Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help would be greatly appreciated!


  • Please log in to reply
29 replies to this topic

#1 Lina21

Lina21

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 December 2011 - 06:03 PM

Hi Everyone!
I would greatly appreciate any help, first time on here. A couple of days ago, I noticed that every time I would click on a Google search links I would be redirected to Info-Mash or some other website. I didn't think much of it, till the next day I could no longer open Google Chrome or Internet Explorer. An 'Open With' window would pop up. I couldn't run any program with .exe ending. Pop up windows of 'Application not found' would show up. I was only able to access the Internet by clicking on the 'browse web' link at the bottom of the 'Open With' window. I tried downloading Malwarebytes' Anti-Malware program but I could not open it. Eventually I got a blue screen and the computer restarted. I wasn't sure what to do when it restarted but ended up selecting the System Restore option. After that was done, I tried going on Windows normally and I noticed that all my programs were gone and a window showed up (I was able to take a quick pic) saying
'Windows has recovered from an unexpected shutdown.
Problem Signature
Problem Event Name: Blue Screen
OS Version 6.1.7600.2.0.0768.11
Locale ID: 1033
and got blue screen again. I entered Safe Mode with Networking, downloaded Malware program , let it run its course. Windows needed to be rebooted to get rid of threats. Tried going on Windows normally and got blue screen again. I am on Safe Mode with Networking. I have to no idea what to do! help would be greatly appreciated, thanks again in advance!
I have Windows 7 Starter 32-bit which is pretty much all I know about this netbook.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:04 AM

Posted 28 December 2011 - 09:52 PM

Welcome aboard Posted Image

Stay in Safe Mode with Networking for now.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Lina21

Lina21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 December 2011 - 10:07 PM

Thanks so much for your help! I'll get right to it! =)

#4 Lina21

Lina21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 December 2011 - 10:14 PM

Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 27
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#5 Lina21

Lina21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 December 2011 - 10:17 PM

MiniToolBox by Farbar
Ran by Lina (administrator) on 28-12-2011 at 19:14:55
Microsoft Windows 7 Starter (X86)
Boot Mode: Nerwork
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Cherrio-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 00-26-B6-EA-02-22
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c05b:40d8:cc71:b89e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, December 28, 2011 2:02:37 PM
Lease Expires . . . . . . . . . . : Thursday, December 29, 2011 7:15:07 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 184559286
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-FE-FB-C9-88-AE-1D-43-FA-56
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.224.147
74.125.224.145
74.125.224.144
74.125.224.148
74.125.224.146


Pinging google.com [74.125.224.52] with 32 bytes of data:
Reply from 74.125.224.52: bytes=32 time=23ms TTL=53
Reply from 74.125.224.52: bytes=32 time=25ms TTL=53

Ping statistics for 74.125.224.52:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 25ms, Average = 24ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=54ms TTL=54
Reply from 98.137.149.56: bytes=32 time=27ms TTL=54

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 27ms, Maximum = 54ms, Average = 40ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 26 b6 ea 02 22 ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.65 281
192.168.1.65 255.255.255.255 On-link 192.168.1.65 281
192.168.1.255 255.255.255.255 On-link 192.168.1.65 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.65 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.65 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::c05b:40d8:cc71:b89e/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/28/2011 03:05:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_gcswf32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: gcswf32.dll, version: 11.1.102.55, time stamp: 0x4eaf862f
Exception code: 0xc0000005
Fault offset: 0x001cb58b
Faulting process id: 0x83c
Faulting application start time: 0xrundll32.exe_gcswf32.dll0
Faulting application path: rundll32.exe_gcswf32.dll1
Faulting module path: rundll32.exe_gcswf32.dll2
Report Id: rundll32.exe_gcswf32.dll3

Error: (12/28/2011 02:05:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_gcswf32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: gcswf32.dll, version: 11.1.102.55, time stamp: 0x4eaf862f
Exception code: 0xc0000005
Fault offset: 0x001cb58b
Faulting process id: 0x634
Faulting application start time: 0xrundll32.exe_gcswf32.dll0
Faulting application path: rundll32.exe_gcswf32.dll1
Faulting module path: rundll32.exe_gcswf32.dll2
Report Id: rundll32.exe_gcswf32.dll3

Error: (12/28/2011 01:16:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Installing the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/28/2011 01:16:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unable to update the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the error code.

Error: (12/28/2011 01:16:24 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/28/2011 01:16:24 PM) (Source: Microsoft-Windows-LoadPerf) (User: SYSTEM)SYSTEM
Description: Unable to update the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the error code.

