Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engines do not work


  • Please log in to reply
16 replies to this topic

#1 maqe

maqe

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 05 January 2012 - 01:38 PM

Hi All,
I had the Gala Search engine redirect problem. I deleted some files and ran some antivirus/malware programs. Now I do not get the redirect, but search engines no longer work. I would greatly appreciate any guidance.

I mistakenly posted in the Logs section first. I'm sorry about that.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:55 AM

Posted 05 January 2012 - 09:35 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 maqe

maqe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 06 January 2012 - 09:31 AM

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

AVG 9.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

Farbar Service Scanner
Ran by MNance (administrator) on 06-01-2012 at 09:26:32
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS2\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS2\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS2\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS2\system32\netman.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\srsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS2\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS2\system32\qmgr.dll => MD5 is legit
C:\WINDOWS2\system32\es.dll => MD5 is legit
C:\WINDOWS2\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS2\system32\svchost.exe => MD5 is legit
C:\WINDOWS2\system32\rpcss.dll => MD5 is legit
C:\WINDOWS2\system32\services.exe => MD5 is legit

Extra List:
=======
AvgTdiX(86) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000005600000006000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox by Farbar
Ran by MNance (administrator) on 06-01-2012 at 09:28:47
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : INI-WKS-07

Primary Dns Suffix . . . . . . . : ini.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : ini.local

ini.local



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : ini.local

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1D-09-1C-B9-14

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.10.1.16

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.10.1.1

DHCP Server . . . . . . . . . . . : 10.10.1.10

DNS Servers . . . . . . . . . . . : 10.10.1.10

Lease Obtained. . . . . . . . . . : Friday, January 06, 2012 9:20:37 AM

Lease Expires . . . . . . . . . . : Saturday, January 14, 2012 9:20:37 AM

Server: ini-srv-01.ini.local
Address: 10.10.1.10

Name: google.com
Address: 87.125.87.103



Pinging google.com [87.125.87.103] with 32 bytes of data:



Reply from 87.125.87.103: bytes=32 time=81ms TTL=48

Reply from 87.125.87.103: bytes=32 time=77ms TTL=48



Ping statistics for 87.125.87.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 77ms, Maximum = 81ms, Average = 79ms

Server: ini-srv-01.ini.local
Address: 10.10.1.10

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=51ms TTL=53

Reply from 209.191.122.70: bytes=32 time=46ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 51ms, Average = 48ms

Server: ini-srv-01.ini.local
Address: 10.10.1.10

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 1c b9 14 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.1.1 10.10.1.16 10
10.10.1.0 255.255.255.0 10.10.1.16 10.10.1.16 10
10.10.1.16 255.255.255.255 127.0.0.1 127.0.0.1 10
10.255.255.255 255.255.255.255 10.10.1.16 10.10.1.16 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.10.1.16 10.10.1.16 10
255.255.255.255 255.255.255.255 10.10.1.16 10.10.1.16 1
Default Gateway: 10.10.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:2\Windows\System32\mswsock.dll [File Not found] ()
Catalog5 02 C:2\Windows\System32\winrnr.dll [File Not found] ()
Catalog5 03 C:2\Windows\System32\mswsock.dll [File Not found] ()
Catalog9 01 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 02 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 03 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 04 C:2\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 05 C:2\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 06 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 07 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 08 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 09 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 10 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 11 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 12 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 13 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 14 C:2\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 15 C:2\Windows\system32\mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/04/2012 04:01:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x800700e7 (converted to 0x800423f4).

Error: (01/04/2012 03:52:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).

Error: (01/04/2012 02:03:38 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 9.0.1.4371, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/04/2012 01:21:47 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/04/2012 01:21:47 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/03/2012 03:43:34 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/03/2012 03:33:11 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005

Error: (01/03/2012 03:00:52 AM) (Source: ESENT) (User: )
Description: Catalog Database (1204) Database recovery/restore failed with unexpected error -1216.

Error: (01/03/2012 03:00:52 AM) (Source: ESENT) (User: )
Description: Catalog Database (1204) Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS2\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a consistent state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, please contact PSS for further instructions regarding the steps required in order to allow recovery to proceed without this database.

Error: (01/02/2012 10:29:30 AM) (Source: ESENT) (User: )
Description: Catalog Database (1204) Database C:\WINDOWS2\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb is partially attached. Attachment stage: 1. Error: -1032.


