Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

302 moved error


  • Please log in to reply
12 replies to this topic

#1 hddoutside

hddoutside

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 14 January 2012 - 04:49 PM

every time i use google i get a 302 moved error. it says 302 moved the document has moved here. here* is a hyperlink that takes me to a 404 not found page that say's nginx under the 404 description. help!

Edited by Budapest, 15 January 2012 - 05:15 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 hddoutside

hddoutside
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 14 January 2012 - 08:35 PM

ok the 302 error is gone but when i go to google i get a ip address in the address bar. also the google tool bar does not work it just sends me to the (fake?) google site

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 AM

Posted 18 January 2012 - 09:13 PM

Hello and sorry for the wait. Lets do these and see how it is after.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 hddoutside

hddoutside
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 19 January 2012 - 05:30 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Aaron (administrator) on 19-01-2012 at 16:26:37
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6200 AGN = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Aaron-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-27-10-A3-F3-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-27-10-A3-F3-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 00-27-10-A3-F3-9C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5df7:561:d717:3796%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.16(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 19, 2012 4:16:43 PM
Lease Expires . . . . . . . . . . : Thursday, January 26, 2012 4:16:42 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 184559376
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-35-5B-51-5C-26-0A-0A-22-95
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 5C-AC-4C-DB-18-D4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 5C-26-0A-0A-22-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B83721F3-E254-43B1-AF0C-B774A4F19E05}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:855:1dea:e750:22c5(Preferred)
Link-local IPv6 Address . . . . . : fe80::855:1dea:e750:22c5%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: www
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.227.20
74.125.227.16
74.125.227.17
74.125.227.18
74.125.227.19


Pinging google.com [74.125.227.82] with 32 bytes of data:
General failure.
General failure.

Ping statistics for 74.125.227.82:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server: www
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
General failure.
General failure.

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server: www
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
General failure.
General failure.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 2ms, Average = 2ms
===========================================================================
Interface List
16...00 27 10 a3 f3 9d ......Microsoft Virtual WiFi Miniport Adapter #2
15...00 27 10 a3 f3 9d ......Microsoft Virtual WiFi Miniport Adapter
14...00 27 10 a3 f3 9c ......Intel® Centrino® Advanced-N 6200 AGN
12...5c ac 4c db 18 d4 ......Bluetooth Device (Personal Area Network)
11...5c 26 0a 0a 22 95 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.16 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.16 281
192.168.0.16 255.255.255.255 On-link 192.168.0.16 281
192.168.0.255 255.255.255.255 On-link 192.168.0.16 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.16 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.16 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:855:1dea:e750:22c5/128
On-link
14 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::855:1dea:e750:22c5/128
On-link
14 281 fe80::5df7:561:d717:3796/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
14 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/18/2012 08:02:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/18/2012 08:01:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/18/2012 06:18:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54744401

Error: (01/18/2012 06:18:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54744401

Error: (01/18/2012 06:18:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2012 06:18:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54743356

Error: (01/18/2012 06:18:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54743356

Error: (01/18/2012 06:18:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2012 06:18:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54742233

Error: (01/18/2012 06:18:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54742233


System errors:
=============
Error: (01/19/2012 04:16:42 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error:
%%2

Error: (01/19/2012 04:03:49 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (01/19/2012 03:00:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2556532).

Error: (01/19/2012 03:00:14 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (01/18/2012 07:06:18 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MARCOASOLIS-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B83721F3-E254-43B1-AF0C-B774A4F19E05}.
The master browser is stopping or an election is being forced.

Error: (01/18/2012 06:18:10 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (01/18/2012 03:00:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2556532).

