Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to http://209.85.145.103/webhp?hl=en


  • Please log in to reply
10 replies to this topic

#1 ragolas

ragolas

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 18 January 2012 - 07:14 PM

When I go to google.com or try to use the search toolbar in firefox for google I get redirected to this site: h t t p://209.85.145.103/webhp?hl=en which still displays the google.com homepage from which I can still use if I click down in to the box on the homepage. The problem is I can't quick search using the toolbar,use google maps, or google images. I recently had a fake security 2012 virus I got rid of (I think) that would hide all my files but now I have this. I've tried scanning with malware bytes but no luck.

Edit: Moved topic from Vista to the more appropriate forum. Also link to potentially deceptive website deactivated to prevent anyone from inadvertently getting infected. Please do not visit that site without adequate malware protection enabled. ~ Animal

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:38 PM

Posted 18 January 2012 - 09:52 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 ragolas

ragolas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 20 January 2012 - 05:05 PM

Security Check Results:
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````

Fabar Results:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Nic (administrator) on 20-01-2012 at 16:59:47
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Minitool Box Results:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Nic (administrator) on 20-01-2012 at 17:02:03
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Fast Ethernet = Local Area Connection (Connected)
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Nic-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : eau.wi.charter.com
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-21-5C-86-56-0D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Fast Ethernet
Physical Address. . . . . . . . . : 00-21-9B-D4-89-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e029:4898:d49:463b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.2.238(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, January 20, 2012 3:43:25 PM
Lease Expires . . . . . . . . . . : Saturday, January 21, 2012 3:43:25 PM
Default Gateway . . . . . . . . . : 172.16.2.1
DHCP Server . . . . . . . . . . . : 172.16.0.1
DHCPv6 IAID . . . . . . . . . . . : 251666843
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-C7-50-DE-00-21-9B-DA-39-CB
DNS Servers . . . . . . . . . . . : 1.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{FF76F9B9-7DC2-4746-B319-02CED01A6DEE}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.eau.wi.charter.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 1.1.1.1

Name: google.com
Addresses: 74.125.47.147
74.125.47.99
74.125.47.103
74.125.47.104
74.125.47.105
74.125.47.106



Pinging funkybeet.biz [85.195.92.43] with 32 bytes of data:

Reply from 85.195.92.43: bytes=32 time=115ms TTL=48

Reply from 85.195.92.43: bytes=32 time=114ms TTL=48



Ping statistics for 85.195.92.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 114ms, Maximum = 115ms, Average = 114ms

Server: UnKnown
Address: 1.1.1.1

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=30ms TTL=52

Reply from 209.191.122.70: bytes=32 time=31ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 31ms, Average = 30ms

Server: UnKnown
Address: 1.1.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 21 5c 86 56 0d ...... Intel® Wireless WiFi Link 4965AGN
11 ...00 21 9b d4 89 ef ...... Broadcom NetLink ™ Fast Ethernet
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
16 ...00 00 00 00 00 00 00 e0 isatap.{FF76F9B9-7DC2-4746-B319-02CED01A6DEE}
18 ...00 00 00 00 00 00 00 e0 isatap.eau.wi.charter.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.2.1 172.16.2.238 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.2.0 255.255.255.0 On-link 172.16.2.238 276
172.16.2.238 255.255.255.255 On-link 172.16.2.238 276
172.16.2.255 255.255.255.255 On-link 172.16.2.238 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.2.238 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.2.238 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::e029:4898:d49:463b/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 08 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/20/2012 04:45:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2012 04:42:20 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception code 0xc0000409, fault offset 0x00065276,
process id 0xcd8, application start time 0xsvchost.exe0.

Error: (01/20/2012 03:51:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2012 03:47:23 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module Flash10v.ocx, version 10.3.183.5, time stamp 0x4e3b7034, exception code 0xc0000005, fault offset 0x003ab568,
process id 0x4a4, application start time 0xsvchost.exe0.

Error: (01/20/2012 03:44:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2012 05:09:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2012 05:07:02 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception code 0xc0000409, fault offset 0x00065276,
process id 0x474, application start time 0xsvchost.exe0.

Error: (01/20/2012 04:37:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2012 08:33:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2012 08:31:25 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000005, fault offset 0x0006628e,
process id 0x4a4, application start time 0xsvchost.exe0.


System errors:
=============
Error: (01/20/2012 04:47:30 PM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceRemote Access Connection Manager%%1056

Error: (01/20/2012 03:51:28 PM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceRemote Access Connection Manager%%1056

Error: (01/20/2012 03:51:28 PM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceWindows Management Instrumentation%%1056

Error: (01/20/2012 03:45:48 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (01/20/2012 03:44:04 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (01/20/2012 03:44:04 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (01/20/2012 03:44:04 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/20/2012 05:09:15 AM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceWindows Management Instrumentation%%1056

Error: (01/20/2012 05:09:15 AM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceRemote Access Connection Manager%%1056

