Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, help please?


  • Please log in to reply
19 replies to this topic

#1 SuperVu

SuperVu

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 20 December 2011 - 05:35 PM

Hello, it's been awhile since my computer has been infected (more than a year actually), but I believe my computer is once again infected with a virus. It's similar to what happened last time though;

Sometimes, not all the time, when I click on a link from a google search, and after waiting a few seconds, a random page will show instead of the website I intended to. It happens often and that's basically the biggest side effect going on. My computer, once in awhile, restarts randomly right before showing a blue screen (with words that I can't read because it disappears too fast). Another issue I have (not sure if its related but I think it is) is that my iTunes has a problem with the Mobile Device thing (reinstalling has no effect) and for some odd reason, my anti-virus, Avira, randomly disappeared from my computer the other day...

Thanks for reading this and I hope someone can help me. :)
If someone can, tell me what to do or walk me through it and I can do my best to respond quickly.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:50 AM

Posted 20 December 2011 - 11:11 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 SuperVu

SuperVu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 27 December 2011 - 02:18 PM

I'm sorry for the late reply, I had a busy Holiday week.
Here are the logs you requested.

Security Check

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.0) Adobe Reader Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


Mini Tool Box

MiniToolBox by Farbar
Ran by Tommy (administrator) on 27-12-2011 at 13:09:09
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)
Broadcom 802.11g Network Adapter = Wireless Network Connection (Hardware not present)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Tommy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-17-31-36-2F-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8096:6378:2f3c:9944%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, December 27, 2011 12:22:30 PM
Lease Expires . . . . . . . . . . : Tuesday, January 03, 2012 12:22:30 PM
Default Gateway . . . . . . . . . : 192.168.0.2
DHCP Server . . . . . . . . . . . : 192.168.0.2
DHCPv6 IAID . . . . . . . . . . . : 234886961
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-AD-C7-98-00-17-31-36-2F-E8
DNS Servers . . . . . . . . . . . : 192.168.10.1
0.0.0.0
0.0.0.0
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{0BCAEADB-0B43-40FE-B6FC-1ABD6973E40B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.225.48] with 32 bytes of data:
Reply from 74.125.225.48: bytes=32 time=35ms TTL=53
Reply from 74.125.225.48: bytes=32 time=30ms TTL=53

Ping statistics for 74.125.225.48:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 35ms, Average = 32ms

Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=91ms TTL=50
Reply from 98.139.180.149: bytes=32 time=62ms TTL=49

Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 91ms, Average = 76ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 17 31 36 2f e8 ......Intel® PRO/100 VE Network Connection
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.2 192.168.0.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.101 276
192.168.0.101 255.255.255.255 On-link 192.168.0.101 276
192.168.0.255 255.255.255.255 On-link 192.168.0.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::8096:6378:2f3c:9944/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/27/2011 00:23:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: iPodService.exe, version: 10.5.2.11, time stamp: 0x4ee07aae
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004388ae
Faulting process id: 0x974
Faulting application start time: 0xiPodService.exe0
Faulting application path: iPodService.exe1
Faulting module path: iPodService.exe2
Report Id: iPodService.exe3

Error: (12/27/2011 00:23:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dc964
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0043c1c8
Faulting process id: 0x84c
Faulting application start time: 0xmDNSResponder.exe0
Faulting application path: mDNSResponder.exe1
Faulting module path: mDNSResponder.exe2
Report Id: mDNSResponder.exe3

Error: (12/27/2011 00:22:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.88.0.8, time stamp: 0x4e66ceff
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0040430e
Faulting process id: 0x6d8
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3

Error: (12/26/2011 00:02:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: iPodService.exe, version: 10.5.2.11, time stamp: 0x4ee07aae
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004388ae
Faulting process id: 0x950
Faulting application start time: 0xiPodService.exe0
Faulting application path: iPodService.exe1
Faulting module path: iPodService.exe2
Report Id: iPodService.exe3

Error: (12/26/2011 00:01:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dc964
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0043c1c8
Faulting process id: 0x840
Faulting application start time: 0xmDNSResponder.exe0
Faulting application path: mDNSResponder.exe1
Faulting module path: mDNSResponder.exe2
Report Id: mDNSResponder.exe3

Error: (12/26/2011 00:01:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.88.0.8, time stamp: 0x4e66ceff
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0040430e
Faulting process id: 0x704
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3

Error: (12/21/2011 07:22:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: iPodService.exe, version: 10.5.2.11, time stamp: 0x4ee07aae
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004388ae
Faulting process id: 0x890
Faulting application start time: 0xiPodService.exe0
Faulting application path: iPodService.exe1
Faulting module path: iPodService.exe2
Report Id: iPodService.exe3

Error: (12/21/2011 07:22:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dc964
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0043c1c8
Faulting process id: 0x4b4
Faulting application start time: 0xmDNSResponder.exe0
Faulting application path: mDNSResponder.exe1
Faulting module path: mDNSResponder.exe2
Report Id: mDNSResponder.exe3

Error: (12/21/2011 07:22:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.88.0.8, time stamp: 0x4e66ceff
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0040430e
Faulting process id: 0x704
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3

Error: (12/20/2011 05:06:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: iPodService.exe, version: 10.5.2.11, time stamp: 0x4ee07aae
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004388ae
Faulting process id: 0x840
Faulting application start time: 0xiPodService.exe0
Faulting application path: iPodService.exe1
Faulting module path: iPodService.exe2
Report Id: iPodService.exe3


System errors:
=============
Error: (12/27/2011 00:23:19 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.