Error: (01/18/2012 03:00:15 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (01/17/2012 07:04:56 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (01/17/2012 06:50:36 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 10 Plugin (Version: 10.1.53.64)
Adobe Reader 9.1.2 (Version: 9.1.2)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.2109)
AVG 2012 (Version: 2012.0.1901)
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
Consumer In-Home Service Agreement (Version: 2.0.0)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.40)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Webcam Central (Version: 1.40.05)
DiskAid 5.01 (Version: 5.01)
GoToAssist 8.0.0.514
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2104)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.00.0000)
Intel® Turbo Boost Technology Driver (Version: 01.02.00.1002)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 14.0.8089.726)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
McAfee Virtual Technician (Version: 6.0.0.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Suite Activation Assistant (Version: 1.2.1)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 14.0.1468.721)
Quickset64 (Version: 10.3.2)
Roxio Burn (Version: 1.01)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.169)
Synaptics Pointing Device Driver (Version: 15.0.3.0)
Tanks (Version: 1.1.0.1)
Update for Microsoft Office Word 2007 (KB974631)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WIDCOMM Bluetooth Software (Version: 6.2.0.9603)
WildTangent Games (Version: 1.0.0.71)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 3764.53 MB
Available physical RAM: 2444.13 MB
Total Pagefile: 7527.2 MB
Available Pagefile: 5831.01 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.33 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:401.78 GB) NTFS

========================= Users: ========================================

User accounts for \\AARON-PC

Aaron Administrator Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#5 hddoutside

hddoutside
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 19 January 2012 - 05:34 PM

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Aaron :: AARON-PC [administrator]

Protection: Enabled

1/19/2012 4:29:22 PM
mbam-log-2012-01-19 (16-29-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206237
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Detected: 1
C:\WINDOWS\svchost.exe (Trojan.Agent) -> 3896 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

#6 hddoutside

hddoutside
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 19 January 2012 - 06:59 PM

i didnt know if you want to gmer results so here
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-19 17:58:16
Windows 6.1.7600
Running: zwi0t1e4.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cdb18d4
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cdb18d4 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\ProgramData\AVG2012\Chjw\f006ae9e06ae6576\40924665-9c16-4e79-9154-ac1cb2c3e404 4294648 bytes
File C:\ProgramData\AVG2012\Chjw\f006ae9e06ae6576\8caf1039-4575-4064-983e-25551a401c47 10760182 bytes

---- EOF - GMER 1.0.15 ----

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 AM

Posted 19 January 2012 - 08:52 PM

Hello again. plese run these next as the shown errors may indicate a failed service or TDSS infection..

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 hddoutside

hddoutside
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 19 January 2012 - 10:57 PM

