14:49:27.0953 5372 SFEP - ok
14:49:27.0990 5372 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:49:28.0038 5372 sffdisk - ok
14:49:28.0133 5372 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:49:28.0189 5372 sffp_mmc - ok
14:49:28.0219 5372 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:49:28.0278 5372 sffp_sd - ok
14:49:28.0368 5372 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
14:49:28.0420 5372 sfloppy - ok
14:49:28.0462 5372 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:49:28.0478 5372 sisagp - ok
14:49:28.0597 5372 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:49:28.0614 5372 SiSRaid2 - ok
14:49:28.0682 5372 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:49:28.0701 5372 SiSRaid4 - ok
14:49:28.0815 5372 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:49:28.0861 5372 Smb - ok
14:49:29.0110 5372 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:49:29.0121 5372 spldr - ok
14:49:29.0201 5372 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
14:49:29.0288 5372 srv - ok
14:49:29.0377 5372 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
14:49:29.0422 5372 srv2 - ok
14:49:29.0480 5372 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
14:49:29.0523 5372 srvnet - ok
14:49:29.0637 5372 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
14:49:29.0670 5372 StillCam - ok
14:49:29.0798 5372 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:49:29.0812 5372 swenum - ok
14:49:29.0862 5372 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:49:29.0877 5372 Symc8xx - ok
14:49:29.0969 5372 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:49:29.0981 5372 Sym_hi - ok
14:49:30.0034 5372 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:49:30.0046 5372 Sym_u3 - ok
14:49:30.0179 5372 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
14:49:30.0200 5372 SynTP - ok
14:49:30.0314 5372 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
14:49:30.0410 5372 Tcpip - ok
14:49:30.0719 5372 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
14:49:30.0896 5372 Tcpip6 - ok
14:49:31.0075 5372 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:49:31.0155 5372 tcpipreg - ok
14:49:31.0271 5372 TcUsb (07d174a992ab0ea6001f390de1afa27b) C:\Windows\system32\Drivers\tcusb.sys
14:49:31.0282 5372 TcUsb - ok
14:49:31.0375 5372 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:49:31.0421 5372 TDPIPE - ok
14:49:31.0547 5372 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:49:31.0575 5372 TDTCP - ok
14:49:31.0644 5372 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:49:31.0687 5372 tdx - ok
14:49:31.0798 5372 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:49:31.0812 5372 TermDD - ok
14:49:31.0910 5372 ti21sony (030f439ac1ccda7ac6ce01cc02102045) C:\Windows\system32\drivers\ti21sony.sys
14:49:32.0005 5372 ti21sony - ok
14:49:32.0189 5372 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:49:32.0219 5372 tssecsrv - ok
14:49:32.0304 5372 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:49:32.0354 5372 tunmp - ok
14:49:32.0444 5372 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:49:32.0472 5372 tunnel - ok
14:49:32.0518 5372 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:49:32.0532 5372 uagp35 - ok
14:49:32.0648 5372 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:49:32.0679 5372 udfs - ok
14:49:32.0801 5372 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:49:32.0819 5372 uliagpkx - ok
14:49:32.0856 5372 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:49:32.0883 5372 uliahci - ok
14:49:32.0982 5372 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:49:33.0002 5372 UlSata - ok
14:49:33.0045 5372 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:49:33.0065 5372 ulsata2 - ok
14:49:33.0164 5372 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:49:33.0222 5372 umbus - ok
14:49:33.0303 5372 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
14:49:33.0312 5372 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
14:49:33.0312 5372 USBAAPL - detected UnsignedFile.Multi.Generic (1)
14:49:33.0422 5372 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
14:49:33.0477 5372 usbaudio - ok
14:49:33.0543 5372 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:49:33.0611 5372 usbccgp - ok
14:49:33.0712 5372 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:49:33.0760 5372 usbcir - ok
14:49:33.0846 5372 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:49:33.0902 5372 usbehci - ok
14:49:34.0007 5372 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:49:34.0072 5372 usbhub - ok
14:49:34.0201 5372 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:49:34.0260 5372 usbohci - ok
14:49:34.0322 5372 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:49:34.0352 5372 usbprint - ok
14:49:34.0460 5372 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:49:34.0482 5372 usbscan - ok
14:49:34.0626 5372 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:49:34.0661 5372 USBSTOR - ok
14:49:34.0783 5372 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:49:34.0805 5372 usbuhci - ok
14:49:34.0868 5372 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:49:34.0911 5372 usbvideo - ok
14:49:35.0106 5372 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:49:35.0155 5372 vga - ok
14:49:35.0217 5372 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:49:35.0244 5372 VgaSave - ok
14:49:35.0337 5372 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:49:35.0350 5372 viaagp - ok
14:49:35.0384 5372 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:49:35.0439 5372 ViaC7 - ok
14:49:35.0532 5372 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:49:35.0544 5372 viaide - ok
14:49:35.0608 5372 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:49:35.0621 5372 volmgr - ok
14:49:35.0748 5372 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:49:35.0768 5372 volmgrx - ok
14:49:35.0929 5372 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:49:35.0947 5372 volsnap - ok
14:49:36.0026 5372 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:49:36.0041 5372 vsmraid - ok
14:49:36.0133 5372 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:49:36.0218 5372 WacomPen - ok
14:49:36.0331 5372 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:49:36.0364 5372 Wanarp - ok
14:49:36.0393 5372 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:49:36.0418 5372 Wanarpv6 - ok
14:49:36.0543 5372 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:49:36.0554 5372 Wd - ok
14:49:36.0653 5372 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:49:36.0681 5372 Wdf01000 - ok
14:49:36.0818 5372 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
14:49:36.0832 5372 WimFltr - ok
14:49:36.0876 5372 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:49:36.0993 5372 winachsf - ok
14:49:37.0142 5372 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
14:49:37.0172 5372 winusb - ok
14:49:37.0250 5372 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:49:37.0309 5372 WmiAcpi - ok
14:49:37.0442 5372 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:49:37.0476 5372 WpdUsb - ok
14:49:37.0610 5372 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:49:37.0670 5372 ws2ifsl - ok
14:49:37.0769 5372 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:49:37.0813 5372 WUDFRd - ok
14:49:37.0913 5372 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
14:49:37.0952 5372 XAudio - ok
14:49:38.0007 5372 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:49:38.0159 5372 \Device\Harddisk0\DR0 - ok
14:49:38.0165 5372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
14:49:38.0335 5372 \Device\Harddisk3\DR3 - ok
14:49:38.0340 5372 Boot (0x1200) (b6de9ba4df04aac819a3b702171a235b) \Device\Harddisk0\DR0\Partition0
14:49:38.0342 5372 \Device\Harddisk0\DR0\Partition0 - ok
14:49:38.0350 5372 Boot (0x1200) (d1f60f716ffb407a364fb94ebfe0f92e) \Device\Harddisk3\DR3\Partition0
14:49:38.0352 5372 \Device\Harddisk3\DR3\Partition0 - ok
14:49:38.0354 5372 ============================================================
14:49:38.0354 5372 Scan finished
14:49:38.0354 5372 ============================================================
14:49:38.0375 6824 Detected object count: 2
14:49:38.0375 6824 Actual detected object count: 2
14:50:16.0737 6824 gdfs ( UnsignedFile.Multi.Generic ) - skipped by user
14:50:16.0737 6824 gdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:50:16.0739 6824 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
14:50:16.0739 6824 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:40 AM

