Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/Bing inaccessible


  • Please log in to reply
19 replies to this topic

#1 jimgurley

jimgurley

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 26 December 2011 - 08:06 PM

Windows XPSP3, IE7, Security_Essentials (real time protection off, currently), Domain network.

This machine works fine except IE7 (or Chrome) times out when attempting to access Google.com or Bing.com. Error is: "Internet Explorer cannot display the webpage". Other websites work OK.

Freshly updated Malwarebytes full scan shows no infections. A previous Malwarebytes scan did report two problems
c:\documents and settings\...\local settings\Temp\5716.sys (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\...\local settings\temporary internet files\Content.IE5\G7OXWR81\scandsk[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Combofix found userinit.exe infected and restored it (I know, I shouldn't have run it yet - sorry).

No proxy problem, and hosts file is virgin. Original hosts file had "::1 local_host" as final entry. I was unable to save the file after deleting the entry (Access denied), but I was able to rename the file and create a new hosts file with only the usual local_host entry.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:35 AM

Posted 27 December 2011 - 07:51 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 jimgurley

jimgurley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 27 December 2011 - 08:50 PM

Here are the first three logs. I'm working via remote desktop, so the GMER will have to wait till tomorrow.

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````



MiniToolBox by Farbar
Ran by Administrator (administrator) on 27-12-2011 at 17:35:39
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 2 (Disconnected)
Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=192.168.123.2 register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : k-desktop

Primary Dns Suffix . . . . . . . : clearcreek.domain

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : clearcreek.domain

clearcreek.domain



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : clearcreek.domain

Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-17-31-A8-91-C5

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.123.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.123.1

DHCP Server . . . . . . . . . . . : 192.168.123.2

DNS Servers . . . . . . . . . . . : 192.168.123.2

Lease Obtained. . . . . . . . . . : Tuesday, December 27, 2011 12:37:11 PM

Lease Expires . . . . . . . . . . : Wednesday, January 04, 2012 12:37:11 PM

Server: ccfp-server.clearcreek.domain
Address: 192.168.123.2

DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.

Server: ccfp-server.clearcreek.domain
Address: 192.168.123.2

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=52ms TTL=54

Reply from 98.137.149.56: bytes=32 time=44ms TTL=54



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 44ms, Maximum = 52ms, Average = 48ms

Server: ccfp-server.clearcreek.domain
Address: 192.168.123.2

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 a8 91 c5 ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.123.1 192.168.123.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.123.0 255.255.255.0 192.168.123.102 192.168.123.102 20
192.168.123.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.123.255 255.255.255.255 192.168.123.102 192.168.123.102 20
224.0.0.0 240.0.0.0 192.168.123.102 192.168.123.102 20
255.255.255.255 255.255.255.255 192.168.123.102 192.168.123.102 1
Default Gateway: 192.168.123.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/27/2011 05:30:36 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/27/2011 05:30:36 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/27/2011 04:13:45 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/27/2011 04:13:45 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/27/2011 04:06:28 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/27/2011 04:06:28 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/27/2011 02:30:27 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/27/2011 02:30:27 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/27/2011 02:25:45 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/27/2011 02:25:45 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (12/27/2011 05:30:48 PM) (Source: TermServDevices) (User: )
Description: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/27/2011 05:30:47 PM) (Source: TermServDevices) (User: )
Description: Driver ImagePrinter required for printer ImagePrinter is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/27/2011 05:30:47 PM) (Source: TermServDevices) (User: )
Description: Driver HP Officejet 7000 E809a Series required for printer HP351C23 (HP Officejet 7000 E809a) is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/27/2011 05:30:46 PM) (Source: TermServDevices) (User: )
Description: Driver HP Officejet 7000 E809a Series required for printer HP Officejet 7000 E809a Series is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/27/2011 05:30:46 PM) (Source: TermServDevices) (User: )
Description: Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/27/2011 05:30:45 PM) (Source: TermServDevices) (User: )
Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/26/2011 09:02:59 PM) (Source: TermServDevices) (User: )
Description: Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/26/2011 09:02:58 PM) (Source: TermServDevices) (User: )
Description: Driver ImagePrinter required for printer ImagePrinter is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/26/2011 09:02:58 PM) (Source: TermServDevices) (User: )
Description: Driver HP Officejet 7000 E809a Series required for printer HP351C23 (HP Officejet 7000 E809a) is unknown. Contact the administrator to install the driver before you log in again.