it needed a reboot
21:49:10.0122 5904 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
21:49:12.0123 5904 ============================================================
21:49:12.0123 5904 Current date / time: 2012/01/19 21:49:12.0123
21:49:12.0123 5904 SystemInfo:
21:49:12.0123 5904
21:49:12.0123 5904 OS Version: 6.1.7600 ServicePack: 0.0
21:49:12.0123 5904 Product type: Workstation
21:49:12.0124 5904 ComputerName: AARON-PC
21:49:12.0125 5904 UserName: Aaron
21:49:12.0125 5904 Windows directory: C:\Windows
21:49:12.0125 5904 System windows directory: C:\Windows
21:49:12.0125 5904 Running under WOW64
21:49:12.0125 5904 Processor architecture: Intel x64
21:49:12.0125 5904 Number of processors: 4
21:49:12.0125 5904 Page size: 0x1000
21:49:12.0125 5904 Boot type: Normal boot
21:49:12.0125 5904 ============================================================
21:49:13.0509 5904 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:49:13.0529 5904 Initialize success
21:49:24.0900 4980 ============================================================
21:49:24.0900 4980 Scan started
21:49:24.0900 4980 Mode: Manual;
21:49:24.0900 4980 ============================================================
21:49:25.0721 4980 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
21:49:25.0725 4980 1394ohci - ok
21:49:25.0764 4980 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
21:49:25.0766 4980 Acceler - ok
21:49:25.0780 4980 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:49:25.0783 4980 ACPI - ok
21:49:25.0801 4980 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:49:25.0804 4980 AcpiPmi - ok
21:49:25.0832 4980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:49:25.0838 4980 adp94xx - ok
21:49:25.0862 4980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:49:25.0866 4980 adpahci - ok
21:49:25.0884 4980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:49:25.0888 4980 adpu320 - ok
21:49:25.0940 4980 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:49:25.0946 4980 AFD - ok
21:49:25.0967 4980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:49:25.0968 4980 agp440 - ok
21:49:25.0983 4980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:49:25.0985 4980 aliide - ok
21:49:26.0000 4980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:49:26.0001 4980 amdide - ok
21:49:26.0016 4980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:49:26.0026 4980 AmdK8 - ok
21:49:26.0039 4980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:49:26.0041 4980 AmdPPM - ok
21:49:26.0070 4980 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:49:26.0072 4980 amdsata - ok
21:49:26.0096 4980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:49:26.0101 4980 amdsbs - ok
21:49:26.0121 4980 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:49:26.0123 4980 amdxata - ok
21:49:26.0147 4980 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:49:26.0149 4980 AppID - ok
21:49:26.0192 4980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:49:26.0195 4980 arc - ok
21:49:26.0215 4980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:49:26.0218 4980 arcsas - ok
21:49:26.0250 4980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:49:26.0251 4980 AsyncMac - ok
21:49:26.0272 4980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:49:26.0273 4980 atapi - ok
21:49:26.0322 4980 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
21:49:26.0324 4980 Avgfwfd - ok
21:49:26.0354 4980 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:49:26.0357 4980 AVGIDSDriver - ok
21:49:26.0375 4980 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:49:26.0377 4980 AVGIDSEH - ok
21:49:26.0408 4980 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:49:26.0409 4980 AVGIDSFilter - ok
21:49:26.0425 4980 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
21:49:26.0428 4980 Avgldx64 - ok
21:49:26.0454 4980 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:49:26.0456 4980 Avgmfx64 - ok
21:49:26.0489 4980 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:49:26.0491 4980 Avgrkx64 - ok
21:49:26.0525 4980 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
21:49:26.0529 4980 Avgtdia - ok
21:49:26.0582 4980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:49:26.0587 4980 b06bdrv - ok
21:49:26.0621 4980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:49:26.0625 4980 b57nd60a - ok
21:49:26.0657 4980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:49:26.0659 4980 Beep - ok
21:49:26.0674 4980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:49:26.0675 4980 blbdrive - ok
21:49:26.0704 4980 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:49:26.0706 4980 bowser - ok
21:49:26.0715 4980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:49:26.0716 4980 BrFiltLo - ok
21:49:26.0727 4980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:49:26.0729 4980 BrFiltUp - ok
21:49:26.0748 4980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:49:26.0753 4980 Brserid - ok
21:49:26.0776 4980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:49:26.0778 4980 BrSerWdm - ok
21:49:26.0791 4980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:49:26.0793 4980 BrUsbMdm - ok
21:49:26.0816 4980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:49:26.0820 4980 BrUsbSer - ok
21:49:26.0851 4980 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:49:26.0853 4980 BthEnum - ok
21:49:26.0869 4980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:49:26.0871 4980 BTHMODEM - ok
21:49:26.0889 4980 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:49:26.0891 4980 BthPan - ok
21:49:26.0912 4980 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
21:49:26.0918 4980 BTHPORT - ok
21:49:26.0936 4980 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
21:49:26.0938 4980 BTHUSB - ok