System errors:
=============
Error: (01/06/2012 09:21:01 AM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (01/06/2012 09:19:51 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/06/2012 09:04:08 AM) (Source: DCOM) (User: MNance)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/06/2012 08:42:17 AM) (Source: DCOM) (User: MNance)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/06/2012 07:42:16 AM) (Source: DCOM) (User: MNance)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/06/2012 06:42:15 AM) (Source: DCOM) (User: MNance)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/06/2012 05:42:14 AM) (Source: DCOM) (User: MNance)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/06/2012 04:42:13 AM) (Source: DCOM) (User: MNance)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/06/2012 03:42:11 AM) (Source: DCOM) (User: MNance)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/06/2012 02:42:10 AM) (Source: DCOM) (User: MNance)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}


Microsoft Office Sessions:
=========================
Error: (08/18/2011 02:23:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 167303 seconds with 14340 seconds of active time. This session ended with a crash.

Error: (07/01/2011 04:16:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 600 seconds with 60 seconds of active time. This session ended with a crash.

Error: (10/02/2009 09:51:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 158377 seconds with 3000 seconds of active time. This session ended with a crash.

Error: (09/30/2009 01:51:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 84183 seconds with 3600 seconds of active time. This session ended with a crash.

Error: (09/11/2009 08:31:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 164587 seconds with 2580 seconds of active time. This session ended with a crash.

Error: (08/31/2009 01:56:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19057 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (06/17/2009 02:04:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 188374 seconds with 8280 seconds of active time. This session ended with a crash.

Error: (02/02/2009 09:40:47 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 241625 seconds with 360 seconds of active time. This session ended with a crash.

Error: (08/08/2008 03:22:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 341988 seconds with 10260 seconds of active time. This session ended with a crash.

Error: (08/04/2008 04:16:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4424 seconds with 3060 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Fonts All (Version: 2.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe SING CS4 (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
AVG 9.0
Belarc Advisor 8.1
Broadcom Gigabit Integrated Controller (Version: 10.50.03)
Castle Link (Version: 3.41.1)
Connect (Version: 1.0.0.1)
Dell Printer Software Uninstall
Dell Resource CD (Version: 1.10.0000)
EngNet Tools 1.4 (Version: 1.4)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.013)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Java Auto Updater (Version: 2.0.6.1)
kuler (Version: 2.0)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Materials Compatability 1.2
Microsoft .NET Compact Framework 2.0 (Version: 2.0.5239)
Microsoft .NET Compact Framework 3.5 Pre-Release (Version: 3.5.7066)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project Professional 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Notepad++ (Version: 5.9.6.2)
NVIDIA Drivers
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
PowerDVD (Version: 7.0)
Pro/ENGINEER Release Wildfire 5.0 Datecode M030 (Version: Wildfire 5.0)
Pro/ENGINEER Thumbnail Viewer 1.0 (Version: 28.10.020)
ProductView Express 9.1 (Version: 9.1.40.14)
ProtoView Plugin (Version: 1.3.2)
ScicosLab 4.4 (Version: 4.4)
SE309
SoundMAX (Version: 5.10.01.5450)
Strawberry Perl (Version: 5.12.768)
Suite Shared Configuration CS4 (Version: 1.0)
TBS WMP Plug-in (Version: 1.00.676)
Update service (Version: 3.1)
Update Service (Version: 3.2.0)
VOB2MPG 2.5 (Version: 2.5.0)
WebFldrs XP (Version: 9.50.7523)
Windchill ProductPoint Client Manager (Version: 1.1.187)
Windows Essentials Media Codec Pack 3.0 (Version: 3.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Small Business Server 2008 ClientAgent (Version: 6.0.5601.0)
Windows Small Business Server 2008 WMI Provider (Version: 6.0.5601.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
WM Converter 2.0

========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 1021.54 MB
Available physical RAM: 335.6 MB
Total Pagefile: 2458.32 MB
Available Pagefile: 1808.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.96 GB) (Free:115.79 GB) NTFS
3 Drive o: (Data) (Network) (Total:882.42 GB) (Free:358.38 GB) NTFS
4 Drive t: () (Network) (Total:70.3 GB) (Free:43.68 GB) NTFS
5 Drive x: (Data) (Network) (Total:882.42 GB) (Free:358.38 GB) NTFS
6 Drive z: (Data) (Network) (Total:882.42 GB) (Free:358.38 GB) NTFS

========================= Users: ========================================

User accounts for \\INI-WKS-07

__sbs_netsetup__ Administrator ASPNET
Guest HelpAssistant mnance
SUPPORT_388945a0


**** End of log ****

#4 maqe

maqe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 06 January 2012 - 10:03 AM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MNance :: INI-WKS-07 [administrator]

1/6/2012 9:34:08 AM
mbam-log-2012-01-06 (09-34-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391936
Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:55 AM

Posted 06 January 2012 - 11:29 AM

...and GMER...