Error: (12/27/2011 00:23:19 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service failed to start due to the following error:
%%1053

Error: (12/27/2011 00:23:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

Error: (12/27/2011 00:23:19 PM) (Source: DCOM) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (12/27/2011 00:23:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Null

Error: (12/27/2011 00:23:03 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (12/27/2011 00:23:03 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (12/27/2011 00:23:03 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service failed to start due to the following error:
%%1053

Error: (12/27/2011 00:23:03 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.

Error: (12/27/2011 00:22:47 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (12/27/2011 00:23:18 PM) (Source: Application Error)(User: )
Description: iPodService.exe10.5.2.114ee07aaeunknown0.0.0.000000000c0000005004388ae97401ccc4bc30b45bb4C:\Program Files\iPod\bin\iPodService.exeunknown7770b7a0-30af-11e1-b2fe-001731362fe8

Error: (12/27/2011 00:23:02 PM) (Source: Application Error)(User: )
Description: mDNSResponder.exe3.0.0.104e5dc964unknown0.0.0.000000000c00000050043c1c884c01ccc4bc274068deC:\Program Files\Bonjour\mDNSResponder.exeunknown6dddc638-30af-11e1-b2fe-001731362fe8

Error: (12/27/2011 00:22:47 PM) (Source: Application Error)(User: )
Description: AppleMobileDeviceService.exe17.88.0.84e66ceffunknown0.0.0.000000000c00000050040430e6d801ccc4bc1de5f12aC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeunknown648ff902-30af-11e1-b2fe-001731362fe8

Error: (12/26/2011 00:02:12 PM) (Source: Application Error)(User: )
Description: iPodService.exe10.5.2.114ee07aaeunknown0.0.0.000000000c0000005004388ae95001ccc3f0134b854aC:\Program Files\iPod\bin\iPodService.exeunknown5a07e136-2fe3-11e1-83b5-001731362fe8

Error: (12/26/2011 00:01:56 PM) (Source: Application Error)(User: )
Description: mDNSResponder.exe3.0.0.104e5dc964unknown0.0.0.000000000c00000050043c1c884001ccc3f009ef69f8C:\Program Files\Bonjour\mDNSResponder.exeunknown508cc752-2fe3-11e1-83b5-001731362fe8

Error: (12/26/2011 00:01:40 PM) (Source: Application Error)(User: )
Description: AppleMobileDeviceService.exe17.88.0.84e66ceffunknown0.0.0.000000000c00000050040430e70401ccc3f00092dc36C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeunknown473a3568-2fe3-11e1-83b5-001731362fe8

Error: (12/21/2011 07:22:39 PM) (Source: Application Error)(User: )
Description: iPodService.exe10.5.2.114ee07aaeunknown0.0.0.000000000c0000005004388ae89001ccc03fc7677bb9C:\Program Files\iPod\bin\iPodService.exeunknown0e10c4d5-2c33-11e1-bb08-001731362fe8

Error: (12/21/2011 07:22:24 PM) (Source: Application Error)(User: )
Description: mDNSResponder.exe3.0.0.104e5dc964unknown0.0.0.000000000c00000050043c1c84b401ccc03fbdff74a5C:\Program Files\Bonjour\mDNSResponder.exeunknown049cd1ff-2c33-11e1-bb08-001731362fe8

Error: (12/21/2011 07:22:08 PM) (Source: Application Error)(User: )
Description: AppleMobileDeviceService.exe17.88.0.84e66ceffunknown0.0.0.000000000c00000050040430e70401ccc03fb4a7f7e2C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeunknownfb4a4015-2c32-11e1-bb08-001731362fe8

Error: (12/20/2011 05:06:56 PM) (Source: Application Error)(User: )
Description: iPodService.exe10.5.2.114ee07aaeunknown0.0.0.000000000c0000005004388ae84001ccbf63b04a44c2C:\Program Files\iPod\bin\iPodService.exeunknownee0a2fb7-2b56-11e1-9bf3-001731362fe8