21:49:26.0964 4980 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
21:49:26.0966 4980 btwaudio - ok
21:49:26.0987 4980 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
21:49:26.0989 4980 btwavdt - ok
21:49:27.0022 4980 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:49:27.0024 4980 btwl2cap - ok
21:49:27.0047 4980 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
21:49:27.0048 4980 btwrchid - ok
21:49:27.0061 4980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:49:27.0063 4980 cdfs - ok
21:49:27.0087 4980 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:49:27.0090 4980 cdrom - ok
21:49:27.0115 4980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:49:27.0117 4980 circlass - ok
21:49:27.0142 4980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:49:27.0148 4980 CLFS - ok
21:49:27.0180 4980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:49:27.0183 4980 CmBatt - ok
21:49:27.0202 4980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:49:27.0204 4980 cmdide - ok
21:49:27.0225 4980 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:49:27.0238 4980 CNG - ok
21:49:27.0253 4980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:49:27.0255 4980 Compbatt - ok
21:49:27.0270 4980 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:49:27.0272 4980 CompositeBus - ok
21:49:27.0291 4980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:49:27.0292 4980 crcdisk - ok
21:49:27.0317 4980 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:49:27.0320 4980 CtClsFlt - ok
21:49:27.0349 4980 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:49:27.0352 4980 DfsC - ok
21:49:27.0363 4980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:49:27.0364 4980 discache - ok
21:49:27.0378 4980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:49:27.0379 4980 Disk - ok
21:49:27.0413 4980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:49:27.0415 4980 drmkaud - ok
21:49:27.0434 4980 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
21:49:27.0446 4980 DXGKrnl - ok
21:49:27.0512 4980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:49:27.0583 4980 ebdrv - ok
21:49:27.0611 4980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:49:27.0617 4980 elxstor - ok
21:49:27.0628 4980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:49:27.0630 4980 ErrDev - ok
21:49:27.0655 4980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:49:27.0658 4980 exfat - ok
21:49:27.0682 4980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:49:27.0688 4980 fastfat - ok
21:49:27.0703 4980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:49:27.0705 4980 fdc - ok
21:49:27.0729 4980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:49:27.0731 4980 FileInfo - ok
21:49:27.0750 4980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:49:27.0752 4980 Filetrace - ok
21:49:27.0773 4980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:49:27.0774 4980 flpydisk - ok
21:49:27.0787 4980 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:49:27.0790 4980 FltMgr - ok
21:49:27.0827 4980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:49:27.0829 4980 FsDepends - ok
21:49:27.0848 4980 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:49:27.0849 4980 Fs_Rec - ok
21:49:27.0875 4980 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:49:27.0878 4980 fvevol - ok
21:49:27.0903 4980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:49:27.0905 4980 gagp30kx - ok
21:49:27.0943 4980 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:49:27.0945 4980 GEARAspiWDM - ok
21:49:27.0968 4980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:49:27.0970 4980 hcw85cir - ok
21:49:27.0981 4980 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:49:27.0983 4980 HDAudBus - ok
21:49:28.0002 4980 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:49:28.0004 4980 HECIx64 - ok
21:49:28.0013 4980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:49:28.0018 4980 HidBatt - ok
21:49:28.0033 4980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:49:28.0035 4980 HidBth - ok
21:49:28.0046 4980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:49:28.0048 4980 HidIr - ok
21:49:28.0062 4980 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:49:28.0064 4980 HidUsb - ok
21:49:28.0091 4980 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:49:28.0093 4980 HpSAMD - ok
21:49:28.0125 4980 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:49:28.0137 4980 HTTP - ok
21:49:28.0153 4980 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:49:28.0155 4980 hwpolicy - ok
21:49:28.0175 4980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:49:28.0178 4980 i8042prt - ok
21:49:28.0230 4980 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:49:28.0237 4980 iaStorV - ok
21:49:28.0437 4980 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:49:28.0659 4980 igfx - ok
21:49:28.0682 4980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:49:28.0683 4980 iirsp - ok
21:49:28.0705 4980 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
21:49:28.0716 4980 Impcd - ok
21:49:28.0761 4980 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:49:28.0801 4980 IntcDAud - ok
21:49:28.0821 4980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:49:28.0823 4980 intelide - ok
21:49:28.0836 4980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:49:28.0838 4980 intelppm - ok
21:49:28.0863 4980 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:49:28.0865 4980 IpFilterDriver - ok
21:49:28.0888 4980 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:49:28.0894 4980 IPMIDRV - ok
21:49:28.0915 4980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:49:28.0917 4980 IPNAT - ok
21:49:28.0946 4980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:49:28.0948 4980 IRENUM - ok