Did you disable system restore for some reason?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 maqe

maqe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 06 January 2012 - 03:24 PM

I likely disabled it during one of my other attempts to get rid of the virus.



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-06 11:57:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.05.0
Running: vdmr1yc4.exe; Driver: C:\DOCUME~1\mnance.INI\LOCALS~1\Temp\kfldraow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text iaStor.sys F73F4BB8 1 Byte [CC] {INT 3 }
.text C:\WINDOWS2\system32\DRIVERS\nv4_mini.sys section is writeable [0xF65C2380, 0x2FFE87, 0xE8000020]
init C:\WINDOWS2\system32\drivers\Senfilt.sys entry point in "init" section [0xEF6DCA00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS2\Explorer.EXE[2408] @ C:\WINDOWS2\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS2\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat B9AA2D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:160] 865B9161
Thread System [4:340] 86404C30

---- EOF - GMER 1.0.15 ----

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:55 AM

Posted 06 January 2012 - 04:26 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 maqe

maqe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 06 January 2012 - 04:50 PM

16:42:44.0165 2264 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:42:44.0461 2264 ============================================================
16:42:44.0461 2264 Current date / time: 2012/01/06 16:42:44.0461
16:42:44.0461 2264 SystemInfo:
16:42:44.0461 2264
16:42:44.0461 2264 OS Version: 5.1.2600 ServicePack: 3.0
16:42:44.0461 2264 Product type: Workstation
16:42:44.0461 2264 ComputerName: INI-WKS-07
16:42:44.0461 2264 UserName: MNance
16:42:44.0461 2264 Windows directory: C:\WINDOWS2
16:42:44.0461 2264 System windows directory: C:\WINDOWS2
16:42:44.0461 2264 Processor architecture: Intel x86
16:42:44.0461 2264 Number of processors: 2
16:42:44.0461 2264 Page size: 0x1000
16:42:44.0461 2264 Boot type: Normal boot
16:42:44.0461 2264 ============================================================
16:42:44.0883 2264 Initialize success
16:43:23.0118 3264 ============================================================
16:43:23.0118 3264 Scan started
16:43:23.0118 3264 Mode: Manual;
16:43:23.0118 3264 ============================================================
16:43:23.0555 3264 Abiosdsk - ok
16:43:23.0555 3264 abp480n5 - ok
16:43:23.0634 3264 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS2\system32\DRIVERS\ACPI.sys
16:43:23.0634 3264 Suspicious file (Forged): C:\WINDOWS2\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
16:43:23.0634 3264 ACPI ( Virus.Win32.Rloader.a ) - infected
16:43:23.0634 3264 ACPI - detected Virus.Win32.Rloader.a (0)
16:43:23.0665 3264 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS2\system32\drivers\ACPIEC.sys
16:43:23.0680 3264 ACPIEC - ok
16:43:23.0680 3264 adfs - ok
16:43:23.0727 3264 ADIHdAudAddService (de25fc7de3a464e455c0d0012757b0ac) C:\WINDOWS2\system32\drivers\ADIHdAud.sys
16:43:23.0743 3264 ADIHdAudAddService - ok
16:43:23.0743 3264 adpu160m - ok
16:43:23.0759 3264 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS2\system32\drivers\aec.sys
16:43:23.0774 3264 aec - ok
16:43:23.0821 3264 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS2\System32\drivers\afd.sys
16:43:23.0821 3264 AFD - ok
16:43:23.0837 3264 Aha154x - ok
16:43:23.0837 3264 aic78u2 - ok
16:43:23.0852 3264 aic78xx - ok
16:43:23.0852 3264 AliIde - ok
16:43:23.0868 3264 amsint - ok
16:43:23.0868 3264 asc - ok
16:43:23.0884 3264 asc3350p - ok
16:43:23.0884 3264 asc3550 - ok
16:43:23.0946 3264 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS2\system32\DRIVERS\asyncmac.sys
16:43:23.0946 3264 AsyncMac - ok
16:43:23.0993 3264 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS2\system32\drivers\atapi.sys
16:43:23.0993 3264 atapi - ok
16:43:23.0993 3264 Atdisk - ok
16:43:24.0009 3264 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS2\system32\DRIVERS\atmarpc.sys
16:43:24.0009 3264 Atmarpc - ok
16:43:24.0055 3264 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS2\system32\DRIVERS\audstub.sys
16:43:24.0055 3264 audstub - ok
16:43:24.0087 3264 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS2\system32\Drivers\avgldx86.sys
16:43:24.0102 3264 AvgLdx86 - ok
16:43:24.0149 3264 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS2\system32\Drivers\avgmfx86.sys
16:43:24.0149 3264 AvgMfx86 - ok
16:43:24.0180 3264 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS2\system32\Drivers\avgrkx86.sys
16:43:24.0180 3264 AvgRkx86 - ok
16:43:24.0227 3264 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS2\system32\Drivers\avgtdix.sys