Error: (12/28/2011 01:09:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_gcswf32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: gcswf32.dll, version: 11.1.102.55, time stamp: 0x4eaf862f
Exception code: 0xc0000005
Fault offset: 0x001cb58b
Faulting process id: 0x50c
Faulting application start time: 0xrundll32.exe_gcswf32.dll0
Faulting application path: rundll32.exe_gcswf32.dll1
Faulting module path: rundll32.exe_gcswf32.dll2
Report Id: rundll32.exe_gcswf32.dll3

Error: (12/28/2011 00:39:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_gcswf32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: gcswf32.dll, version: 11.1.102.55, time stamp: 0x4eaf862f
Exception code: 0xc0000005
Fault offset: 0x001cb58b
Faulting process id: 0x550
Faulting application start time: 0xrundll32.exe_gcswf32.dll0
Faulting application path: rundll32.exe_gcswf32.dll1
Faulting module path: rundll32.exe_gcswf32.dll2
Report Id: rundll32.exe_gcswf32.dll3

Error: (12/28/2011 00:25:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_gcswf32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: gcswf32.dll, version: 11.1.102.55, time stamp: 0x4eaf862f
Exception code: 0xc0000005
Fault offset: 0x001cb58b
Faulting process id: 0x8c0
Faulting application start time: 0xrundll32.exe_gcswf32.dll0
Faulting application path: rundll32.exe_gcswf32.dll1
Faulting module path: rundll32.exe_gcswf32.dll2
Report Id: rundll32.exe_gcswf32.dll3

Error: (12/28/2011 00:02:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 15.0.874.121, time stamp: 0x4ec1cf8b
Faulting module name: chrome.dll, version: 15.0.874.121, time stamp: 0x4ec1cec9
Exception code: 0x80000003
Fault offset: 0x002191e1
Faulting process id: 0x564
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3


System errors:
=============
Error: (12/28/2011 07:15:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/28/2011 07:15:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/28/2011 07:15:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/28/2011 07:15:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/28/2011 07:15:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/28/2011 07:15:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/28/2011 07:15:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/28/2011 07:15:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/28/2011 07:15:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/28/2011 07:14:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (10/27/2011 05:42:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 650 seconds with 480 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Reader 9.3 (Version: 9.3.0)
Atheros Driver Installation Program (Version: 5.2)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Brother MFL-Pro Suite MFC-495CW (Version: 1.0.3.0)
Chuzzle Deluxe (Version: 2.2.0.82)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Escape Rosecliff Island (Version: 2.2.0.82)
FATE - The Traitor Soul (Version: 2.2.0.82)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2117)
Intel® Matrix Storage Manager
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Jewel Quest 3 (Version: 2.2.0.82)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2010 - English (Version: 14.0.6109.5003)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Norton Internet Security (Version: 17.5.0.127)
PaperPort Image Printer (Version: 1.00.0000)
Penguins! (Version: 2.2.0.82)
Polar Bowler (Version: 2.2.0.82)
Quickbooks Financial Center (Version: 2.02)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6088)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30116)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Skype Launcher (Version: 2.01)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
TOSHIBA Application and Driver Installer (Version: 9.0.1.2)
TOSHIBA Assist (Version: 2.01.12)
TOSHIBA Bulletin Board (Version: 1.6.07.32)
TOSHIBA eco Utility (Version: 1.2.11.0)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.5C)
TOSHIBA Hardware Setup (Version: 1.63.1.19C)
TOSHIBA HDD Protection (Version: 2.2.0.4)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.6)
Toshiba Laptop Checkup (Version: 2.0.3.198)
TOSHIBA Media Controller (Version: 1.0.80.5)
Toshiba Online Backup (Version: 1.2.0.38)
TOSHIBA PC Health Monitor (Version: 1.6.1.0)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4)
TOSHIBA ReelTime (Version: 1.6.06.32)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Supervisor Password (Version: 1.63.0.9C)
TOSHIBA USB Sleep and Charge Utility (Version: 1.3.4.0)
TOSHIBA Value Added Package (Version: 1.3.6)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
ToshibaRegistration (Version: 1.0.4)
Utility Common Driver (Version: 1.0.52.1C)
Virtual Families (Version: 2.2.0.82)
Virtual Villagers - The Secret City (Version: 2.2.0.82)
WildTangent Games (Version: 1.0.0.80)
WildTangent ORB Game Console
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Zuma's Revenge (Version: 2.2.0.82)

========================= Memory info: ===================================

Percentage of memory in use: 93%
Total physical RAM: 1013.41 MB
Available physical RAM: 66.76 MB
Total Pagefile: 2037.41 MB
Available Pagefile: 661.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.75 MB

========================= Partitions: =====================================

1 Drive c: (TI105860W0F) (Fixed) (Total:223.64 GB) (Free:186.41 GB) NTFS

========================= Users: ========================================

User accounts for \\CHERRIO-PC

Administrator Cherrio Guest
Lina Mimi Mom
Ozo


**** End of log ****

#6 Lina21

Lina21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 December 2011 - 10:23 PM

During Malwarebytes Anti-Malware Setup, a pop up window has shown up saying'Access denied' and when I press Ok another window says ' Setup not completed. Please correct the problem and run Setup again'.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:04 AM

Posted 28 December 2011 - 10:23 PM

Skip it for now.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Lina21

Lina21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 December 2011 - 10:33 PM

Ok. I'll go to your last step then.