21:49:28.0962 4980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:49:28.0964 4980 isapnp - ok
21:49:28.0985 4980 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:49:28.0989 4980 iScsiPrt - ok
21:49:29.0011 4980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:49:29.0013 4980 kbdclass - ok
21:49:29.0029 4980 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:49:29.0031 4980 kbdhid - ok
21:49:29.0063 4980 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:49:29.0065 4980 KSecDD - ok
21:49:29.0076 4980 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:49:29.0079 4980 KSecPkg - ok
21:49:29.0088 4980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:49:29.0091 4980 ksthunk - ok
21:49:29.0129 4980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:49:29.0131 4980 lltdio - ok
21:49:29.0168 4980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:49:29.0170 4980 LSI_FC - ok
21:49:29.0191 4980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:49:29.0193 4980 LSI_SAS - ok
21:49:29.0208 4980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:49:29.0210 4980 LSI_SAS2 - ok
21:49:29.0230 4980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:49:29.0233 4980 LSI_SCSI - ok
21:49:29.0244 4980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:49:29.0246 4980 luafv - ok
21:49:29.0268 4980 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:49:29.0269 4980 MBAMProtector - ok
21:49:29.0295 4980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:49:29.0297 4980 megasas - ok
21:49:29.0318 4980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:49:29.0322 4980 MegaSR - ok
21:49:29.0336 4980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:49:29.0338 4980 Modem - ok
21:49:29.0347 4980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:49:29.0349 4980 monitor - ok
21:49:29.0359 4980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:49:29.0361 4980 mouclass - ok
21:49:29.0368 4980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:49:29.0370 4980 mouhid - ok
21:49:29.0380 4980 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:49:29.0382 4980 mountmgr - ok
21:49:29.0403 4980 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:49:29.0406 4980 mpio - ok
21:49:29.0425 4980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:49:29.0427 4980 mpsdrv - ok
21:49:29.0442 4980 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:49:29.0445 4980 MRxDAV - ok
21:49:29.0473 4980 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:49:29.0479 4980 mrxsmb - ok
21:49:29.0502 4980 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:49:29.0506 4980 mrxsmb10 - ok
21:49:29.0535 4980 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:49:29.0538 4980 mrxsmb20 - ok
21:49:29.0560 4980 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
21:49:29.0563 4980 msahci - ok
21:49:29.0585 4980 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:49:29.0587 4980 msdsm - ok
21:49:29.0602 4980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:49:29.0604 4980 Msfs - ok
21:49:29.0622 4980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:49:29.0623 4980 mshidkmdf - ok
21:49:29.0638 4980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:49:29.0643 4980 msisadrv - ok
21:49:29.0676 4980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:49:29.0677 4980 MSKSSRV - ok
21:49:29.0695 4980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:49:29.0696 4980 MSPCLOCK - ok
21:49:29.0713 4980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:49:29.0715 4980 MSPQM - ok
21:49:29.0728 4980 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:49:29.0732 4980 MsRPC - ok
21:49:29.0745 4980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:49:29.0746 4980 mssmbios - ok
21:49:29.0762 4980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:49:29.0764 4980 MSTEE - ok
21:49:29.0786 4980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:49:29.0787 4980 MTConfig - ok
21:49:29.0798 4980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:49:29.0800 4980 Mup - ok
21:49:29.0855 4980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:49:29.0859 4980 NativeWifiP - ok
21:49:29.0890 4980 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:49:29.0899 4980 NDIS - ok
21:49:29.0917 4980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:49:29.0919 4980 NdisCap - ok
21:49:29.0941 4980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:49:29.0942 4980 NdisTapi - ok
21:49:29.0967 4980 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:49:29.0969 4980 Ndisuio - ok
21:49:29.0980 4980 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:49:29.0983 4980 NdisWan - ok
21:49:29.0994 4980 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:49:29.0996 4980 NDProxy - ok
21:49:30.0005 4980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:49:30.0007 4980 NetBIOS - ok
21:49:30.0027 4980 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:49:30.0030 4980 NetBT - ok
21:49:30.0179 4980 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
21:49:30.0323 4980 NETw5s64 - ok
21:49:30.0340 4980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:49:30.0342 4980 nfrd960 - ok
21:49:30.0362 4980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:49:30.0364 4980 Npfs - ok
21:49:30.0375 4980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:49:30.0376 4980 nsiproxy - ok
21:49:30.0424 4980 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:49:30.0466 4980 Ntfs - ok
21:49:30.0487 4980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:49:30.0488 4980 Null - ok
21:49:30.0517 4980 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:49:30.0525 4980 nvraid - ok
21:49:30.0543 4980 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:49:30.0546 4980 nvstor - ok
21:49:30.0576 4980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:49:30.0579 4980 nv_agp - ok