16:43:24.0227 3264 AvgTdiX - ok
16:43:24.0290 3264 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS2\system32\DRIVERS\b57xp32.sys
16:43:24.0290 3264 b57w2k - ok
16:43:24.0337 3264 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS2\System32\Drivers\BANTExt.sys
16:43:24.0337 3264 BANTExt - ok
16:43:24.0368 3264 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS2\system32\drivers\Beep.sys
16:43:24.0368 3264 Beep - ok
16:43:24.0587 3264 catchme - ok
16:43:24.0602 3264 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS2\system32\drivers\cbidf2k.sys
16:43:24.0602 3264 cbidf2k - ok
16:43:24.0634 3264 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS2\system32\DRIVERS\CCDECODE.sys
16:43:24.0634 3264 CCDECODE - ok
16:43:24.0634 3264 cd20xrnt - ok
16:43:24.0680 3264 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS2\system32\drivers\Cdaudio.sys
16:43:24.0696 3264 Cdaudio - ok
16:43:24.0759 3264 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS2\system32\drivers\Cdfs.sys
16:43:24.0759 3264 Cdfs - ok
16:43:24.0774 3264 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS2\system32\DRIVERS\cdrom.sys
16:43:24.0774 3264 Cdrom - ok
16:43:24.0821 3264 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS2\system32\drivers\cercsr6.sys
16:43:24.0821 3264 cercsr6 - ok
16:43:24.0821 3264 Changer - ok
16:43:24.0837 3264 CmdIde - ok
16:43:24.0837 3264 Cpqarray - ok
16:43:24.0852 3264 dac2w2k - ok
16:43:24.0852 3264 dac960nt - ok
16:43:24.0868 3264 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS2\system32\DRIVERS\disk.sys
16:43:24.0868 3264 Disk - ok
16:43:24.0899 3264 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS2\system32\drivers\dmboot.sys
16:43:24.0915 3264 dmboot - ok
16:43:24.0930 3264 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS2\system32\drivers\dmio.sys
16:43:24.0930 3264 dmio - ok
16:43:24.0946 3264 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS2\system32\drivers\dmload.sys
16:43:24.0946 3264 dmload - ok
16:43:24.0977 3264 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS2\system32\drivers\DMusic.sys
16:43:24.0977 3264 DMusic - ok
16:43:24.0993 3264 dpti2o - ok
16:43:25.0009 3264 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS2\system32\drivers\drmkaud.sys
16:43:25.0009 3264 drmkaud - ok
16:43:25.0055 3264 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS2\system32\drivers\Fastfat.sys
16:43:25.0055 3264 Fastfat - ok
16:43:25.0071 3264 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS2\system32\drivers\Fdc.sys
16:43:25.0071 3264 Fdc - ok
16:43:25.0087 3264 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS2\system32\drivers\Fips.sys
16:43:25.0087 3264 Fips - ok
16:43:25.0102 3264 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS2\system32\drivers\Flpydisk.sys
16:43:25.0102 3264 Flpydisk - ok
16:43:25.0165 3264 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS2\system32\drivers\fltmgr.sys
16:43:25.0165 3264 FltMgr - ok
16:43:25.0196 3264 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS2\system32\drivers\Fs_Rec.sys
16:43:25.0212 3264 Fs_Rec - ok
16:43:25.0212 3264 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS2\system32\DRIVERS\ftdisk.sys
16:43:25.0227 3264 Ftdisk - ok
16:43:25.0259 3264 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS2\system32\DRIVERS\msgpc.sys
16:43:25.0259 3264 Gpc - ok
16:43:25.0321 3264 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS2\system32\DRIVERS\HDAudBus.sys
16:43:25.0321 3264 HDAudBus - ok
16:43:25.0337 3264 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS2\system32\DRIVERS\hidusb.sys
16:43:25.0337 3264 hidusb - ok
16:43:25.0352 3264 hpn - ok
16:43:25.0399 3264 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS2\system32\Drivers\ANDROIDUSB.sys
16:43:25.0399 3264 HTCAND32 - ok
16:43:25.0430 3264 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS2\system32\DRIVERS\htcnprot.sys
16:43:25.0430 3264 htcnprot - ok
16:43:25.0493 3264 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS2\system32\Drivers\HTTP.sys
16:43:25.0493 3264 HTTP - ok
16:43:25.0509 3264 i2omgmt - ok
16:43:25.0509 3264 i2omp - ok
16:43:25.0524 3264 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS2\system32\DRIVERS\i8042prt.sys
16:43:25.0524 3264 i8042prt - ok
16:43:25.0571 3264 iastor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS2\system32\DRIVERS\iaStor.sys
16:43:25.0571 3264 iastor - ok
16:43:25.0587 3264 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS2\system32\DRIVERS\imapi.sys
16:43:25.0602 3264 Imapi - ok
16:43:25.0602 3264 ini910u - ok
16:43:25.0618 3264 IntelIde - ok
16:43:25.0680 3264 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS2\system32\DRIVERS\intelppm.sys