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader X (10.1.0) (Version: 10.1.0)
AIM 7
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.02)
ConvertHelper 2.2
Download Updater (AOL LLC)
DVD Shrink 3.2
HP Product Detection (Version: 10.7.9.0)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
LightScribe System Software (Version: 1.18.6.1)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
Nero Burning ROM 10 (Version: 10.2.11000.12.100)
Nero Burning ROM 10 (Version: 10.5.10300)
Nero BurningROM 10 Help (CHM) (Version: 10.5.10100)
Nero BurnRights 10 (Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000)
Nero Control Center 10 (Version: 10.2.10600.0.6)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.17400.8.2)
Nero Update (Version: 1.0.0018)
OpenOffice.org 3.2 (Version: 3.2.9502)
Paint.NET v3.5.8 (Version: 3.58.0)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 6.0.1.5910)
Sony Ericsson PC Companion 2.01.192 (Version: 2.01.192)
Sony Ericsson Update Engine (Version: 2.11.10.7)
Sony Ericsson Update Service (Version: 2.11.6.12)
Windows Mobile Device Updater Component (Version: 04.07.1404.01)
Windows Phone Intro Video (ENU) (Version: 04.07.0975.00)
Zune (Version: 04.07.1404.01)
Zune Language Pack (DEU) (Version: 04.07.1404.01)
Zune Language Pack (ESP) (Version: 04.07.1404.01)
Zune Language Pack (FRA) (Version: 04.07.1404.01)
Zune Language Pack (ITA) (Version: 04.07.1404.01)
Zune Language Pack (NLD) (Version: 04.07.1404.01)
Zune Language Pack (PTB) (Version: 04.07.1404.01)
Zune Language Pack (PTG) (Version: 04.07.1404.01)

========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 1022.46 MB
Available physical RAM: 302.62 MB
Total Pagefile: 2046.46 MB
Available Pagefile: 1103.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.06 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:177.75 GB) (Free:143.22 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.53 GB) (Free:0.45 GB) FAT32

========================= Users: ========================================

User accounts for \\TOMMY-PC

Administrator Guest Tommy


**** End of log ****


GMER


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-27 13:56:53
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST320082 rev.3.AH
Running: pt3yd6em.exe; Driver: C:\Users\Tommy\AppData\Local\Temp\fgloipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C50369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C89D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text autochk.exe 006E11D2 1 Byte [1F]
.text autochk.exe 006E11D2 4 Bytes [1F, 00, 94, 03]
.text autochk.exe 006E11D8 1 Byte [0C]
.text autochk.exe 006E11D8 9 Bytes [0C, 00, A8, 01, D8, 5D, B6, ...] {OR AL, 0x0; TEST AL, 0x1; FCOMP DWORD [EBP-0x4a]; XCHG [EBX], AL}
.text autochk.exe 006E11E2 1 Byte [1F]
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Zune\ZuneLauncher.exe[1964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[1964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[1964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[1964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8CE8A000-8CE94000 (40960 bytes)
Module (noname) (*** hidden *** ) 87600000-8760D000 (53248 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:296] 8CE8EE40
Thread System [4:300] 8CE8EE40
Thread System [4:304] 87606BB0
Thread System [4:308] 87606BB0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1020

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB50982$\3581754637 0 bytes
File C:\Windows\$NtUninstallKB50982$\371797744 0 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\@ 2048 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\L 0 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\L\xadqgnnk 388096 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\loader.tlb 2632 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\U 0 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\U\@00000001 45968 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\U\@000000c0 3072 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\U\@000000cb 3072 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\U\@000000cf 1536 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\U\@80000000 26112 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\U\@800000c0 32768 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\U\@800000cb 24064 bytes
File C:\Windows\$NtUninstallKB50982$\371797744\U\@800000cf 31744 bytes
ADS C:\Windows\4029557014:3923169551.exe 816 bytes executable

---- EOF - GMER 1.0.15 ----

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:50 AM

Posted 27 December 2011 - 06:25 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 SuperVu

SuperVu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 30 December 2011 - 01:48 PM