21:49:30.0603 4980 O2MDGRDR (8c2953537ca19dfaa67d612407e0f33e) C:\Windows\system32\DRIVERS\o2mdgx64.sys
21:49:30.0605 4980 O2MDGRDR - ok
21:49:30.0622 4980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:49:30.0633 4980 ohci1394 - ok
21:49:30.0748 4980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:49:30.0751 4980 Parport - ok
21:49:30.0763 4980 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:49:30.0768 4980 partmgr - ok
21:49:30.0788 4980 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:49:30.0790 4980 pci - ok
21:49:30.0810 4980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:49:30.0812 4980 pciide - ok
21:49:30.0831 4980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:49:30.0835 4980 pcmcia - ok
21:49:30.0844 4980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:49:30.0847 4980 pcw - ok
21:49:30.0876 4980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:49:30.0883 4980 PEAUTH - ok
21:49:30.0918 4980 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:49:30.0920 4980 PptpMiniport - ok
21:49:30.0937 4980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:49:30.0939 4980 Processor - ok
21:49:30.0972 4980 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:49:30.0974 4980 Psched - ok
21:49:31.0005 4980 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:49:31.0007 4980 PxHlpa64 - ok
21:49:31.0055 4980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:49:31.0088 4980 ql2300 - ok
21:49:31.0121 4980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:49:31.0124 4980 ql40xx - ok
21:49:31.0140 4980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:49:31.0146 4980 QWAVEdrv - ok
21:49:31.0164 4980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:49:31.0165 4980 RasAcd - ok
21:49:31.0187 4980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:49:31.0189 4980 RasAgileVpn - ok
21:49:31.0202 4980 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:49:31.0204 4980 Rasl2tp - ok
21:49:31.0223 4980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:49:31.0229 4980 RasPppoe - ok
21:49:31.0241 4980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:49:31.0243 4980 RasSstp - ok
21:49:31.0259 4980 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:49:31.0263 4980 rdbss - ok
21:49:31.0283 4980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:49:31.0285 4980 rdpbus - ok
21:49:31.0305 4980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:49:31.0306 4980 RDPCDD - ok
21:49:31.0330 4980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:49:31.0331 4980 RDPENCDD - ok
21:49:31.0344 4980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:49:31.0345 4980 RDPREFMP - ok
21:49:31.0363 4980 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:49:31.0366 4980 RDPWD - ok
21:49:31.0378 4980 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:49:31.0381 4980 rdyboost - ok
21:49:31.0428 4980 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:49:31.0430 4980 RFCOMM - ok
21:49:31.0453 4980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:49:31.0455 4980 rspndr - ok
21:49:31.0480 4980 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:49:31.0484 4980 RTL8167 - ok
21:49:31.0503 4980 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:49:31.0505 4980 sbp2port - ok
21:49:31.0527 4980 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:49:31.0529 4980 scfilter - ok
21:49:31.0552 4980 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys
21:49:31.0555 4980 sdbus - ok
21:49:31.0582 4980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:49:31.0584 4980 secdrv - ok
21:49:31.0607 4980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:49:31.0608 4980 Serenum - ok
21:49:31.0626 4980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:49:31.0628 4980 Serial - ok
21:49:31.0638 4980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:49:31.0640 4980 sermouse - ok
21:49:31.0660 4980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:49:31.0662 4980 sffdisk - ok
21:49:31.0681 4980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:49:31.0682 4980 sffp_mmc - ok
21:49:31.0693 4980 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:49:31.0694 4980 sffp_sd - ok
21:49:31.0704 4980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:49:31.0705 4980 sfloppy - ok
21:49:31.0728 4980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:49:31.0730 4980 SiSRaid2 - ok
21:49:31.0752 4980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:49:31.0754 4980 SiSRaid4 - ok
21:49:31.0772 4980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:49:31.0775 4980 Smb - ok
21:49:31.0787 4980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:49:31.0789 4980 spldr - ok
21:49:31.0832 4980 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:49:31.0838 4980 srv - ok
21:49:31.0860 4980 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:49:31.0864 4980 srv2 - ok
21:49:31.0887 4980 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:49:31.0890 4980 srvnet - ok
21:49:31.0921 4980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:49:31.0922 4980 stexstor - ok
21:49:31.0963 4980 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
21:49:31.0990 4980 STHDA - ok
21:49:32.0010 4980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:49:32.0012 4980 swenum - ok
21:49:32.0041 4980 SynTP (39d4b4343ba70e4b32c4531bd075b9f6) C:\Windows\system32\DRIVERS\SynTP.sys
21:49:32.0046 4980 SynTP - ok
21:49:32.0138 4980 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:49:32.0171 4980 Tcpip - ok
21:49:32.0209 4980 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:49:32.0218 4980 TCPIP6 - ok
21:49:32.0241 4980 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:49:32.0243 4980 tcpipreg - ok