#9 Lina21

Lina21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 December 2011 - 11:37 PM

GMER was interrupted by a window saying "Rootkit activity detected" and I clicked Ok. Scanning stopped but I saved just like you instructed and here are the results:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-28 20:33:32
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.GJ00
Running: 0wy8oj9r.exe; Driver: C:\Users\Lina\AppData\Local\Temp\pxliafoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81A925D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AB7092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\svchost.exe[2348] kernel32.dll!WriteFile 75B2116C 5 Bytes JMP 000A000A
.text C:\windows\system32\svchost.exe[2348] USER32.dll!GetCursorPos 76C0C198 5 Bytes JMP 0067000A
.text C:\windows\system32\svchost.exe[2348] USER32.dll!GetForegroundWindow 76C1565D 5 Bytes JMP 0069000A
.text C:\windows\system32\svchost.exe[2348] USER32.dll!WindowFromPoint 76C36D0C 5 Bytes JMP 0068000A
.text C:\windows\system32\svchost.exe[2348] ole32.dll!CoCreateInstance 7733590C 5 Bytes JMP 0019000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB13343$\161234307 0 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\@ 2048 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\bckfg.tmp 845 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\cfg.ini 208 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\keywords 480 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\L 0 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\L\xadqgnnk 78336 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\lnytbr 5176 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\U 0 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB13343$\161234307\U\80000032.@ 97792 bytes
File C:\Windows\$NtUninstallKB13343$\2772700508 0 bytes

---- EOF - GMER 1.0.15 ----

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:04 AM

Posted 28 December 2011 - 11:45 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Lina21

Lina21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 December 2011 - 11:56 PM

Okay, I will get right on it! thanks =)

#12 Lina21

Lina21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 December 2011 - 12:07 AM

Ran the TDSS KILLER, found an infected file, had to be rebooted. Now I am on Windows Normally.
Here are the results:



20:53:37.0919 4912 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:53:38.0496 4912 ============================================================
20:53:38.0496 4912 Current date / time: 2011/12/28 20:53:38.0496
20:53:38.0496 4912 SystemInfo:
20:53:38.0496 4912
20:53:38.0496 4912 OS Version: 6.1.7600 ServicePack: 0.0
20:53:38.0496 4912 Product type: Workstation
20:53:38.0496 4912 ComputerName: CHERRIO-PC
20:53:38.0496 4912 UserName: Lina
20:53:38.0496 4912 Windows directory: C:\windows
20:53:38.0512 4912 System windows directory: C:\windows
20:53:38.0512 4912 Processor architecture: Intel x86
20:53:38.0512 4912 Number of processors: 2
20:53:38.0512 4912 Page size: 0x1000
20:53:38.0512 4912 Boot type: Safe boot with network
20:53:38.0512 4912 ============================================================
20:53:39.0744 4912 Initialize success
20:53:44.0580 1808 ============================================================
20:53:44.0580 1808 Scan started
20:53:44.0580 1808 Mode: Manual;
20:53:44.0580 1808 ============================================================
20:53:45.0984 1808 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
20:53:46.0000 1808 1394ohci - ok
20:53:46.0202 1808 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
20:53:46.0218 1808 ACPI - ok
20:53:46.0436 1808 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
20:53:46.0436 1808 AcpiPmi - ok
20:53:46.0655 1808 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
20:53:46.0686 1808 adp94xx - ok
20:53:46.0873 1808 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
20:53:46.0873 1808 adpahci - ok
20:53:47.0060 1808 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
20:53:47.0060 1808 adpu320 - ok
20:53:47.0294 1808 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
20:53:47.0294 1808 AFD - ok
20:53:47.0482 1808 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
20:53:47.0497 1808 agp440 - ok
20:53:47.0684 1808 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
20:53:47.0684 1808 aic78xx - ok
20:53:47.0934 1808 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
20:53:47.0934 1808 aliide - ok
20:53:48.0137 1808 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
20:53:48.0137 1808 amdagp - ok
20:53:48.0340 1808 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
20:53:48.0340 1808 amdide - ok
20:53:48.0589 1808 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
20:53:48.0589 1808 AmdK8 - ok
20:53:48.0823 1808 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
20:53:48.0823 1808 AmdPPM - ok
20:53:49.0010 1808 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
20:53:49.0010 1808 amdsata - ok
20:53:49.0213 1808 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
20:53:49.0229 1808 amdsbs - ok
20:53:49.0463 1808 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
20:53:49.0463 1808 amdxata - ok
20:53:49.0681 1808 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
20:53:49.0681 1808 AppID - ok
20:53:49.0931 1808 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
20:53:49.0931 1808 arc - ok
20:53:50.0134 1808 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
20:53:50.0149 1808 arcsas - ok
20:53:50.0305 1808 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
20:53:50.0305 1808 AsyncMac - ok
20:53:50.0508 1808 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
20:53:50.0508 1808 atapi - ok
20:53:50.0820 1808 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys
20:53:50.0836 1808 athr - ok
20:53:51.0179 1808 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
20:53:51.0194 1808 b06bdrv - ok
20:53:51.0428 1808 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
20:53:51.0428 1808 b57nd60x - ok
20:53:51.0647 1808 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
20:53:51.0647 1808 Beep - ok
20:53:52.0037 1808 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
20:53:52.0052 1808 blbdrive - ok
20:53:52.0240 1808 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
20:53:52.0255 1808 bowser - ok
20:53:52.0489 1808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:53:52.0489 1808 BrFiltLo - ok
20:53:52.0739 1808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:53:52.0739 1808 BrFiltUp - ok
20:53:53.0082 1808 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
20:53:53.0098 1808 Brserid - ok
20:53:53.0285 1808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
20:53:53.0285 1808 BrSerWdm - ok
20:53:53.0456 1808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
20:53:53.0456 1808 BrUsbMdm - ok
20:53:53.0644 1808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
20:53:53.0644 1808 BrUsbSer - ok
20:53:53.0815 1808 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
20:53:53.0815 1808 BTHMODEM - ok
20:53:54.0049 1808 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
20:53:54.0049 1808 cdfs - ok
20:53:54.0252 1808 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
20:53:54.0252 1808 cdrom - ok
20:53:54.0439 1808 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
20:53:54.0455 1808 circlass - ok
20:53:54.0580 1808 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
20:53:54.0580 1808 CLFS - ok
20:53:54.0829 1808 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
20:53:54.0829 1808 CmBatt - ok
20:53:55.0032 1808 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
20:53:55.0032 1808 cmdide - ok
20:53:55.0204 1808 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
20:53:55.0219 1808 CNG - ok
20:53:55.0406 1808 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
20:53:55.0406 1808 Compbatt - ok
20:53:55.0609 1808 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
20:53:55.0609 1808 CompositeBus - ok
20:53:55.0812 1808 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
20:53:55.0812 1808 crcdisk - ok
20:53:56.0093 1808 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
20:53:56.0093 1808 DfsC - ok
20:53:56.0280 1808 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
20:53:56.0280 1808 discache - ok
20:53:56.0467 1808 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