13:43:48.0655 3716 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:43:49.0717 3716 ============================================================
13:43:49.0717 3716 Current date / time: 2011/12/30 13:43:49.0717
13:43:49.0717 3716 SystemInfo:
13:43:49.0717 3716
13:43:49.0717 3716 OS Version: 6.1.7601 ServicePack: 1.0
13:43:49.0717 3716 Product type: Workstation
13:43:49.0717 3716 ComputerName: TOMMY-PC
13:43:49.0717 3716 UserName: Tommy
13:43:49.0717 3716 Windows directory: C:\Windows
13:43:49.0717 3716 System windows directory: C:\Windows
13:43:49.0717 3716 Processor architecture: Intel x86
13:43:49.0717 3716 Number of processors: 2
13:43:49.0717 3716 Page size: 0x1000
13:43:49.0717 3716 Boot type: Normal boot
13:43:49.0717 3716 ============================================================
13:43:54.0045 3716 Initialize success
13:44:02.0077 2596 ============================================================
13:44:02.0077 2596 Scan started
13:44:02.0077 2596 Mode: Manual;
13:44:02.0077 2596 ============================================================
13:44:03.0905 2596 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:44:03.0920 2596 1394ohci - ok
13:44:04.0014 2596 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:44:04.0030 2596 ACPI - ok
13:44:04.0061 2596 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:44:04.0061 2596 AcpiPmi - ok
13:44:04.0124 2596 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:44:04.0139 2596 adp94xx - ok
13:44:04.0170 2596 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:44:04.0186 2596 adpahci - ok
13:44:04.0202 2596 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:44:04.0202 2596 adpu320 - ok
13:44:04.0327 2596 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:44:04.0358 2596 AFD - ok
13:44:04.0389 2596 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:44:04.0405 2596 agp440 - ok
13:44:04.0483 2596 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:44:04.0483 2596 aic78xx - ok
13:44:04.0545 2596 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:44:04.0561 2596 aliide - ok
13:44:04.0608 2596 amacpi (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\DRIVERS\null.sys
13:44:04.0608 2596 amacpi - ok
13:44:04.0639 2596 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:44:04.0639 2596 amdagp - ok
13:44:04.0686 2596 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:44:04.0686 2596 amdide - ok
13:44:04.0749 2596 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:44:04.0749 2596 AmdK8 - ok
13:44:04.0764 2596 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:44:04.0780 2596 AmdPPM - ok
13:44:04.0842 2596 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:44:04.0842 2596 amdsata - ok
13:44:04.0874 2596 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:44:04.0889 2596 amdsbs - ok
13:44:04.0920 2596 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:44:04.0920 2596 amdxata - ok
13:44:04.0983 2596 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:44:04.0983 2596 AppID - ok
13:44:05.0030 2596 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:44:05.0030 2596 arc - ok
13:44:05.0077 2596 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:44:05.0092 2596 arcsas - ok
13:44:05.0108 2596 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:44:05.0124 2596 AsyncMac - ok
13:44:05.0170 2596 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:44:05.0170 2596 atapi - ok
13:44:05.0233 2596 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:44:05.0249 2596 b06bdrv - ok
13:44:05.0295 2596 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:44:05.0295 2596 b57nd60x - ok
13:44:05.0420 2596 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
13:44:05.0467 2596 BCM43XX - ok
13:44:05.0530 2596 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:44:05.0530 2596 Beep - ok
13:44:05.0561 2596 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:44:05.0577 2596 blbdrive - ok
13:44:05.0639 2596 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:44:05.0639 2596 bowser - ok
13:44:05.0670 2596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:44:05.0670 2596 BrFiltLo - ok
13:44:05.0686 2596 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:44:05.0686 2596 BrFiltUp - ok
13:44:05.0717 2596 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:44:05.0717 2596 Brserid - ok
13:44:05.0749 2596 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:44:05.0749 2596 BrSerWdm - ok
13:44:05.0749 2596 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:44:05.0749 2596 BrUsbMdm - ok
13:44:05.0764 2596 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:44:05.0764 2596 BrUsbSer - ok
13:44:05.0811 2596 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:44:05.0811 2596 BTHMODEM - ok
13:44:05.0874 2596 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:44:05.0874 2596 cdfs - ok
13:44:05.0936 2596 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:44:05.0952 2596 cdrom - ok
13:44:05.0983 2596 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:44:05.0999 2596 circlass - ok
13:44:06.0045 2596 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:44:06.0045 2596 CLFS - ok
13:44:06.0108 2596 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:44:06.0108 2596 CmBatt - ok
13:44:06.0155 2596 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:44:06.0155 2596 cmdide - ok
13:44:06.0202 2596 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:44:06.0202 2596 CNG - ok
13:44:06.0249 2596 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:44:06.0249 2596 Compbatt - ok
13:44:06.0295 2596 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:44:06.0295 2596 CompositeBus - ok
13:44:06.0342 2596 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:44:06.0358 2596 crcdisk - ok
13:44:06.0467 2596 CSC (235aa799b1919d8d9df5185db90a27a6) C:\Windows\system32\drivers\csc.sys
13:44:06.0483 2596 CSC ( Rootkit.Win32.ZAccess.c ) - infected
13:44:06.0483 2596 CSC - detected Rootkit.Win32.ZAccess.c (0)
13:44:06.0749 2596 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:44:06.0749 2596 DfsC - ok
13:44:06.0795 2596 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:44:06.0795 2596 discache - ok
13:44:06.0811 2596 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:44:06.0827 2596 Disk - ok
13:44:06.0889 2596 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:44:06.0889 2596 drmkaud - ok
13:44:06.0936 2596 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:44:06.0983 2596 DXGKrnl - ok
13:44:07.0030 2596 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
13:44:07.0030 2596 E100B - ok
13:44:07.0202 2596 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:44:07.0280 2596 ebdrv - ok
13:44:07.0342 2596 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:44:07.0358 2596 elxstor - ok
13:44:07.0389 2596 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:44:07.0389 2596 ErrDev - ok
13:44:07.0436 2596 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:44:07.0452 2596 exfat - ok