Error: (12/26/2011 09:02:57 PM) (Source: TermServDevices) (User: )
Description: Driver HP Officejet 7000 E809a Series required for printer HP Officejet 7000 E809a Series is unknown. Contact the administrator to install the driver before you log in again.


Microsoft Office Sessions:
=========================
Error: (12/27/2011 05:30:36 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/27/2011 05:30:36 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (12/27/2011 04:13:45 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/27/2011 04:13:45 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (12/27/2011 04:06:28 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/27/2011 04:06:28 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (12/27/2011 02:30:27 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/27/2011 02:30:27 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (12/27/2011 02:25:45 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/27/2011 02:25:45 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


=========================== Installed Programs ============================

Abacast Distributed On-Demand
Adobe Acrobat 4.0 (Version: 4.0)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 7.0.9 (Version: 7.0.9)
Apple Application Support (Version: 1.2.1)
Apple Software Update (Version: 2.1.1.116)
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5157)
ATI Display Driver (Version: 8.152-050629m-025707C-Asus)
Biometric Install for DAVE 1.1 (Version: 1.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Crystal Reports 2008 Runtime (Version: 12.0.0.840)
e-MDs Solution Series (Version: 7.1)
e-MDs Support Libraries (Version: 1.00.0000)
ECG Mgmt PDF Data Viewer (Version: 6.2)
Eudora (Version: 7.0)
Fingerprint Sensor Minimum Install (Version: 6.3.7)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
GPL Ghostscript 8.15
GPL Ghostscript Fonts
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8107.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)
Microsoft Security Client (Version: 2.0.0657.0)
Microsoft Security Essentials (Version: 2.0.657.0)
Microsoft SQL Server Desktop Engine (Version: 8.00.761)
MINOLTA-QMS PagePro 1250W
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NDDF Framework
Neonatal Resuscitation CD-ROM
Nero Suite
QuickTime (Version: 7.66.71.0)
REALTEK PCIE NIC Driver (Version: 2.01)
RedMon - Redirection Port Monitor
SoundMAX (Version: 5.10.01.4151)
Synapse Workstation (Version: 3.2.15181)
TIFF Printer
ULi Sata Driver (Version: 1.0.5.8)
USB Serial Converter Drivers for USB Spirometer
VPN Client
WebEx
WebFldrs XP (Version: 9.50.7523)
Welch Allyn CardioPerfect (Version: 1.6.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0
XP_Key_Changer 2.0.0

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 959.23 MB
Available physical RAM: 548.34 MB
Total Pagefile: 2316.17 MB
Available Pagefile: 1950.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.82 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:68.36 GB) (Free:51.82 GB) NTFS
2 Drive d: () (Fixed) (Total:6.16 GB) (Free:4.42 GB) NTFS

========================= Users: ========================================

User accounts for \\K-DESKTOP

Administrator ASPNET clearcreek
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.27.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: K-DESKTOP [administrator]

12/27/2011 5:41:07 PM
mbam-log-2011-12-27 (17-41-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208312
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:35 AM

Posted 27 December 2011 - 09:04 PM

...and GMER...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 jimgurley

jimgurley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 28 December 2011 - 12:32 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-28 09:31:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\m52881Port2Path0Target0Lun0 WDC_WD80 rev.06.0
Running: uhcq8w7h.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kflyapow.sys