16:43:25.0680 3264 intelppm - ok
16:43:25.0712 3264 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS2\system32\drivers\ip6fw.sys
16:43:25.0712 3264 Ip6Fw - ok
16:43:25.0743 3264 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS2\system32\DRIVERS\ipfltdrv.sys
16:43:25.0743 3264 IpFilterDriver - ok
16:43:25.0759 3264 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS2\system32\DRIVERS\ipinip.sys
16:43:25.0759 3264 IpInIp - ok
16:43:25.0805 3264 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS2\system32\DRIVERS\ipnat.sys
16:43:25.0805 3264 IpNat - ok
16:43:25.0821 3264 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS2\system32\DRIVERS\ipsec.sys
16:43:25.0821 3264 IPSec - ok
16:43:25.0852 3264 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS2\system32\DRIVERS\irenum.sys
16:43:25.0852 3264 IRENUM - ok
16:43:25.0899 3264 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS2\system32\DRIVERS\isapnp.sys
16:43:25.0899 3264 isapnp - ok
16:43:25.0915 3264 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS2\system32\DRIVERS\kbdclass.sys
16:43:25.0915 3264 Kbdclass - ok
16:43:25.0915 3264 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS2\system32\DRIVERS\kbdhid.sys
16:43:25.0915 3264 kbdhid - ok
16:43:25.0930 3264 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS2\system32\drivers\kmixer.sys
16:43:25.0946 3264 kmixer - ok
16:43:25.0977 3264 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS2\system32\drivers\KSecDD.sys
16:43:25.0977 3264 KSecDD - ok
16:43:25.0993 3264 lbrtfdc - ok
16:43:26.0009 3264 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS2\system32\drivers\mnmdd.sys
16:43:26.0009 3264 mnmdd - ok
16:43:26.0040 3264 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS2\system32\drivers\Modem.sys
16:43:26.0040 3264 Modem - ok
16:43:26.0071 3264 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS2\system32\DRIVERS\mouclass.sys
16:43:26.0071 3264 Mouclass - ok
16:43:26.0087 3264 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS2\system32\drivers\MountMgr.sys
16:43:26.0087 3264 MountMgr - ok
16:43:26.0087 3264 mraid35x - ok
16:43:26.0102 3264 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS2\system32\DRIVERS\mrxdav.sys
16:43:26.0102 3264 MRxDAV - ok
16:43:26.0165 3264 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS2\system32\DRIVERS\mrxsmb.sys
16:43:26.0165 3264 MRxSmb - ok
16:43:26.0180 3264 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS2\system32\drivers\Msfs.sys
16:43:26.0180 3264 Msfs - ok
16:43:26.0212 3264 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS2\system32\drivers\MSKSSRV.sys
16:43:26.0212 3264 MSKSSRV - ok
16:43:26.0227 3264 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS2\system32\drivers\MSPCLOCK.sys
16:43:26.0227 3264 MSPCLOCK - ok
16:43:26.0243 3264 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS2\system32\drivers\MSPQM.sys
16:43:26.0243 3264 MSPQM - ok
16:43:26.0305 3264 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS2\system32\DRIVERS\mssmbios.sys
16:43:26.0305 3264 mssmbios - ok
16:43:26.0352 3264 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS2\system32\drivers\MSTEE.sys
16:43:26.0352 3264 MSTEE - ok
16:43:26.0368 3264 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS2\system32\drivers\Mup.sys
16:43:26.0368 3264 Mup - ok
16:43:26.0399 3264 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS2\system32\DRIVERS\NABTSFEC.sys
16:43:26.0399 3264 NABTSFEC - ok
16:43:26.0430 3264 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS2\system32\drivers\NDIS.sys
16:43:26.0446 3264 NDIS - ok
16:43:26.0477 3264 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS2\system32\DRIVERS\NdisIP.sys
16:43:26.0477 3264 NdisIP - ok
16:43:26.0509 3264 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS2\system32\DRIVERS\ndistapi.sys
16:43:26.0509 3264 NdisTapi - ok
16:43:26.0540 3264 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS2\system32\DRIVERS\ndisuio.sys
16:43:26.0540 3264 Ndisuio - ok
16:43:26.0540 3264 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS2\system32\DRIVERS\ndiswan.sys
16:43:26.0555 3264 NdisWan - ok
16:43:26.0602 3264 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS2\system32\drivers\NDProxy.sys
16:43:26.0602 3264 NDProxy - ok
16:43:26.0618 3264 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS2\system32\DRIVERS\netbios.sys
16:43:26.0634 3264 NetBIOS - ok
16:43:26.0649 3264 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS2\system32\DRIVERS\netbt.sys
16:43:26.0665 3264 NetBT - ok
16:43:26.0665 3264 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS2\system32\drivers\Npfs.sys
16:43:26.0680 3264 Npfs - ok