13:44:07.0467 2596 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:44:07.0467 2596 fastfat - ok
13:44:07.0499 2596 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:44:07.0499 2596 fdc - ok
13:44:07.0545 2596 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:44:07.0561 2596 FileInfo - ok
13:44:07.0592 2596 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:44:07.0592 2596 Filetrace - ok
13:44:07.0608 2596 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:44:07.0608 2596 flpydisk - ok
13:44:07.0639 2596 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:44:07.0639 2596 FltMgr - ok
13:44:07.0670 2596 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:44:07.0686 2596 FsDepends - ok
13:44:07.0702 2596 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:44:07.0702 2596 Fs_Rec - ok
13:44:07.0749 2596 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:44:07.0749 2596 fvevol - ok
13:44:07.0764 2596 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:44:07.0780 2596 gagp30kx - ok
13:44:07.0827 2596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:44:07.0827 2596 GEARAspiWDM - ok
13:44:07.0874 2596 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
13:44:07.0874 2596 ggflt - ok
13:44:07.0920 2596 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
13:44:07.0936 2596 ggsemc - ok
13:44:07.0967 2596 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:44:07.0967 2596 hcw85cir - ok
13:44:08.0045 2596 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:44:08.0045 2596 HdAudAddService - ok
13:44:08.0108 2596 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:44:08.0108 2596 HDAudBus - ok
13:44:08.0139 2596 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:44:08.0139 2596 HidBatt - ok
13:44:08.0170 2596 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:44:08.0186 2596 HidBth - ok
13:44:08.0217 2596 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:44:08.0233 2596 HidIr - ok
13:44:08.0280 2596 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:44:08.0280 2596 HidUsb - ok
13:44:08.0327 2596 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:44:08.0327 2596 HpSAMD - ok
13:44:08.0389 2596 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:44:08.0389 2596 HTTP - ok
13:44:08.0436 2596 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:44:08.0436 2596 hwpolicy - ok
13:44:08.0499 2596 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:44:08.0499 2596 i8042prt - ok
13:44:08.0561 2596 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:44:08.0577 2596 iaStorV - ok
13:44:08.0639 2596 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:44:08.0655 2596 iirsp - ok
13:44:09.0124 2596 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
13:44:09.0202 2596 IntcAzAudAddService - ok
13:44:09.0342 2596 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:44:09.0358 2596 intelide - ok
13:44:09.0389 2596 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:44:09.0389 2596 intelppm - ok
13:44:09.0420 2596 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:44:09.0420 2596 IpFilterDriver - ok
13:44:09.0467 2596 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:44:09.0483 2596 IPMIDRV - ok
13:44:09.0514 2596 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:44:09.0530 2596 IPNAT - ok
13:44:09.0577 2596 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:44:09.0592 2596 IRENUM - ok
13:44:09.0624 2596 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:44:09.0624 2596 isapnp - ok
13:44:09.0670 2596 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:44:09.0686 2596 iScsiPrt - ok
13:44:09.0733 2596 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
13:44:09.0733 2596 ivusb - ok
13:44:09.0780 2596 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:44:09.0780 2596 kbdclass - ok
13:44:09.0827 2596 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:44:09.0827 2596 kbdhid - ok
13:44:09.0874 2596 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
13:44:09.0874 2596 KSecDD - ok
13:44:09.0920 2596 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
13:44:09.0936 2596 KSecPkg - ok
13:44:10.0014 2596 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:44:10.0014 2596 lltdio - ok
13:44:10.0077 2596 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:44:10.0077 2596 LSI_FC - ok
13:44:10.0108 2596 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:44:10.0108 2596 LSI_SAS - ok
13:44:10.0155 2596 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:44:10.0170 2596 LSI_SAS2 - ok
13:44:10.0186 2596 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:44:10.0186 2596 LSI_SCSI - ok
13:44:10.0217 2596 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:44:10.0233 2596 luafv - ok
13:44:10.0249 2596 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:44:10.0249 2596 megasas - ok
13:44:10.0311 2596 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:44:10.0327 2596 MegaSR - ok
13:44:10.0342 2596 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:44:10.0342 2596 Modem - ok
13:44:10.0374 2596 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:44:10.0374 2596 monitor - ok
13:44:10.0420 2596 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:44:10.0420 2596 mouclass - ok
13:44:10.0452 2596 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:44:10.0452 2596 mouhid - ok
13:44:10.0499 2596 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:44:10.0499 2596 mountmgr - ok
13:44:10.0545 2596 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:44:10.0545 2596 mpio - ok
13:44:10.0608 2596 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:44:10.0608 2596 mpsdrv - ok
13:44:10.0655 2596 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:44:10.0670 2596 MRxDAV - ok
13:44:10.0702 2596 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:44:10.0717 2596 mrxsmb - ok
13:44:10.0764 2596 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:44:10.0780 2596 mrxsmb10 - ok
13:44:10.0795 2596 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:44:10.0795 2596 mrxsmb20 - ok
13:44:10.0827 2596 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:44:10.0827 2596 msahci - ok
13:44:10.0874 2596 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:44:10.0874 2596 msdsm - ok
13:44:10.0936 2596 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:44:10.0936 2596 Msfs - ok
13:44:10.0952 2596 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:44:10.0952 2596 mshidkmdf - ok
13:44:10.0999 2596 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:44:11.0014 2596 msisadrv - ok
13:44:11.0077 2596 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:44:11.0077 2596 MSKSSRV - ok
13:44:11.0092 2596 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:44:11.0092 2596 MSPCLOCK - ok
13:44:11.0124 2596 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:44:11.0124 2596 MSPQM - ok
13:44:11.0186 2596 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:44:11.0186 2596 MsRPC - ok