20:53:56.0483 1808 Disk - ok
20:53:56.0717 1808 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
20:53:56.0717 1808 Dot4 - ok
20:53:56.0951 1808 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\windows\system32\DRIVERS\Dot4Prt.sys
20:53:56.0951 1808 Dot4Print - ok
20:53:57.0107 1808 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
20:53:57.0107 1808 dot4usb - ok
20:53:57.0310 1808 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
20:53:57.0310 1808 drmkaud - ok
20:53:57.0466 1808 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
20:53:57.0481 1808 DXGKrnl - ok
20:53:57.0762 1808 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
20:53:57.0871 1808 ebdrv - ok
20:53:58.0074 1808 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
20:53:58.0090 1808 elxstor - ok
20:53:58.0246 1808 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
20:53:58.0261 1808 ErrDev - ok
20:53:58.0464 1808 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
20:53:58.0464 1808 exfat - ok
20:53:58.0636 1808 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
20:53:58.0651 1808 fastfat - ok
20:53:58.0823 1808 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
20:53:58.0838 1808 fdc - ok
20:53:59.0010 1808 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
20:53:59.0010 1808 FileInfo - ok
20:53:59.0150 1808 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
20:53:59.0150 1808 Filetrace - ok
20:53:59.0322 1808 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
20:53:59.0322 1808 flpydisk - ok
20:53:59.0494 1808 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
20:53:59.0494 1808 FltMgr - ok
20:53:59.0665 1808 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
20:53:59.0665 1808 FsDepends - ok
20:53:59.0821 1808 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
20:53:59.0821 1808 Fs_Rec - ok
20:54:00.0008 1808 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
20:54:00.0008 1808 fvevol - ok
20:54:00.0196 1808 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
20:54:00.0196 1808 gagp30kx - ok
20:54:00.0383 1808 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
20:54:00.0383 1808 hcw85cir - ok
20:54:00.0570 1808 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
20:54:00.0586 1808 HdAudAddService - ok
20:54:00.0757 1808 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
20:54:00.0757 1808 HDAudBus - ok
20:54:00.0913 1808 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
20:54:00.0913 1808 HidBatt - ok
20:54:01.0069 1808 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
20:54:01.0069 1808 HidBth - ok
20:54:01.0256 1808 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
20:54:01.0256 1808 HidIr - ok
20:54:01.0459 1808 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
20:54:01.0459 1808 HidUsb - ok
20:54:01.0662 1808 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
20:54:01.0662 1808 HpSAMD - ok
20:54:01.0865 1808 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
20:54:01.0880 1808 HTTP - ok
20:54:02.0036 1808 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
20:54:02.0036 1808 hwpolicy - ok
20:54:02.0208 1808 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
20:54:02.0208 1808 i8042prt - ok
20:54:02.0426 1808 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
20:54:02.0426 1808 iaStor - ok
20:54:02.0614 1808 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
20:54:02.0614 1808 iaStorV - ok
20:54:02.0926 1808 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
20:54:03.0066 1808 igfx - ok
20:54:03.0238 1808 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
20:54:03.0238 1808 iirsp - ok
20:54:03.0534 1808 IntcAzAudAddService (c4b1d45fe135286155b9e6aa0db4e4d3) C:\windows\system32\drivers\RTKVHDA.sys
20:54:03.0659 1808 IntcAzAudAddService - ok
20:54:03.0815 1808 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
20:54:03.0815 1808 intelide - ok
20:54:03.0986 1808 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
20:54:04.0002 1808 intelppm - ok
20:54:04.0158 1808 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:54:04.0174 1808 IpFilterDriver - ok
20:54:04.0345 1808 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:54:04.0345 1808 IPMIDRV - ok
20:54:04.0517 1808 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
20:54:04.0517 1808 IPNAT - ok
20:54:04.0782 1808 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
20:54:04.0782 1808 IRENUM - ok
20:54:05.0078 1808 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
20:54:05.0078 1808 isapnp - ok
20:54:05.0297 1808 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
20:54:05.0312 1808 iScsiPrt - ok
20:54:05.0687 1808 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
20:54:05.0687 1808 kbdclass - ok
20:54:05.0968 1808 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
20:54:05.0968 1808 kbdhid - ok
20:54:06.0248 1808 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
20:54:06.0248 1808 KSecDD - ok
20:54:06.0654 1808 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
20:54:06.0654 1808 KSecPkg - ok
20:54:06.0935 1808 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
20:54:06.0950 1808 lltdio - ok
20:54:07.0262 1808 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys
20:54:07.0262 1808 LPCFilter - ok
20:54:07.0543 1808 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
20:54:07.0543 1808 LSI_FC - ok
20:54:07.0886 1808 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
20:54:07.0886 1808 LSI_SAS - ok
20:54:08.0261 1808 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:54:08.0261 1808 LSI_SAS2 - ok
20:54:08.0479 1808 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:54:08.0479 1808 LSI_SCSI - ok
20:54:08.0682 1808 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
20:54:08.0682 1808 luafv - ok
20:54:08.0869 1808 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys
20:54:08.0869 1808 MBAMProtector - ok
20:54:09.0041 1808 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
20:54:09.0041 1808 megasas - ok
20:54:09.0212 1808 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