16:43:26.0727 3264 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS2\system32\drivers\Ntfs.sys
16:43:26.0743 3264 Ntfs - ok
16:43:26.0790 3264 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS2\system32\drivers\Null.sys
16:43:26.0790 3264 Null - ok
16:43:27.0009 3264 nv (5a6469d861970151e687fb76e10bbb3a) C:\WINDOWS2\system32\DRIVERS\nv4_mini.sys
16:43:27.0196 3264 nv - ok
16:43:27.0227 3264 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS2\system32\DRIVERS\nwlnkflt.sys
16:43:27.0227 3264 NwlnkFlt - ok
16:43:27.0243 3264 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS2\system32\DRIVERS\nwlnkfwd.sys
16:43:27.0243 3264 NwlnkFwd - ok
16:43:27.0274 3264 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS2\system32\DRIVERS\parport.sys
16:43:27.0274 3264 Parport - ok
16:43:27.0274 3264 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS2\system32\drivers\PartMgr.sys
16:43:27.0274 3264 PartMgr - ok
16:43:27.0321 3264 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS2\system32\drivers\ParVdm.sys
16:43:27.0337 3264 ParVdm - ok
16:43:27.0337 3264 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS2\system32\DRIVERS\pci.sys
16:43:27.0337 3264 PCI - ok
16:43:27.0352 3264 PCIDump - ok
16:43:27.0352 3264 PCIIde - ok
16:43:27.0415 3264 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS2\system32\drivers\Pcmcia.sys
16:43:27.0415 3264 Pcmcia - ok
16:43:27.0415 3264 PDCOMP - ok
16:43:27.0430 3264 PDFRAME - ok
16:43:27.0430 3264 PDRELI - ok
16:43:27.0446 3264 PDRFRAME - ok
16:43:27.0446 3264 perc2 - ok
16:43:27.0462 3264 perc2hib - ok
16:43:27.0509 3264 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS2\system32\DRIVERS\raspptp.sys
16:43:27.0509 3264 PptpMiniport - ok
16:43:27.0524 3264 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS2\system32\DRIVERS\psched.sys
16:43:27.0524 3264 PSched - ok
16:43:27.0555 3264 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS2\system32\DRIVERS\ptilink.sys
16:43:27.0555 3264 Ptilink - ok
16:43:27.0571 3264 ql1080 - ok
16:43:27.0571 3264 Ql10wnt - ok
16:43:27.0587 3264 ql12160 - ok
16:43:27.0587 3264 ql1240 - ok
16:43:27.0587 3264 ql1280 - ok
16:43:27.0634 3264 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS2\system32\DRIVERS\rasacd.sys
16:43:27.0634 3264 RasAcd - ok
16:43:27.0649 3264 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS2\system32\DRIVERS\rasl2tp.sys
16:43:27.0649 3264 Rasl2tp - ok
16:43:27.0665 3264 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS2\system32\DRIVERS\raspppoe.sys
16:43:27.0665 3264 RasPppoe - ok
16:43:27.0665 3264 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS2\system32\DRIVERS\raspti.sys
16:43:27.0665 3264 Raspti - ok
16:43:27.0712 3264 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS2\system32\DRIVERS\rdbss.sys
16:43:27.0712 3264 Rdbss - ok
16:43:27.0727 3264 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS2\system32\DRIVERS\RDPCDD.sys
16:43:27.0727 3264 RDPCDD - ok
16:43:27.0727 3264 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS2\system32\DRIVERS\rdpdr.sys
16:43:27.0727 3264 rdpdr - ok
16:43:27.0790 3264 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS2\system32\drivers\RDPWD.sys
16:43:27.0790 3264 RDPWD - ok
16:43:27.0805 3264 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS2\system32\DRIVERS\redbook.sys
16:43:27.0805 3264 redbook - ok
16:43:27.0868 3264 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS2\system32\Drivers\RimUsb.sys
16:43:27.0868 3264 RimUsb - ok
16:43:27.0946 3264 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS2\system32\DRIVERS\secdrv.sys
16:43:27.0946 3264 Secdrv - ok
16:43:28.0009 3264 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS2\system32\drivers\Senfilt.sys
16:43:28.0009 3264 SenFiltService - ok
16:43:28.0009 3264 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS2\system32\DRIVERS\serenum.sys
16:43:28.0009 3264 serenum - ok
16:43:28.0024 3264 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS2\system32\DRIVERS\serial.sys
16:43:28.0024 3264 Serial - ok
16:43:28.0040 3264 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS2\system32\drivers\Sfloppy.sys
16:43:28.0040 3264 Sfloppy - ok
16:43:28.0055 3264 Simbad - ok
16:43:28.0087 3264 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS2\system32\DRIVERS\SLIP.sys
16:43:28.0087 3264 SLIP - ok
16:43:28.0102 3264 Sparrow - ok
16:43:28.0134 3264 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS2\system32\drivers\splitter.sys
16:43:28.0134 3264 splitter - ok
16:43:28.0149 3264 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS2\system32\DRIVERS\sr.sys
16:43:28.0149 3264 sr - ok
16:43:28.0180 3264 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS2\system32\DRIVERS\srv.sys