13:44:11.0217 2596 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:44:11.0217 2596 mssmbios - ok
13:44:11.0249 2596 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:44:11.0249 2596 MSTEE - ok
13:44:11.0264 2596 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:44:11.0264 2596 MTConfig - ok
13:44:11.0311 2596 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:44:11.0311 2596 Mup - ok
13:44:11.0342 2596 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:44:11.0358 2596 NativeWifiP - ok
13:44:11.0545 2596 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:44:11.0577 2596 NDIS - ok
13:44:11.0655 2596 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:44:11.0655 2596 NdisCap - ok
13:44:11.0733 2596 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:44:11.0733 2596 NdisTapi - ok
13:44:11.0780 2596 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:44:11.0795 2596 Ndisuio - ok
13:44:11.0842 2596 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:44:11.0858 2596 NdisWan - ok
13:44:11.0889 2596 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:44:11.0889 2596 NDProxy - ok
13:44:11.0936 2596 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:44:11.0936 2596 NetBIOS - ok
13:44:11.0983 2596 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:44:11.0983 2596 nfrd960 - ok
13:44:12.0014 2596 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:44:12.0014 2596 Npfs - ok
13:44:12.0030 2596 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:44:12.0030 2596 nsiproxy - ok
13:44:12.0342 2596 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:44:12.0405 2596 Ntfs - ok
13:44:12.0483 2596 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:44:12.0499 2596 Null - ok
13:44:13.0702 2596 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:44:13.0967 2596 nvlddmkm - ok
13:44:14.0092 2596 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:44:14.0108 2596 nvraid - ok
13:44:14.0124 2596 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:44:14.0124 2596 nvstor - ok
13:44:14.0170 2596 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:44:14.0186 2596 nv_agp - ok
13:44:14.0217 2596 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:44:14.0217 2596 ohci1394 - ok
13:44:14.0295 2596 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:44:14.0311 2596 Parport - ok
13:44:14.0374 2596 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:44:14.0389 2596 partmgr - ok
13:44:14.0420 2596 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:44:14.0420 2596 Parvdm - ok
13:44:14.0467 2596 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:44:14.0467 2596 pci - ok
13:44:14.0514 2596 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:44:14.0514 2596 pciide - ok
13:44:14.0530 2596 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:44:14.0545 2596 pcmcia - ok
13:44:14.0561 2596 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:44:14.0561 2596 pcw - ok
13:44:14.0639 2596 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:44:14.0655 2596 PEAUTH - ok
13:44:14.0842 2596 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:44:14.0858 2596 PptpMiniport - ok
13:44:14.0889 2596 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:44:14.0889 2596 Processor - ok
13:44:14.0936 2596 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:44:14.0936 2596 Psched - ok
13:44:15.0014 2596 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:44:15.0045 2596 ql2300 - ok
13:44:15.0092 2596 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:44:15.0092 2596 ql40xx - ok
13:44:15.0124 2596 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:44:15.0124 2596 QWAVEdrv - ok
13:44:15.0139 2596 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:44:15.0139 2596 RasAcd - ok
13:44:15.0186 2596 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:44:15.0186 2596 RasAgileVpn - ok
13:44:15.0217 2596 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:44:15.0217 2596 Rasl2tp - ok
13:44:15.0264 2596 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:44:15.0280 2596 RasPppoe - ok
13:44:15.0311 2596 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:44:15.0311 2596 RasSstp - ok
13:44:15.0374 2596 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:44:15.0374 2596 rdbss - ok
13:44:15.0405 2596 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:44:15.0405 2596 rdpbus - ok
13:44:15.0452 2596 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:44:15.0452 2596 RDPCDD - ok
13:44:15.0483 2596 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:44:15.0483 2596 RDPDR - ok
13:44:15.0514 2596 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:44:15.0530 2596 RDPENCDD - ok
13:44:15.0545 2596 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:44:15.0545 2596 RDPREFMP - ok
13:44:15.0608 2596 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
13:44:15.0624 2596 RdpVideoMiniport - ok
13:44:15.0655 2596 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:44:15.0655 2596 RDPWD - ok
13:44:15.0717 2596 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:44:15.0717 2596 rdyboost - ok
13:44:15.0811 2596 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:44:15.0827 2596 rspndr - ok
13:44:15.0874 2596 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:44:15.0874 2596 s3cap - ok
13:44:15.0905 2596 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:44:15.0905 2596 sbp2port - ok
13:44:15.0983 2596 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:44:15.0983 2596 scfilter - ok
13:44:16.0061 2596 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:44:16.0061 2596 secdrv - ok
13:44:16.0124 2596 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:44:16.0124 2596 Serenum - ok
13:44:16.0155 2596 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:44:16.0155 2596 Serial - ok
13:44:16.0217 2596 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:44:16.0217 2596 sermouse - ok
13:44:16.0264 2596 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:44:16.0280 2596 sffdisk - ok
13:44:16.0295 2596 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:44:16.0295 2596 sffp_mmc - ok
13:44:16.0342 2596 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:44:16.0342 2596 sffp_sd - ok
13:44:16.0389 2596 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:44:16.0389 2596 sfloppy - ok
13:44:16.0436 2596 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:44:16.0436 2596 sisagp - ok
13:44:16.0467 2596 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:44:16.0467 2596 SiSRaid2 - ok
13:44:16.0499 2596 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:44:16.0514 2596 SiSRaid4 - ok
13:44:16.0545 2596 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:44:16.0545 2596 Smb - ok
13:44:16.0608 2596 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:44:16.0624 2596 spldr - ok
13:44:16.0717 2596 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:44:16.0717 2596 srv - ok
13:44:16.0749 2596 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:44:16.0764 2596 srv2 - ok