Posted 29 November 2011 - 05:33 PM

Did you check the Proxy Settings and restore the Default Settings in Firefox?


Please download MiniToolBox by farbar and save it to your desktop.

Close all open browsers, double-click on the file to launch the utility and place a checkmark in the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
Click Go and a log file named Result.txt will open in Notepad with the results. Copy and paste the contents in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 30 November 2011 - 05:20 PM

I have not checked firefox proxy or reset firefox yet. I'm a little snowed under here, and will get to it as soon as possible. I wanted to give you an update, because I really appreciate the help, and wanted to let you know that I'm working on it. Thanks again.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:40 AM

Posted 30 November 2011 - 06:39 PM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 01 December 2011 - 01:01 PM

Yes, performed the firefox reset and no proxy setting, see attached MiniToolBox results:

MiniToolBox by Farbar
Ran by Steve (administrator) on 01-12-2011 at 11:59:01
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost


**** End of log ****

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:40 AM

Posted 01 December 2011 - 01:12 PM

Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2
Link 3Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe), select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • At the 'Setup page', click Next, check the box to accept the license agreement and click Next twice more to extract the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan. Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2011.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".



Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 01 December 2011 - 07:18 PM

avpoot.txt was too big to post (I guess I logged events, but nothing was flagged or fixed)

ESETScan.txt:

C:\Program Files\PageRage\YontooIEClient.dll Win32/Adware.Yontoo.A application
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\41rjpaiq.default\extensions\{1eca8862-c6b3-4b42-937c-99ee1033d988}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\41rjpaiq.default\extensions\{1eca8862-c6b3-4b42-937c-99ee1033d988}\chrome\xulcache.jar JS/Agent.NDO trojan
C:\Users\Steve\AppData\Local\Temp\amwrsxneco.exe Win32/Adware.LoudMo.D application
C:\Users\Steve\AppData\Local\Temp\jar_cache2031493213123762643.tmp a variant of Java/Exploit.CVE-2010-0842.L trojan
C:\Users\Steve\AppData\Local\Temp\jar_cache3862268171535237660.tmp a variant of Java/TrojanDownloader.OpenStream.NAX trojan
C:\Users\Steve\AppData\Local\Temp\nsfF2B9.tmp\o3eofak.18k a variant of Win32/Kryptik.VLU trojan
C:\Users\Steve\AppData\Local\Temp\nsfF2B9.tmp\xg3wbr3.18h a variant of Win32/Kryptik.VLU trojan
C:\Users\Steve\AppData\Local\Temp\nsfF2B9.tmp\xmh1ie5.rqe a variant of Win32/Kryptik.VLU trojan
C:\Users\Steve\AppData\Local\Temp\nsfF2B9.tmp\z4m4ehn.znf a variant of Win32/Kryptik.VLU trojan
C:\Users\Steve\AppData\Local\Temp\nskAF16.tmp\bts7vc7.yed a variant of Win32/Kryptik.VLU trojan
C:\Users\Steve\AppData\Local\Temp\nskAF16.tmp\sq7msxp.ffg a variant of Win32/Kryptik.VLU trojan
C:\Users\Steve\AppData\Local\Temp\nskAF16.tmp\ybhjzcw.k9m a variant of Win32/Kryptik.VLU trojan
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\5b63baaf-64e91cd1 multiple threats
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2atn6yjy.default\extensions\{1eca8862-c6b3-4b42-937c-99ee1033d988}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2atn6yjy.default\extensions\{1eca8862-c6b3-4b42-937c-99ee1033d988}\chrome\xulcache.jar JS/Agent.NDO trojan
C:\Users\Steve\Documents\Internet Downloads\media info determine codec\MediaInfo_GUI_0.7.42_Windows_i386.exe Win32/OpenCandy application

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:40 AM

Posted 01 December 2011 - 10:32 PM

Rerun Eset Online Anti-virus Scanner again, but this time under scan settings, be sure to check the option to Remove found threats. Save the log as before and copy and paste the contents in your next reply.

Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 02 December 2011 - 03:40 PM

C:\Program Files\PageRage\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\41rjpaiq.default\extensions\{1eca8862-c6b3-4b42-937c-99ee1033d988}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\41rjpaiq.default\extensions\{1eca8862-c6b3-4b42-937c-99ee1033d988}\chrome\xulcache.jar JS/Agent.NDO trojan deleted - quarantined
C:\Users\Steve\AppData\Local\Temp\amwrsxneco.exe Win32/Adware.LoudMo.D application deleted - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache2031493213123762643.tmp a variant of Java/Exploit.CVE-2010-0842.L trojan deleted - quarantined
C:\Users\Steve\AppData\Local\Temp\jar_cache3862268171535237660.tmp a variant of Java/TrojanDownloader.OpenStream.NAX trojan deleted - quarantined
C:\Users\Steve\AppData\Local\Temp\nsfF2B9.tmp\o3eofak.18k a variant of Win32/Kryptik.VLU trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\nsfF2B9.tmp\xg3wbr3.18h a variant of Win32/Kryptik.VLU trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\nsfF2B9.tmp\xmh1ie5.rqe a variant of Win32/Kryptik.VLU trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\nsfF2B9.tmp\z4m4ehn.znf a variant of Win32/Kryptik.VLU trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\nskAF16.tmp\bts7vc7.yed a variant of Win32/Kryptik.VLU trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\nskAF16.tmp\sq7msxp.ffg a variant of Win32/Kryptik.VLU trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Temp\nskAF16.tmp\ybhjzcw.k9m a variant of Win32/Kryptik.VLU trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\5b63baaf-64e91cd1 multiple threats deleted - quarantined
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2atn6yjy.default\extensions\{1eca8862-c6b3-4b42-937c-99ee1033d988}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2atn6yjy.default\extensions\{1eca8862-c6b3-4b42-937c-99ee1033d988}\chrome\xulcache.jar JS/Agent.NDO trojan deleted - quarantined
C:\Users\Steve\Documents\Internet Downloads\media info determine codec\MediaInfo_GUI_0.7.42_Windows_i386.exe Win32/OpenCandy application deleted - quarantined

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:40 AM

Posted 02 December 2011 - 04:06 PM

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 smclaugh5

smclaugh5
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 02 December 2011 - 05:20 PM

It seems fine now. Thanks, and how do I compensate you for your help?

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:40 AM

Posted 02 December 2011 - 06:33 PM

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:

how do I compensate you for your help?

I appreciate your generous offer but I don't have a donation link. If you would like, please make a donation to the Wounded Warrior Project, or your local Fire or Police department instead.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users