---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwResumeThread 80596056 1 Byte [CC] {INT 3 }
.text SCSIPORT.SYS!ScsiPortInitialize F75E644C 1 Byte [CC] {INT 3 }
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xF1CB5A80]
init C:\WINDOWS\system32\drivers\fixustor.sys entry point in "init" section [0xF7C4DE12]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B7A982D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B7A98560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B7A986A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B7A98450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B7A98450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B7A982D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B7A98560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B7A986A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B7A982D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B7A98450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B7A986A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B7A98560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B7A986A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B7A98560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B7A982D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B7A98450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B7A982D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B7A98560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B7A986A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B7A982D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B7A98450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B7A986A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B7A98560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)

---- Threads - GMER 1.0.15 ----

Thread System [4:512] 861F1161
Thread System [4:1252] 856B7C30

---- EOF - GMER 1.0.15 ----

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:35 AM

Posted 28 December 2011 - 01:05 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 jimgurley

jimgurley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 29 December 2011 - 10:49 AM

Here's the log. My symptoms have disappeared, so maybe it's fixed...if so, Thanks!

07:45:18.0546 3104 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
07:45:19.0171 3104 ============================================================
07:45:19.0171 3104 Current date / time: 2011/12/29 07:45:19.0171
07:45:19.0171 3104 SystemInfo:
07:45:19.0171 3104
07:45:19.0171 3104 OS Version: 5.1.2600 ServicePack: 3.0
07:45:19.0171 3104 Product type: Workstation
07:45:19.0171 3104 ComputerName: K-DESKTOP
07:45:19.0171 3104 UserName: Administrator
07:45:19.0171 3104 Windows directory: C:\WINDOWS
07:45:19.0171 3104 System windows directory: C:\WINDOWS
07:45:19.0171 3104 Processor architecture: Intel x86
07:45:19.0171 3104 Number of processors: 2
07:45:19.0171 3104 Page size: 0x1000
07:45:19.0171 3104 Boot type: Normal boot
07:45:19.0171 3104 ============================================================
07:45:19.0765 3104 Initialize success
07:45:28.0265 2748 ============================================================
07:45:28.0265 2748 Scan started
07:45:28.0265 2748 Mode: Manual;
07:45:28.0265 2748 ============================================================
07:45:28.0500 2748 Abiosdsk - ok
07:45:28.0687 2748 abp480n5 - ok
07:45:28.0734 2748 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:45:28.0750 2748 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
07:45:28.0765 2748 ACPI ( Virus.Win32.Rloader.a ) - infected
07:45:28.0765 2748 ACPI - detected Virus.Win32.Rloader.a (0)
07:45:28.0921 2748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:45:28.0921 2748 ACPIEC - ok
07:45:28.0968 2748 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
07:45:28.0968 2748 ADIHdAudAddService - ok
07:45:29.0125 2748 adpu160m - ok
07:45:29.0140 2748 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
07:45:29.0156 2748 AEAudioService - ok
07:45:29.0171 2748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:45:29.0171 2748 aec - ok
07:45:29.0281 2748 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
07:45:29.0296 2748 AFD - ok
07:45:29.0296 2748 Aha154x - ok
07:45:29.0312 2748 aic78u2 - ok
07:45:29.0328 2748 aic78xx - ok
07:45:29.0531 2748 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:45:29.0531 2748 AliIde - ok
07:45:29.0546 2748 amsint - ok
07:45:29.0562 2748 asc - ok
07:45:29.0578 2748 asc3350p - ok
07:45:29.0593 2748 asc3550 - ok
07:45:29.0781 2748 Asushwio (de91d0d73c3e61e6826d98fac2fac729) C:\WINDOWS\system32\drivers\Asushwio.sys
07:45:29.0781 2748 Asushwio - ok
07:45:29.0812 2748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:45:29.0812 2748 AsyncMac - ok
07:45:29.0828 2748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:45:29.0828 2748 atapi - ok
07:45:29.0968 2748 Atdisk - ok
07:45:30.0046 2748 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:45:30.0078 2748 ati2mtag - ok