16:43:28.0196 3264 Srv - ok
16:43:28.0212 3264 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS2\system32\DRIVERS\StreamIP.sys
16:43:28.0212 3264 streamip - ok
16:43:28.0243 3264 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS2\system32\DRIVERS\swenum.sys
16:43:28.0243 3264 swenum - ok
16:43:28.0259 3264 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS2\system32\drivers\swmidi.sys
16:43:28.0259 3264 swmidi - ok
16:43:28.0259 3264 symc810 - ok
16:43:28.0274 3264 symc8xx - ok
16:43:28.0274 3264 sym_hi - ok
16:43:28.0274 3264 sym_u3 - ok
16:43:28.0290 3264 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS2\system32\drivers\sysaudio.sys
16:43:28.0290 3264 sysaudio - ok
16:43:28.0368 3264 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS2\system32\DRIVERS\tcpip.sys
16:43:28.0368 3264 Tcpip - ok
16:43:28.0399 3264 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS2\system32\drivers\TDPIPE.sys
16:43:28.0399 3264 TDPIPE - ok
16:43:28.0430 3264 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS2\system32\drivers\TDTCP.sys
16:43:28.0430 3264 TDTCP - ok
16:43:28.0446 3264 TermDD (88155247177638048422893737429d9e) C:\WINDOWS2\system32\DRIVERS\termdd.sys
16:43:28.0446 3264 TermDD - ok
16:43:28.0462 3264 TosIde - ok
16:43:28.0493 3264 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS2\system32\drivers\Udfs.sys
16:43:28.0509 3264 Udfs - ok
16:43:28.0509 3264 ultra - ok
16:43:28.0540 3264 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS2\system32\DRIVERS\update.sys
16:43:28.0540 3264 Update - ok
16:43:28.0571 3264 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS2\system32\drivers\usbaudio.sys
16:43:28.0571 3264 usbaudio - ok
16:43:28.0602 3264 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS2\system32\DRIVERS\usbccgp.sys
16:43:28.0602 3264 usbccgp - ok
16:43:28.0665 3264 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS2\system32\DRIVERS\usbehci.sys
16:43:28.0665 3264 usbehci - ok
16:43:28.0680 3264 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS2\system32\DRIVERS\usbhub.sys
16:43:28.0680 3264 usbhub - ok
16:43:28.0680 3264 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS2\system32\DRIVERS\USBSTOR.SYS
16:43:28.0680 3264 USBSTOR - ok
16:43:28.0727 3264 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS2\system32\DRIVERS\usbuhci.sys
16:43:28.0727 3264 usbuhci - ok
16:43:28.0727 3264 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS2\system32\Drivers\usbvideo.sys
16:43:28.0727 3264 usbvideo - ok
16:43:28.0774 3264 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS2\system32\DRIVERS\usb8023x.sys
16:43:28.0774 3264 usb_rndisx - ok
16:43:28.0805 3264 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS2\System32\drivers\vga.sys
16:43:28.0821 3264 VgaSave - ok
16:43:28.0821 3264 ViaIde - ok
16:43:28.0837 3264 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS2\system32\drivers\VolSnap.sys
16:43:28.0837 3264 VolSnap - ok
16:43:28.0852 3264 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS2\system32\DRIVERS\wanarp.sys
16:43:28.0852 3264 Wanarp - ok
16:43:28.0915 3264 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS2\system32\DRIVERS\Wdf01000.sys
16:43:28.0915 3264 Wdf01000 - ok
16:43:28.0930 3264 WDICA - ok
16:43:28.0946 3264 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS2\system32\drivers\wdmaud.sys
16:43:28.0946 3264 wdmaud - ok
16:43:29.0009 3264 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS2\System32\drivers\ws2ifsl.sys
16:43:29.0009 3264 WS2IFSL - ok
16:43:29.0040 3264 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS2\system32\DRIVERS\WSTCODEC.SYS
16:43:29.0040 3264 WSTCODEC - ok
16:43:29.0071 3264 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS2\system32\DRIVERS\WudfPf.sys
16:43:29.0071 3264 WudfPf - ok
16:43:29.0087 3264 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS2\system32\DRIVERS\wudfrd.sys
16:43:29.0087 3264 WudfRd - ok
16:43:29.0102 3264 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:43:29.0321 3264 \Device\Harddisk0\DR0 - ok
16:43:29.0337 3264 Boot (0x1200) (40ba6495c0e322863565547f31c8df25) \Device\Harddisk0\DR0\Partition0
16:43:29.0337 3264 \Device\Harddisk0\DR0\Partition0 - ok
16:43:29.0337 3264 ============================================================
16:43:29.0337 3264 Scan finished
16:43:29.0337 3264 ============================================================
16:43:29.0337 3292 Detected object count: 1
16:43:29.0337 3292 Actual detected object count: 1
16:43:41.0290 3292 Backup copy found, using it..
16:43:41.0290 3292 C:\WINDOWS2\system32\DRIVERS\ACPI.sys - will be cured on reboot
16:43:41.0290 3292 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
16:44:08.0524 2724 Deinitialize success