20:54:09.0228 1808 MegaSR - ok
20:54:09.0415 1808 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
20:54:09.0415 1808 Modem - ok
20:54:09.0587 1808 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
20:54:09.0602 1808 monitor - ok
20:54:09.0774 1808 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
20:54:09.0774 1808 mouclass - ok
20:54:09.0946 1808 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
20:54:09.0946 1808 mouhid - ok
20:54:10.0117 1808 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
20:54:10.0117 1808 mountmgr - ok
20:54:10.0273 1808 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
20:54:10.0273 1808 mpio - ok
20:54:10.0460 1808 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
20:54:10.0460 1808 mpsdrv - ok
20:54:10.0616 1808 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
20:54:10.0632 1808 MRxDAV - ok
20:54:10.0788 1808 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
20:54:10.0788 1808 mrxsmb - ok
20:54:10.0928 1808 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:54:10.0944 1808 mrxsmb10 - ok
20:54:11.0100 1808 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:54:11.0100 1808 mrxsmb20 - ok
20:54:11.0240 1808 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
20:54:11.0240 1808 msahci - ok
20:54:11.0396 1808 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
20:54:11.0396 1808 msdsm - ok
20:54:11.0584 1808 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
20:54:11.0584 1808 Msfs - ok
20:54:11.0740 1808 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
20:54:11.0740 1808 mshidkmdf - ok
20:54:11.0896 1808 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
20:54:11.0896 1808 msisadrv - ok
20:54:12.0083 1808 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
20:54:12.0083 1808 MSKSSRV - ok
20:54:12.0254 1808 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
20:54:12.0254 1808 MSPCLOCK - ok
20:54:12.0442 1808 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
20:54:12.0442 1808 MSPQM - ok
20:54:12.0598 1808 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
20:54:12.0598 1808 MsRPC - ok
20:54:12.0754 1808 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
20:54:12.0769 1808 mssmbios - ok
20:54:12.0941 1808 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
20:54:12.0941 1808 MSTEE - ok
20:54:13.0097 1808 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
20:54:13.0097 1808 MTConfig - ok
20:54:13.0253 1808 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
20:54:13.0253 1808 Mup - ok
20:54:13.0471 1808 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
20:54:13.0487 1808 NativeWifiP - ok
20:54:13.0627 1808 NAVENG - ok
20:54:13.0783 1808 NAVEX15 - ok
20:54:13.0970 1808 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
20:54:13.0986 1808 NDIS - ok
20:54:14.0142 1808 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
20:54:14.0158 1808 NdisCap - ok
20:54:14.0314 1808 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
20:54:14.0314 1808 NdisTapi - ok
20:54:14.0516 1808 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
20:54:14.0516 1808 Ndisuio - ok
20:54:14.0672 1808 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
20:54:14.0672 1808 NdisWan - ok
20:54:14.0828 1808 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
20:54:14.0828 1808 NDProxy - ok
20:54:14.0984 1808 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
20:54:15.0000 1808 NetBIOS - ok
20:54:15.0156 1808 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
20:54:15.0172 1808 NetBT - ok
20:54:15.0359 1808 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
20:54:15.0359 1808 nfrd960 - ok
20:54:15.0546 1808 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
20:54:15.0562 1808 Npfs - ok
20:54:15.0718 1808 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
20:54:15.0733 1808 nsiproxy - ok
20:54:15.0936 1808 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
20:54:15.0967 1808 Ntfs - ok
20:54:16.0108 1808 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
20:54:16.0108 1808 Null - ok
20:54:16.0279 1808 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
20:54:16.0279 1808 nvraid - ok
20:54:16.0451 1808 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
20:54:16.0466 1808 nvstor - ok
20:54:16.0654 1808 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
20:54:16.0654 1808 nv_agp - ok
20:54:16.0841 1808 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
20:54:16.0856 1808 ohci1394 - ok
20:54:17.0075 1808 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
20:54:17.0075 1808 Parport - ok
20:54:17.0231 1808 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
20:54:17.0231 1808 partmgr - ok
20:54:17.0387 1808 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
20:54:17.0387 1808 Parvdm - ok
20:54:17.0590 1808 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
20:54:17.0590 1808 pci - ok
20:54:17.0746 1808 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
20:54:17.0746 1808 pciide - ok
20:54:17.0917 1808 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
20:54:17.0917 1808 pcmcia - ok
20:54:18.0073 1808 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
20:54:18.0073 1808 pcw - ok
20:54:18.0260 1808 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
20:54:18.0276 1808 PEAUTH - ok
20:54:18.0494 1808 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
20:54:18.0494 1808 PGEffect - ok
20:54:18.0760 1808 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
20:54:18.0760 1808 PptpMiniport - ok
20:54:18.0916 1808 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
20:54:18.0931 1808 Processor - ok
20:54:19.0118 1808 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
20:54:19.0118 1808 Psched - ok
20:54:19.0321 1808 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
20:54:19.0352 1808 ql2300 - ok
20:54:19.0508 1808 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
20:54:19.0508 1808 ql40xx - ok
20:54:19.0664 1808 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