07:45:30.0125 2748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:45:30.0140 2748 Atmarpc - ok
07:45:30.0171 2748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:45:30.0171 2748 audstub - ok
07:45:30.0218 2748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:45:30.0218 2748 Beep - ok
07:45:30.0234 2748 catchme - ok
07:45:30.0281 2748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:45:30.0281 2748 cbidf2k - ok
07:45:30.0281 2748 cd20xrnt - ok
07:45:30.0359 2748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:45:30.0359 2748 Cdaudio - ok
07:45:30.0390 2748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:45:30.0390 2748 Cdfs - ok
07:45:30.0421 2748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:45:30.0421 2748 Cdrom - ok
07:45:30.0453 2748 Changer - ok
07:45:30.0515 2748 CmdIde - ok
07:45:30.0718 2748 Cpqarray - ok
07:45:30.0765 2748 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
07:45:30.0765 2748 CVirtA - ok
07:45:30.0812 2748 CVPNDRVA (aeaccdec355b5e7611120c6c10b51f82) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
07:45:30.0859 2748 CVPNDRVA - ok
07:45:30.0875 2748 dac2w2k - ok
07:45:30.0890 2748 dac960nt - ok
07:45:30.0921 2748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:45:30.0921 2748 Disk - ok
07:45:31.0078 2748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:45:31.0093 2748 dmboot - ok
07:45:31.0125 2748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:45:31.0125 2748 dmio - ok
07:45:31.0156 2748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:45:31.0156 2748 dmload - ok
07:45:31.0187 2748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:45:31.0187 2748 DMusic - ok
07:45:31.0218 2748 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
07:45:31.0218 2748 DNE - ok
07:45:31.0250 2748 dpti2o - ok
07:45:31.0281 2748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:45:31.0281 2748 drmkaud - ok
07:45:31.0312 2748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:45:31.0328 2748 Fastfat - ok
07:45:31.0359 2748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:45:31.0359 2748 Fdc - ok
07:45:31.0484 2748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:45:31.0484 2748 Fips - ok
07:45:31.0515 2748 fixustor (5ebabcedf75ddbadf17823981ac8dcf1) C:\WINDOWS\system32\drivers\fixustor.sys
07:45:31.0531 2748 fixustor - ok
07:45:31.0578 2748 FLMCKUSB (25aa82defdb74161e73a4fa40cc1aa69) C:\WINDOWS\system32\Drivers\FLMckUSB.sys
07:45:31.0578 2748 FLMCKUSB - ok
07:45:31.0593 2748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:45:31.0593 2748 Flpydisk - ok
07:45:31.0625 2748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:45:31.0625 2748 FltMgr - ok
07:45:31.0656 2748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:45:31.0656 2748 Fs_Rec - ok
07:45:31.0687 2748 FTDIBUS (f5475f8a28c2d67cdfe927db40c843fa) C:\WINDOWS\system32\drivers\ftdibus.sys
07:45:31.0718 2748 FTDIBUS - ok
07:45:31.0734 2748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:45:31.0750 2748 Ftdisk - ok
07:45:31.0750 2748 FTSER2K (f415747e671198b4a39bdb2634f47917) C:\WINDOWS\system32\drivers\ftser2k.sys
07:45:31.0796 2748 FTSER2K - ok
07:45:31.0875 2748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:45:31.0875 2748 Gpc - ok
07:45:31.0937 2748 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
07:45:31.0937 2748 HdAudAddService - ok
07:45:32.0000 2748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:45:32.0000 2748 HDAudBus - ok
07:45:32.0015 2748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:45:32.0015 2748 HidUsb - ok
07:45:32.0046 2748 hpn - ok
07:45:32.0078 2748 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
07:45:32.0093 2748 HTTP - ok
07:45:32.0140 2748 i2omgmt - ok
07:45:32.0156 2748 i2omp - ok
07:45:32.0171 2748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:45:32.0171 2748 i8042prt - ok
07:45:32.0203 2748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:45:32.0203 2748 Imapi - ok
07:45:32.0343 2748 ini910u - ok
07:45:32.0375 2748 IntelIde - ok
07:45:32.0390 2748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:45:32.0390 2748 intelppm - ok
07:45:32.0406 2748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:45:32.0421 2748 Ip6Fw - ok
07:45:32.0609 2748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:45:32.0609 2748 IpFilterDriver - ok
07:45:32.0640 2748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:45:32.0640 2748 IpInIp - ok
07:45:32.0656 2748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:45:32.0656 2748 IpNat - ok
07:45:32.0671 2748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:45:32.0671 2748 IPSec - ok
07:45:32.0703 2748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:45:32.0703 2748 IRENUM - ok
07:45:32.0718 2748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:45:32.0718 2748 isapnp - ok
07:45:32.0734 2748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:45:32.0734 2748 Kbdclass - ok