13:44:16.0795 2596 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:44:16.0811 2596 srvnet - ok
13:44:16.0858 2596 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:44:16.0858 2596 stexstor - ok
13:44:16.0905 2596 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:44:16.0905 2596 storflt - ok
13:44:16.0936 2596 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:44:16.0952 2596 storvsc - ok
13:44:17.0014 2596 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:44:17.0014 2596 swenum - ok
13:44:17.0045 2596 Synth3dVsc - ok
13:44:17.0155 2596 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:44:17.0186 2596 Tcpip - ok
13:44:17.0264 2596 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:44:17.0280 2596 TCPIP6 - ok
13:44:17.0420 2596 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:44:17.0436 2596 tcpipreg - ok
13:44:17.0499 2596 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:44:17.0499 2596 TDPIPE - ok
13:44:17.0530 2596 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:44:17.0545 2596 TDTCP - ok
13:44:17.0577 2596 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:44:17.0592 2596 tdx - ok
13:44:17.0624 2596 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:44:17.0624 2596 TermDD - ok
13:44:17.0717 2596 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:44:17.0733 2596 tssecsrv - ok
13:44:17.0795 2596 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:44:17.0811 2596 TsUsbFlt - ok
13:44:17.0842 2596 tsusbhub - ok
13:44:17.0889 2596 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:44:17.0905 2596 tunnel - ok
13:44:17.0936 2596 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:44:17.0936 2596 uagp35 - ok
13:44:17.0999 2596 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:44:18.0014 2596 udfs - ok
13:44:18.0077 2596 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:44:18.0077 2596 uliagpkx - ok
13:44:18.0139 2596 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:44:18.0155 2596 umbus - ok
13:44:18.0186 2596 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:44:18.0186 2596 UmPass - ok
13:44:18.0233 2596 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:44:18.0233 2596 USBAAPL - ok
13:44:18.0264 2596 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:44:18.0280 2596 usbccgp - ok
13:44:18.0311 2596 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:44:18.0311 2596 usbcir - ok
13:44:18.0358 2596 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:44:18.0358 2596 usbehci - ok
13:44:18.0405 2596 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:44:18.0420 2596 usbhub - ok
13:44:18.0452 2596 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:44:18.0452 2596 usbohci - ok
13:44:18.0530 2596 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:44:18.0530 2596 usbprint - ok
13:44:18.0577 2596 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:44:18.0577 2596 usbscan - ok
13:44:18.0624 2596 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:44:18.0624 2596 USBSTOR - ok
13:44:18.0764 2596 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:44:18.0780 2596 usbuhci - ok
13:44:18.0858 2596 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:44:18.0858 2596 vdrvroot - ok
13:44:18.0905 2596 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:44:18.0905 2596 vga - ok
13:44:18.0936 2596 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:44:18.0936 2596 VgaSave - ok
13:44:18.0952 2596 VGPU - ok
13:44:19.0014 2596 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:44:19.0030 2596 vhdmp - ok
13:44:19.0061 2596 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:44:19.0061 2596 viaagp - ok
13:44:19.0092 2596 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:44:19.0092 2596 ViaC7 - ok
13:44:19.0124 2596 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:44:19.0139 2596 viaide - ok
13:44:19.0155 2596 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:44:19.0155 2596 vmbus - ok
13:44:19.0186 2596 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:44:19.0186 2596 VMBusHID - ok
13:44:19.0249 2596 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:44:19.0249 2596 volmgr - ok
13:44:19.0280 2596 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:44:19.0295 2596 volmgrx - ok
13:44:19.0327 2596 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:44:19.0342 2596 volsnap - ok
13:44:19.0374 2596 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:44:19.0389 2596 vsmraid - ok
13:44:19.0405 2596 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:44:19.0405 2596 vwifibus - ok
13:44:19.0436 2596 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:44:19.0436 2596 vwififlt - ok
13:44:19.0467 2596 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:44:19.0467 2596 WacomPen - ok
13:44:19.0514 2596 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:44:19.0514 2596 WANARP - ok
13:44:19.0530 2596 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:44:19.0530 2596 Wanarpv6 - ok
13:44:19.0624 2596 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:44:19.0624 2596 Wd - ok
13:44:19.0764 2596 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:44:19.0780 2596 Wdf01000 - ok
13:44:19.0827 2596 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:44:19.0842 2596 WfpLwf - ok
13:44:19.0874 2596 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:44:19.0874 2596 WIMMount - ok
13:44:19.0952 2596 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:44:19.0967 2596 WinUsb - ok
13:44:19.0983 2596 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:44:19.0983 2596 WmiAcpi - ok
13:44:20.0092 2596 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:44:20.0092 2596 ws2ifsl - ok
13:44:20.0170 2596 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:44:20.0186 2596 WudfPf - ok
13:44:20.0217 2596 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:44:20.0217 2596 WUDFRd - ok
13:44:20.0280 2596 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:44:20.0342 2596 \Device\Harddisk0\DR0 - ok
13:44:20.0358 2596 Boot (0x1200) (2ce3139172921fb03c625747c61ff4a9) \Device\Harddisk0\DR0\Partition0
13:44:20.0358 2596 \Device\Harddisk0\DR0\Partition0 - ok
13:44:20.0389 2596 Boot (0x1200) (ca2d72b090d14ff834e0e20658865c7d) \Device\Harddisk0\DR0\Partition1
13:44:20.0420 2596 \Device\Harddisk0\DR0\Partition1 - ok
13:44:20.0420 2596 ============================================================
13:44:20.0420 2596 Scan finished
13:44:20.0420 2596 ============================================================
13:44:20.0436 2244 Detected object count: 1
13:44:20.0436 2244 Actual detected object count: 1
13:44:24.0374 2244 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\csc.sys) error 1813
13:44:28.0405 2244 Backup copy found, using it..
13:44:28.0420 2244 C:\Windows\system32\drivers\csc.sys - will be cured on reboot
13:44:37.0545 2244 C:\Windows\System32\c_68005.nls - will be deleted on reboot
13:44:41.0545 2244 CSC ( Rootkit.Win32.ZAccess.c ) - User select action: Cure
13:44:50.0233 3492 Deinitialize success