#9 maqe

maqe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 06 January 2012 - 04:52 PM

My search engines are working again!

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:55 AM

Posted 06 January 2012 - 04:54 PM

Good news :)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 maqe

maqe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 06 January 2012 - 05:27 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-06 17:16:46
-----------------------------
17:16:46.929 OS Version: Windows 5.1.2600 Service Pack 3
17:16:46.929 Number of processors: 2 586 0xF0B
17:16:46.929 ComputerName: INI-WKS-07 UserName: MNance
17:16:47.413 Initialize success
17:17:24.100 AVAST engine defs: 12010601
17:17:40.428 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:17:40.428 Disk 0 Vendor: WDC_WD16 05.0 Size: 152587MB BusType: 3
17:17:40.443 Disk 0 MBR read successfully
17:17:40.443 Disk 0 MBR scan
17:17:40.522 Disk 0 Windows XP default MBR code
17:17:40.522 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
17:17:40.537 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152531 MB offset 112455
17:17:40.537 Disk 0 scanning sectors +312496380
17:17:40.647 Disk 0 scanning C:\WINDOWS2\system32\drivers
17:17:56.271 Service scanning
17:17:57.349 Modules scanning
17:18:03.115 Disk 0 trace - called modules:
17:18:03.146 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:18:03.146 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86615030]
17:18:03.146 3 CLASSPNP.SYS[f7646fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86fc8030]
17:18:04.052 AVAST engine scan C:\WINDOWS2
17:18:33.302 AVAST engine scan C:\WINDOWS2\system32
17:20:24.271 AVAST engine scan C:\WINDOWS2\system32\drivers
17:20:37.303 AVAST engine scan C:\Documents and Settings\mnance.INI
17:22:37.779 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS2
17:23:43.939 Scan finished successfully
17:26:41.242 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mnance.INI\Desktop\MBR.dat"
17:26:41.242 The log file has been saved successfully to "C:\Documents and Settings\mnance.INI\Desktop\aswMBR.txt"

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:55 AM

Posted 06 January 2012 - 06:03 PM

Last checks...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 maqe

maqe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 09 January 2012 - 09:13 AM

I have ran TFC. I'm running ESET now.

#14 maqe

maqe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 09 January 2012 - 10:43 AM

ESET Ran. 0 infected files. :thumbsup:

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:55 AM

Posted 09 January 2012 - 10:52 AM

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users