21:49:32.0262 4980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:49:32.0263 4980 TDPIPE - ok
21:49:32.0275 4980 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:49:32.0277 4980 TDTCP - ok
21:49:32.0295 4980 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:49:32.0297 4980 tdx - ok
21:49:32.0317 4980 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:49:32.0318 4980 TermDD - ok
21:49:32.0342 4980 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:49:32.0344 4980 tssecsrv - ok
21:49:32.0358 4980 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:49:32.0360 4980 tunnel - ok
21:49:32.0397 4980 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
21:49:32.0398 4980 TurboB - ok
21:49:32.0422 4980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:49:32.0425 4980 uagp35 - ok
21:49:32.0445 4980 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
21:49:32.0450 4980 udfs - ok
21:49:32.0475 4980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:49:32.0481 4980 uliagpkx - ok
21:49:32.0490 4980 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:49:32.0492 4980 umbus - ok
21:49:32.0507 4980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:49:32.0509 4980 UmPass - ok
21:49:32.0550 4980 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:49:32.0552 4980 USBAAPL64 - ok
21:49:32.0580 4980 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
21:49:32.0582 4980 usbccgp - ok
21:49:32.0601 4980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:49:32.0606 4980 usbcir - ok
21:49:32.0625 4980 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
21:49:32.0627 4980 usbehci - ok
21:49:32.0670 4980 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
21:49:32.0675 4980 usbhub - ok
21:49:32.0699 4980 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
21:49:32.0700 4980 usbohci - ok
21:49:32.0719 4980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:49:32.0720 4980 usbprint - ok
21:49:32.0757 4980 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
21:49:32.0759 4980 USBSTOR - ok
21:49:32.0775 4980 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
21:49:32.0777 4980 usbuhci - ok
21:49:32.0801 4980 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
21:49:32.0807 4980 usbvideo - ok
21:49:32.0826 4980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:49:32.0828 4980 vdrvroot - ok
21:49:32.0855 4980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:49:32.0857 4980 vga - ok
21:49:32.0865 4980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:49:32.0866 4980 VgaSave - ok
21:49:32.0883 4980 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:49:32.0886 4980 vhdmp - ok
21:49:32.0895 4980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:49:32.0897 4980 viaide - ok
21:49:32.0913 4980 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:49:32.0915 4980 volmgr - ok
21:49:32.0928 4980 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:49:32.0933 4980 volmgrx - ok
21:49:32.0948 4980 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:49:32.0952 4980 volsnap - ok
21:49:32.0985 4980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:49:32.0989 4980 vsmraid - ok
21:49:33.0007 4980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:49:33.0008 4980 vwifibus - ok
21:49:33.0025 4980 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:49:33.0027 4980 vwififlt - ok
21:49:33.0059 4980 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:49:33.0061 4980 vwifimp - ok
21:49:33.0084 4980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:49:33.0085 4980 WacomPen - ok
21:49:33.0096 4980 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:49:33.0098 4980 WANARP - ok
21:49:33.0104 4980 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:49:33.0105 4980 Wanarpv6 - ok
21:49:33.0142 4980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:49:33.0144 4980 Wd - ok
21:49:33.0168 4980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:49:33.0176 4980 Wdf01000 - ok
21:49:33.0213 4980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:49:33.0215 4980 WfpLwf - ok
21:49:33.0251 4980 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:49:33.0254 4980 WimFltr - ok
21:49:33.0266 4980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:49:33.0272 4980 WIMMount - ok
21:49:33.0309 4980 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
21:49:33.0323 4980 WinUsb - ok
21:49:33.0341 4980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:49:33.0342 4980 WmiAcpi - ok
21:49:33.0381 4980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:49:33.0383 4980 ws2ifsl - ok
21:49:33.0407 4980 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
21:49:33.0409 4980 WudfPf - ok
21:49:33.0437 4980 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:49:33.0442 4980 WUDFRd - ok
21:49:33.0493 4980 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
21:49:33.0525 4980 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:49:33.0525 4980 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:49:33.0561 4980 Boot (0x1200) (c0d4c3dc99332c00da73c3d9202775d4) \Device\Harddisk0\DR0\Partition0
21:49:33.0569 4980 \Device\Harddisk0\DR0\Partition0 - ok
21:49:33.0582 4980 Boot (0x1200) (c946d2e16195635a712676be65f1efaf) \Device\Harddisk0\DR0\Partition1
21:49:33.0583 4980 \Device\Harddisk0\DR0\Partition1 - ok
21:49:33.0584 4980 ============================================================
21:49:33.0584 4980 Scan finished
21:49:33.0584 4980 ============================================================
21:49:33.0599 6888 Detected object count: 1
21:49:33.0599 6888 Actual detected object count: 1
21:49:44.0000 6888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:49:44.0000 6888 \Device\Harddisk0\DR0 - ok
21:49:44.0001 6888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:49:59.0520 6384 Deinitialize success