Error: (01/20/2012 04:38:58 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Absolute Notifier (Version: 1.2.12.10)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
Bloodline Champions (Version: 1.0.0)
Bonjour (Version: 2.0.5.0)
Broadcom Management Programs (Version: 10.15.01)
CCleaner (Version: 3.14)
Complete Care Consumer Service Agreement (Version: 2.0.0)
D3DX10 (Version: 15.4.2368.0902)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 2.1.08060)
Dell Touchpad (Version: 9.1.18.6)
Dell Webcam Center
Dell Webcam Manager
DiskAid 4.63 (Version: 4.63)
EDocs
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
Garmin Lifetime Updater (Version: 2.1.6)
Google Chrome (Version: 16.0.912.75)
Google Update Helper (Version: 1.3.21.79)
GoToAssist 8.0.0.514
HTC Driver Installer (Version: 2.0.7.018)
Intel® PROSet/Wireless Software (Version: 11.01.0000)
iTunes (Version: 10.2.2.14)
Java™ 6 Update 24 (Version: 6.0.240)
Laptop Integrated Webcam Driver (1.03.01.1011)
League of Legends (Version: 1.3)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
mCore (Version: 9.24.0000)
mHelp (Version: 9.24.0000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
mMHouse (Version: 9.24.0000)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
mPfMgr (Version: 9.24.0000)
MSVCRT (Version: 15.4.2862.0708)
mWMI (Version: 9.24.0000)
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller Driver 275.33 (Version: 275.33)
NVIDIA 3D Vision Driver 275.33 (Version: 275.33)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.7533)
Oracle Calendar (Version: 10.1.2.4)
QualXServ Service Agreement (Version: 2.0.0)
QuickSet (Version: 8.2.20)
QuickTime (Version: 7.69.80.9)
Seagate Dashboard (Version: 1.1.0.1421)
Segoe UI (Version: 15.4.2271.0615)
Skype™ 5.3 (Version: 5.3.111)
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
Steam (Version: 1.0.0.0)
Symantec Endpoint Protection (Version: 11.0.6005.562)
System Requirements Lab
Team Fortress 2
Ventrilo Client (Version: 3.0.7)
VLC media player 1.1.7 (Version: 1.1.7)
WIDCOMM Bluetooth Software 6.0.1.3100 (Version: 6.0.1.3100)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3581.12 MB
Available physical RAM: 1937.71 MB
Total Pagefile: 7351.21 MB
Available Pagefile: 5893.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.29 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:285.5 GB) (Free:171.48 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.76 GB) NTFS

========================= Users: ========================================

User accounts for \\NIC-PC

Administrator Guest Nic


**** End of log ****

Malwayrebytes Results:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.17.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nic :: NIC-PC [administrator]

1/20/2012 4:54:29 PM
mbam-log-2012-01-20 (16-54-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184043
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Nic\AppData\Local\Temp\ICReinstall\cnet2_unhackme_zip.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.
C:\Users\Nic\Downloads\cnet2_unhackme_zip.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

(end)


aswMBR results:


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:38 PM

Posted 20 January 2012 - 05:11 PM

Which browser is redirecting?

FSS log is incomplete.
aswMBR log is missing.

Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 ragolas

ragolas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 20 January 2012 - 05:34 PM

IE and Firefox, do not have google chrome and can't get to the page to download it. Thank you for your help so far and after this.

Just putting the FSS log here and aswMBR log here too since I am struggling to find where each were when I go to edit:

FSS:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2011-01-09 11:01] - [2009-04-11 01:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2011-01-09 11:01] - [2009-04-11 01:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

aswMBR:
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-20 17:13:13
-----------------------------
17:13:13.516 OS Version: Windows 6.0.6002 Service Pack 2
17:13:13.516 Number of processors: 2 586 0x1706
17:13:13.517 ComputerName: NIC-PC UserName: Nic
17:13:14.929 Initialize success
17:16:42.869 AVAST engine defs: 12012001
17:17:11.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:17:11.157 Disk 0 Vendor: ST932042 DE14 Size: 305245MB BusType: 3
17:17:11.158 Disk 0 MBR read successfully
17:17:11.160 Disk 0 MBR scan
17:17:11.164 Disk 0 MBR:Pihar-C [Rtk]
17:17:11.165 Disk 0 TDL4@MBR code has been found
17:17:11.166 Disk 0 Windows VISTA default MBR code found via API
17:17:11.168 Disk 0 MBR hidden
17:17:11.170 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
17:17:11.183 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 194560
17:17:11.194 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 292348 MB offset 21166080
17:17:11.198 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 619896832
17:17:11.242 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 619898880
17:17:11.250 Disk 0 MBR [TDL4] **ROOTKIT**
17:17:11.254 Disk 0 trace - called modules:
17:17:11.257 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87f5b49f]<<
17:17:11.261 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c352d8]
17:17:11.264 3 CLASSPNP.SYS[8bfaa8b3] -> nt!IofCallDriver -> [0x87bacca8]
17:17:11.268 \Driver\iaStor[0x87de6900] -> IRP_MJ_CREATE -> 0x87f5b49f
17:17:12.971 AVAST engine scan C:\Windows
17:17:15.802 AVAST engine scan C:\Windows\system32
17:19:51.131 AVAST engine scan C:\Windows\system32\drivers
17:20:05.700 AVAST engine scan C:\Users\Nic
17:28:05.987 AVAST engine scan C:\ProgramData
17:32:57.153 Scan finished successfully
17:34:02.192 Disk 0 MBR has been saved successfully to "C:\Users\Nic\Desktop\MBR.dat"
17:34:02.203 The log file has been saved successfully to "C:\Users\Nic\Desktop\aswMBR.txt"