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:50 AM

Posted 30 December 2011 - 03:05 PM

Good :)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 SuperVu

SuperVu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 30 December 2011 - 03:56 PM

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 15:12:56
-----------------------------
15:12:56.888 OS Version: Windows 6.1.7601 Service Pack 1
15:12:56.889 Number of processors: 2 586 0x404
15:12:56.891 ComputerName: TOMMY-PC UserName: Tommy
15:13:22.203 Initialize success
15:45:38.092 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:45:38.092 Disk 0 Vendor: ST320082 3.AH Size: 190782MB BusType: 8
15:45:38.108 Disk 0 MBR read successfully
15:45:38.124 Disk 0 MBR scan
15:45:38.124 Disk 0 Windows 7 default MBR code
15:45:38.124 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 182017 MB offset 63
15:45:38.155 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8754 MB offset 372788325
15:45:38.186 Disk 0 scanning sectors +390716865
15:45:38.249 Disk 0 scanning C:\Windows\system32\drivers
15:45:43.920 Service scanning
15:45:45.124 Modules scanning
15:45:52.905 Disk 0 trace - called modules:
15:45:52.936 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll
15:45:52.936 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e90030]
15:45:52.952 3 CLASSPNP.SYS[8777c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85080028]
15:45:52.952 Scan finished successfully
15:55:36.311 Disk 0 MBR has been saved successfully to "C:\Users\Tommy\Desktop\MBR.dat"
15:55:36.327 The log file has been saved successfully to "C:\Users\Tommy\Desktop\aswMBR.txt"

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:50 AM

Posted 30 December 2011 - 04:20 PM

How is computer doing?

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 SuperVu

SuperVu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 31 December 2011 - 12:52 PM

It's doing a lot better! :) There's no more random redirecting from Google when I search anything and it's running a lot smoother than before. Thank you. :)

Farbar Service Scanner
Ran by Tommy (administrator) on 31-12-2011 at 12:51:29
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:50 AM

Posted 31 December 2011 - 01:38 PM

Good news :)

Now, we have more things to take care of.

You're not running any AV program.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

We'll go from there?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 SuperVu

SuperVu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 31 December 2011 - 04:52 PM

There were 10 infected items when I finished scanning... I was able to move 3 of them to the chest. 6 were unable to be located, and 1 had 'Access Denied'. I'm not sure how to show you the log, so I print-screened it.

http://imageshack.us/photo/my-images/18/51850964.png/

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:50 AM

Posted 31 December 2011 - 05:13 PM

Good :)

Next....your Windows firewall is not running.
Firewall is crucial to computer's security.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Right click on bfe.reg file, click "Merge".
Allow registry merge.
Right click on mpssvc.reg file, click "Merge".
Allow registry merge.

Restart computer.

Click Start and in "Start search" type in:
regedit
Press Enter.

Registry editor will open.
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Alow" in "Full control" row.
Click OK.

In a set of files you downloaded in previous step find start_services.bat.
Right click on it, click "Run As Administrator" to run the fix.
Command prompt black window will pop-up for a split second and it'll disappear. That's normal.

Check on firewall issue and post new FSS log

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 SuperVu

SuperVu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 01 January 2012 - 06:36 PM

Sorry again for the delay, been a really busy Holiday week.

Farbar Service Scanner
Ran by Tommy (administrator) on 01-01-2012 at 18:35:28
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:50 AM

Posted 01 January 2012 - 07:07 PM

How is Windows firewall doing?

Do you have System Restore disabled for whatever reason?

We have one more registry key missing....

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download following file: http://www.filedropper.com/wscsvc
Right click on it, click "Merge".
Allow registry merge.

Restart computer, post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 SuperVu

SuperVu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 01 January 2012 - 07:56 PM

I'm not sure how to check how my firewall is doing but I'm assuming it's running fine. I don't think I disabled System Restore, but is it disabled?

Farbar Service Scanner
Ran by Tommy (administrator) on 01-01-2012 at 19:54:06
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users