07:45:32.0765 2748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:45:32.0781 2748 kmixer - ok
07:45:32.0937 2748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:45:32.0937 2748 KSecDD - ok
07:45:32.0968 2748 lbrtfdc - ok
07:45:33.0015 2748 m5288 (485ed377977dc9661626aaab614504cf) C:\WINDOWS\system32\DRIVERS\m5288.sys
07:45:33.0015 2748 m5288 - ok
07:45:33.0125 2748 MLPTDR_C (faf66dd65a5b266e0115f55aa44a6ca8) C:\WINDOWS\system32\MLPTDR_C.SYS
07:45:33.0125 2748 MLPTDR_C - ok
07:45:33.0140 2748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:45:33.0156 2748 mnmdd - ok
07:45:33.0250 2748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:45:33.0250 2748 Modem - ok
07:45:33.0281 2748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:45:33.0281 2748 Mouclass - ok
07:45:33.0312 2748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:45:33.0328 2748 mouhid - ok
07:45:33.0359 2748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:45:33.0359 2748 MountMgr - ok
07:45:33.0390 2748 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:45:33.0390 2748 MpFilter - ok
07:45:33.0468 2748 MpKsl133616ee (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F36AC1E5-B326-41B3-8F0D-20F21259E6CB}\MpKsl133616ee.sys
07:45:33.0468 2748 MpKsl133616ee - ok
07:45:33.0500 2748 mraid35x - ok
07:45:33.0531 2748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:45:33.0531 2748 MRxDAV - ok
07:45:33.0578 2748 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:45:33.0593 2748 MRxSmb - ok
07:45:33.0625 2748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:45:33.0625 2748 Msfs - ok
07:45:33.0671 2748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:45:33.0671 2748 MSKSSRV - ok
07:45:33.0687 2748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:45:33.0703 2748 MSPCLOCK - ok
07:45:33.0718 2748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:45:33.0718 2748 MSPQM - ok
07:45:33.0828 2748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:45:33.0828 2748 mssmbios - ok
07:45:33.0875 2748 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
07:45:33.0875 2748 MTsensor - ok
07:45:33.0906 2748 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
07:45:33.0906 2748 Mup - ok
07:45:33.0953 2748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:45:33.0953 2748 NDIS - ok
07:45:33.0968 2748 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:45:33.0968 2748 NdisTapi - ok
07:45:33.0984 2748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:45:33.0984 2748 Ndisuio - ok
07:45:34.0015 2748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:45:34.0015 2748 NdisWan - ok
07:45:34.0031 2748 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
07:45:34.0031 2748 NDProxy - ok
07:45:34.0078 2748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:45:34.0093 2748 NetBIOS - ok
07:45:34.0109 2748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:45:34.0109 2748 NetBT - ok
07:45:34.0171 2748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:45:34.0171 2748 Npfs - ok
07:45:34.0343 2748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:45:34.0343 2748 Ntfs - ok
07:45:34.0390 2748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:45:34.0390 2748 Null - ok
07:45:34.0437 2748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:45:34.0437 2748 NwlnkFlt - ok
07:45:34.0453 2748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:45:34.0468 2748 NwlnkFwd - ok
07:45:34.0515 2748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:45:34.0515 2748 Parport - ok
07:45:34.0515 2748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:45:34.0515 2748 PartMgr - ok
07:45:34.0546 2748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:45:34.0546 2748 ParVdm - ok
07:45:34.0593 2748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:45:34.0593 2748 PCI - ok
07:45:34.0609 2748 PCIDump - ok
07:45:34.0609 2748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:45:34.0609 2748 PCIIde - ok
07:45:34.0625 2748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:45:34.0640 2748 Pcmcia - ok
07:45:34.0640 2748 PDCOMP - ok
07:45:34.0640 2748 PDFRAME - ok
07:45:34.0656 2748 PDRELI - ok
07:45:34.0656 2748 PDRFRAME - ok
07:45:34.0671 2748 perc2 - ok
07:45:34.0671 2748 perc2hib - ok
07:45:34.0703 2748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:45:34.0703 2748 PptpMiniport - ok
07:45:34.0718 2748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:45:34.0718 2748 PSched - ok
07:45:34.0734 2748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:45:34.0734 2748 Ptilink - ok
07:45:34.0765 2748 ql1080 - ok
07:45:34.0796 2748 Ql10wnt - ok
07:45:34.0812 2748 ql12160 - ok
07:45:34.0828 2748 ql1240 - ok
07:45:34.0984 2748 ql1280 - ok
07:45:35.0000 2748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:45:35.0000 2748 RasAcd - ok
07:45:35.0031 2748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:45:35.0031 2748 Rasl2tp - ok
07:45:35.0203 2748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:45:35.0203 2748 RasPppoe - ok