Farbar Service Scanner Version: 18-01-2012 01
Ran by Aaron (administrator) on 19-01-2012 at 21:57:13
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 18:09] - [2009-07-13 19:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 18:09] - [2009-07-13 19:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 17:36] - [2009-07-13 19:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 17:39] - [2009-07-13 19:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2012-01-14 08:00] - [2010-12-21 00:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 18:36] - [2009-07-13 19:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll
[2009-07-13 17:46] - [2009-07-13 19:41] - 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F

C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2009-07-13 17:49] - [2009-07-13 19:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 AM

Posted 19 January 2012 - 11:37 PM

21:49:33.0599 6888 Detected object count: 1
21:49:33.0599 6888 Actual detected object count: 1
21:49:44.0000 6888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:49:44.0000 6888 \Device\Harddisk0\DR0 - ok
21:49:44.0001 6888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:49:59.0520 6384 Deinitialize success

This clean was good and your vonnections are good.


I feel if we run this and gett any remnants we'll be done.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 hddoutside

hddoutside
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 20 January 2012 - 06:35 PM

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Users\Aaron\AppData\Local\Temp\uttB1E1.tmp Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Aaron\AppData\Local\Temp\uttF328.tmp Win32/OpenCandy application cleaned by deleting - quarantined
C:\WINDOWS\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7b2707d0-73ad7bf2 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\WINDOWS\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d189d59-749186d7 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 AM

Posted 20 January 2012 - 08:34 PM

Looks good now. Runnig well?

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 hddoutside

hddoutside
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 20 January 2012 - 08:49 PM

thanks for the help my computer runs alot faster now. also no more warnings about these host.exe trying to enter through every port i have. one problem though. i cant create a restore point. when i click system restore it gos to a windows that says restore system files and setting. when i click next it ask me to click on a restore point to restore back too. no create option.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 AM

Posted 20 January 2012 - 09:04 PM

You may need to install Service Pack 1
See Installing Windows 7 Service Pack 1
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users