20:54:19.0696 1808 QWAVEdrv - ok
20:54:19.0852 1808 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
20:54:19.0852 1808 RasAcd - ok
20:54:20.0039 1808 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
20:54:20.0039 1808 RasAgileVpn - ok
20:54:20.0210 1808 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
20:54:20.0210 1808 Rasl2tp - ok
20:54:20.0382 1808 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
20:54:20.0382 1808 RasPppoe - ok
20:54:20.0569 1808 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
20:54:20.0569 1808 RasSstp - ok
20:54:20.0725 1808 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
20:54:20.0741 1808 rdbss - ok
20:54:20.0912 1808 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
20:54:20.0912 1808 rdpbus - ok
20:54:21.0068 1808 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
20:54:21.0068 1808 RDPCDD - ok
20:54:21.0240 1808 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
20:54:21.0256 1808 RDPENCDD - ok
20:54:21.0412 1808 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
20:54:21.0412 1808 RDPREFMP - ok
20:54:21.0583 1808 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
20:54:21.0583 1808 RDPWD - ok
20:54:21.0755 1808 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
20:54:21.0770 1808 rdyboost - ok
20:54:21.0973 1808 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
20:54:21.0973 1808 rspndr - ok
20:54:22.0129 1808 RSUSBSTOR (5bef0fd9b6e57bbc6f7920e3118ae108) C:\windows\system32\Drivers\RtsUStor.sys
20:54:22.0145 1808 RSUSBSTOR - ok
20:54:22.0332 1808 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\windows\system32\DRIVERS\Rt86win7.sys
20:54:22.0348 1808 RTL8167 - ok
20:54:22.0550 1808 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
20:54:22.0550 1808 sbp2port - ok
20:54:22.0738 1808 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
20:54:22.0738 1808 scfilter - ok
20:54:22.0940 1808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
20:54:22.0940 1808 secdrv - ok
20:54:23.0112 1808 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
20:54:23.0112 1808 Serenum - ok
20:54:23.0268 1808 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
20:54:23.0284 1808 Serial - ok
20:54:23.0455 1808 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
20:54:23.0455 1808 sermouse - ok
20:54:23.0642 1808 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
20:54:23.0642 1808 sffdisk - ok
20:54:23.0798 1808 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:54:23.0814 1808 sffp_mmc - ok
20:54:23.0970 1808 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
20:54:23.0970 1808 sffp_sd - ok
20:54:24.0142 1808 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
20:54:24.0142 1808 sfloppy - ok
20:54:24.0313 1808 Sftfs (8f00cc8cacf83dce5b35079f615b0f12) C:\windows\system32\DRIVERS\Sftfslh.sys
20:54:24.0344 1808 Sftfs - ok
20:54:24.0547 1808 Sftplay (afdb934586c4c8b2be39ae7eea6f52be) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:54:24.0563 1808 Sftplay - ok
20:54:24.0734 1808 Sftredir (6b1865d82e0290729ed7496c24275592) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:54:24.0734 1808 Sftredir - ok
20:54:24.0906 1808 Sftvol (621eccb1265a01ce2bdf6f2c5e727e2b) C:\windows\system32\DRIVERS\Sftvollh.sys
20:54:24.0906 1808 Sftvol - ok
20:54:25.0124 1808 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
20:54:25.0124 1808 sisagp - ok
20:54:25.0312 1808 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:54:25.0312 1808 SiSRaid2 - ok
20:54:25.0499 1808 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
20:54:25.0499 1808 SiSRaid4 - ok
20:54:25.0686 1808 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
20:54:25.0702 1808 Smb - ok
20:54:25.0889 1808 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
20:54:25.0889 1808 spldr - ok
20:54:26.0170 1808 SRTSP (f68cfec40f2800aacc1d4bf33eb79f9a) C:\windows\system32\drivers\NIS\1105000.07F\SRTSP.SYS
20:54:26.0170 1808 SRTSP - ok
20:54:26.0341 1808 SRTSPX (c39d9fcf1e3e52990f6b360e51a73fbd) C:\windows\system32\drivers\NIS\1105000.07F\SRTSPX.SYS
20:54:26.0341 1808 SRTSPX - ok
20:54:26.0497 1808 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
20:54:26.0528 1808 srv - ok
20:54:26.0716 1808 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
20:54:26.0731 1808 srv2 - ok
20:54:26.0950 1808 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
20:54:26.0950 1808 srvnet - ok
20:54:27.0137 1808 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
20:54:27.0137 1808 stexstor - ok
20:54:27.0308 1808 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
20:54:27.0324 1808 StillCam - ok
20:54:27.0496 1808 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
20:54:27.0496 1808 swenum - ok
20:54:27.0745 1808 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys
20:54:27.0745 1808 SynTP - ok
20:54:27.0964 1808 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
20:54:27.0995 1808 Tcpip - ok
20:54:28.0213 1808 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
20:54:28.0229 1808 TCPIP6 - ok
20:54:28.0385 1808 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
20:54:28.0385 1808 tcpipreg - ok
20:54:28.0588 1808 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:54:28.0588 1808 tdcmdpst - ok
20:54:28.0744 1808 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
20:54:28.0775 1808 TDPIPE - ok
20:54:28.0915 1808 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
20:54:28.0915 1808 TDTCP - ok
20:54:29.0071 1808 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
20:54:29.0071 1808 tdx - ok
20:54:29.0243 1808 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
20:54:29.0243 1808 TermDD - ok
20:54:29.0446 1808 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys
20:54:29.0446 1808 Thpdrv - ok
20:54:29.0633 1808 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS
20:54:29.0633 1808 Thpevm - ok
20:54:29.0914 1808 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
20:54:29.0929 1808 tssecsrv - ok
20:54:30.0101 1808 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