07:45:35.0218 2748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:45:35.0218 2748 Raspti - ok
07:45:35.0250 2748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:45:35.0265 2748 Rdbss - ok
07:45:35.0421 2748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:45:35.0421 2748 RDPCDD - ok
07:45:35.0453 2748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:45:35.0468 2748 rdpdr - ok
07:45:35.0500 2748 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
07:45:35.0500 2748 RDPWD - ok
07:45:35.0718 2748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:45:35.0718 2748 redbook - ok
07:45:35.0781 2748 RTL8023xp (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
07:45:35.0781 2748 RTL8023xp - ok
07:45:35.0937 2748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:45:35.0937 2748 Secdrv - ok
07:45:35.0984 2748 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
07:45:36.0000 2748 SenFiltService - ok
07:45:36.0031 2748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:45:36.0031 2748 serenum - ok
07:45:36.0140 2748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:45:36.0140 2748 Serial - ok
07:45:36.0187 2748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:45:36.0203 2748 Sfloppy - ok
07:45:36.0359 2748 Simbad - ok
07:45:36.0406 2748 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
07:45:36.0406 2748 SONYPVU1 - ok
07:45:36.0421 2748 Sparrow - ok
07:45:36.0453 2748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:45:36.0453 2748 splitter - ok
07:45:36.0484 2748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:45:36.0484 2748 sr - ok
07:45:36.0531 2748 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
07:45:36.0546 2748 Srv - ok
07:45:36.0609 2748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:45:36.0609 2748 swenum - ok
07:45:36.0640 2748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:45:36.0640 2748 swmidi - ok
07:45:36.0671 2748 symc810 - ok
07:45:36.0703 2748 symc8xx - ok
07:45:36.0796 2748 sym_hi - ok
07:45:36.0812 2748 sym_u3 - ok
07:45:36.0843 2748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:45:36.0843 2748 sysaudio - ok
07:45:37.0937 2748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:45:37.0953 2748 Tcpip - ok
07:45:37.0984 2748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:45:38.0000 2748 TDPIPE - ok
07:45:38.0015 2748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:45:38.0015 2748 TDTCP - ok
07:45:38.0046 2748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:45:38.0062 2748 TermDD - ok
07:45:38.0093 2748 TosIde - ok
07:45:38.0140 2748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:45:38.0140 2748 Udfs - ok
07:45:38.0171 2748 ultra - ok
07:45:38.0218 2748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:45:38.0218 2748 Update - ok
07:45:38.0265 2748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:45:38.0265 2748 usbccgp - ok
07:45:38.0296 2748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:45:38.0296 2748 usbehci - ok
07:45:38.0312 2748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:45:38.0312 2748 usbhub - ok
07:45:38.0343 2748 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:45:38.0343 2748 usbohci - ok
07:45:38.0359 2748 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:45:38.0359 2748 usbstor - ok
07:45:38.0531 2748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:45:38.0546 2748 VgaSave - ok
07:45:38.0546 2748 ViaIde - ok
07:45:38.0578 2748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:45:38.0578 2748 VolSnap - ok
07:45:38.0625 2748 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
07:45:38.0625 2748 vsdatant - ok
07:45:38.0656 2748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:45:38.0671 2748 Wanarp - ok
07:45:38.0671 2748 WDICA - ok
07:45:38.0687 2748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:45:38.0703 2748 wdmaud - ok
07:45:39.0031 2748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:45:39.0031 2748 WS2IFSL - ok
07:45:39.0125 2748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:45:39.0281 2748 \Device\Harddisk0\DR0 - ok
07:45:39.0296 2748 Boot (0x1200) (f9ffc5e447655a684ca2b2a1aea627ed) \Device\Harddisk0\DR0\Partition0
07:45:39.0296 2748 \Device\Harddisk0\DR0\Partition0 - ok
07:45:39.0328 2748 Boot (0x1200) (bb62ad1a48d741ace9cce0384b03f99b) \Device\Harddisk0\DR0\Partition1
07:45:39.0328 2748 \Device\Harddisk0\DR0\Partition1 - ok
07:45:39.0328 2748 ============================================================
07:45:39.0328 2748 Scan finished
07:45:39.0328 2748 ============================================================
07:45:39.0343 2760 Detected object count: 1
07:45:39.0343 2760 Actual detected object count: 1
07:45:46.0265 2760 Backup copy found, using it..
07:45:46.0390 2760 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
07:45:46.0390 2760 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
07:45:52.0515 2776 Deinitialize success

#8 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:10:35 AM

Posted 29 December 2011 - 11:03 AM

Remove any extra toolbars you may have ... Coupon clipper,
ASK, Target, Yahoo...etc etc

Top Right of your screen, hit the (search options) down carrot [v] button
and make Google your default search engine.

Go to Control Panel and REMOVE any other toolbars. Reboot.

Then do a SPYBOT scan. www.safer-networking.com
Update Spybot definitions...

Let it run, it may take 2+ hours.

Reboot. :dance:

R We Good ?


#9 jimgurley

jimgurley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 29 December 2011 - 11:34 AM

Sorry, but I don't think I'll follow the suggestion of a new member without some sort of introduction...

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:35 AM

Posted 29 December 2011 - 12:07 PM

Good news :)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================

You seem to have some issue with Security Center.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:10:35 AM

Posted 29 December 2011 - 03:19 PM

I've been on here for over 14 months. I am not a new member.

Go ahead and download fix-tools from an
unknown source!

:hysterical:

R We Good ?


#12 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:10:35 AM

Posted 29 December 2011 - 03:20 PM

And then he asks for money?

:thumbsup:

?

:woot:

R We Good ?


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:35 AM

Posted 29 December 2011 - 03:40 PM

Go ahead and download fix-tools from an
unknown source!

Please refrain from posting totally false information.

And then he asks for money?

Please refrain from posting totally false information.

Any further interference with this kind of nonsense will be reported to board mods.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 jimgurley

jimgurley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 29 December 2011 - 10:45 PM

aswMBR didn't like running via remote desktop, so I'll have to do it tomorrow morning. It aborted my connection and when I reconnected, there was no log file and Windows "recovered from a serious error".

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:35 AM

Posted 30 December 2011 - 12:42 PM

Let me know....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users