20:54:30.0101 1808 tunnel - ok
20:54:30.0288 1808 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:54:30.0304 1808 TVALZ - ok
20:54:30.0506 1808 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
20:54:30.0522 1808 TVALZFL - ok
20:54:30.0678 1808 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
20:54:30.0678 1808 uagp35 - ok
20:54:30.0850 1808 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
20:54:30.0865 1808 udfs - ok
20:54:31.0068 1808 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
20:54:31.0068 1808 uliagpkx - ok
20:54:31.0240 1808 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
20:54:31.0240 1808 umbus - ok
20:54:31.0396 1808 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
20:54:31.0396 1808 UmPass - ok
20:54:31.0583 1808 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\windows\system32\DRIVERS\usbccgp.sys
20:54:31.0598 1808 usbccgp - ok
20:54:31.0754 1808 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
20:54:31.0770 1808 usbcir - ok
20:54:31.0942 1808 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\windows\system32\drivers\usbehci.sys
20:54:31.0942 1808 usbehci - ok
20:54:32.0129 1808 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\windows\system32\DRIVERS\usbhub.sys
20:54:32.0129 1808 usbhub - ok
20:54:32.0316 1808 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\windows\system32\drivers\usbohci.sys
20:54:32.0316 1808 usbohci - ok
20:54:32.0488 1808 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
20:54:32.0488 1808 usbprint - ok
20:54:32.0675 1808 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
20:54:32.0675 1808 usbscan - ok
20:54:32.0831 1808 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:54:32.0846 1808 USBSTOR - ok
20:54:33.0065 1808 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\windows\system32\drivers\usbuhci.sys
20:54:33.0065 1808 usbuhci - ok
20:54:33.0252 1808 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
20:54:33.0268 1808 usbvideo - ok
20:54:33.0486 1808 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
20:54:33.0486 1808 vdrvroot - ok
20:54:33.0673 1808 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
20:54:33.0673 1808 vga - ok
20:54:33.0829 1808 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
20:54:33.0845 1808 VgaSave - ok
20:54:34.0016 1808 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
20:54:34.0016 1808 vhdmp - ok
20:54:34.0188 1808 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
20:54:34.0188 1808 viaagp - ok
20:54:34.0344 1808 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
20:54:34.0360 1808 ViaC7 - ok
20:54:34.0516 1808 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
20:54:34.0531 1808 viaide - ok
20:54:34.0687 1808 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
20:54:34.0687 1808 volmgr - ok
20:54:34.0859 1808 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
20:54:34.0874 1808 volmgrx - ok
20:54:35.0046 1808 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
20:54:35.0046 1808 volsnap - ok
20:54:35.0233 1808 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
20:54:35.0249 1808 vsmraid - ok
20:54:35.0405 1808 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
20:54:35.0420 1808 vwifibus - ok
20:54:35.0576 1808 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
20:54:35.0576 1808 vwififlt - ok
20:54:35.0764 1808 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
20:54:35.0779 1808 WacomPen - ok
20:54:35.0951 1808 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
20:54:35.0951 1808 WANARP - ok
20:54:35.0966 1808 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
20:54:35.0982 1808 Wanarpv6 - ok
20:54:36.0169 1808 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
20:54:36.0169 1808 Wd - ok
20:54:36.0310 1808 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
20:54:36.0341 1808 Wdf01000 - ok
20:54:36.0544 1808 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
20:54:36.0544 1808 WfpLwf - ok
20:54:36.0731 1808 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
20:54:36.0746 1808 WIMMount - ok
20:54:36.0996 1808 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
20:54:36.0996 1808 WinUsb - ok
20:54:37.0168 1808 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
20:54:37.0168 1808 WmiAcpi - ok
20:54:37.0370 1808 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
20:54:37.0402 1808 ws2ifsl - ok
20:54:37.0589 1808 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
20:54:37.0589 1808 WudfPf - ok
20:54:37.0760 1808 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
20:54:37.0760 1808 WUDFRd - ok
20:54:37.0838 1808 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0
20:54:37.0901 1808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:54:37.0901 1808 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:54:37.0932 1808 Boot (0x1200) (018c8d1d51ac5e068cd437b1c338f40d) \Device\Harddisk0\DR0\Partition0
20:54:37.0932 1808 \Device\Harddisk0\DR0\Partition0 - ok
20:54:37.0932 1808 ============================================================
20:54:37.0932 1808 Scan finished
20:54:37.0932 1808 ============================================================
20:54:37.0948 4480 Detected object count: 1
20:54:37.0948 4480 Actual detected object count: 1
20:55:11.0737 4480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:55:11.0737 4480 \Device\Harddisk0\DR0 - ok
20:55:11.0784 4480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:55:30.0301 4820 Deinitialize success

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:04 AM

Posted 29 December 2011 - 12:12 AM

Good.
See if you can run MBAM now.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Lina21

Lina21
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 December 2011 - 12:31 AM

I was able to run Malwarebytes now! =) Scan is in progress, will get back to you as soon as it is done. Thanks again!

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:04 AM

Posted 29 December 2011 - 01:16 AM

Cool :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users