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:38 PM

Posted 20 January 2012 - 05:36 PM

FSS log is still incomplete but don't worry about it for now.
We have a rootkit there.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 ragolas

ragolas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 20 January 2012 - 05:52 PM

17:51:32.0667 5436 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
17:51:32.0924 5436 ============================================================
17:51:32.0924 5436 Current date / time: 2012/01/20 17:51:32.0924
17:51:32.0924 5436 SystemInfo:
17:51:32.0924 5436
17:51:32.0924 5436 OS Version: 6.0.6002 ServicePack: 2.0
17:51:32.0924 5436 Product type: Workstation
17:51:32.0924 5436 ComputerName: NIC-PC
17:51:32.0924 5436 UserName: Nic
17:51:32.0924 5436 Windows directory: C:\Windows
17:51:32.0924 5436 System windows directory: C:\Windows
17:51:32.0924 5436 Processor architecture: Intel x86
17:51:32.0924 5436 Number of processors: 2
17:51:32.0924 5436 Page size: 0x1000
17:51:32.0924 5436 Boot type: Normal boot
17:51:32.0924 5436 ============================================================
17:51:33.0797 5436 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:51:33.0986 5436 Initialize success
17:51:35.0758 4480 ============================================================
17:51:35.0759 4480 Scan started
17:51:35.0759 4480 Mode: Manual;
17:51:35.0759 4480 ============================================================
17:51:37.0955 4480 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:51:37.0960 4480 ACPI - ok
17:51:38.0149 4480 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:51:38.0173 4480 adp94xx - ok
17:51:38.0292 4480 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:51:38.0313 4480 adpahci - ok
17:51:38.0403 4480 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:51:38.0408 4480 adpu160m - ok
17:51:38.0462 4480 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:51:38.0463 4480 adpu320 - ok
17:51:38.0724 4480 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:51:38.0730 4480 AFD - ok
17:51:38.0749 4480 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:51:38.0751 4480 agp440 - ok
17:51:38.0766 4480 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:51:38.0769 4480 aic78xx - ok
17:51:38.0801 4480 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:51:38.0804 4480 aliide - ok
17:51:38.0830 4480 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:51:38.0832 4480 amdagp - ok
17:51:38.0849 4480 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:51:38.0851 4480 amdide - ok
17:51:38.0874 4480 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:51:38.0876 4480 AmdK7 - ok
17:51:38.0893 4480 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:51:38.0895 4480 AmdK8 - ok
17:51:38.0925 4480 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:51:38.0928 4480 arc - ok
17:51:38.0958 4480 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:51:38.0963 4480 arcsas - ok
17:51:39.0000 4480 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:51:39.0005 4480 AsyncMac - ok
17:51:39.0050 4480 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:51:39.0053 4480 atapi - ok
17:51:39.0120 4480 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:51:39.0124 4480 b57nd60x - ok
17:51:39.0142 4480 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:51:39.0143 4480 Beep - ok
17:51:39.0187 4480 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:51:39.0189 4480 blbdrive - ok
17:51:39.0238 4480 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:51:39.0240 4480 bowser - ok
17:51:39.0269 4480 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:51:39.0271 4480 BrFiltLo - ok
17:51:39.0291 4480 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:51:39.0293 4480 BrFiltUp - ok
17:51:39.0334 4480 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
17:51:39.0338 4480 Bridge - ok
17:51:39.0392 4480 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
17:51:39.0393 4480 BridgeMP - ok
17:51:39.0420 4480 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:51:39.0423 4480 Brserid - ok
17:51:39.0445 4480 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:51:39.0447 4480 BrSerWdm - ok
17:51:39.0487 4480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:51:39.0489 4480 BrUsbMdm - ok
17:51:39.0505 4480 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:51:39.0507 4480 BrUsbSer - ok
17:51:39.0549 4480 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
17:51:39.0553 4480 BthEnum - ok
17:51:39.0607 4480 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
17:51:39.0610 4480 BTHMODEM - ok
17:51:39.0664 4480 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
17:51:39.0668 4480 BthPan - ok
17:51:39.0768 4480 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
17:51:39.0776 4480 BTHPORT - ok
17:51:39.0812 4480 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
17:51:39.0815 4480 BTHUSB - ok
17:51:39.0870 4480 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
17:51:39.0874 4480 btwaudio - ok
17:51:39.0902 4480 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
17:51:39.0904 4480 btwavdt - ok
17:51:39.0933 4480 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
17:51:39.0934 4480 btwrchid - ok
17:51:40.0002 4480 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:51:40.0005 4480 cdfs - ok
17:51:40.0048 4480 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:51:40.0049 4480 cdrom - ok
17:51:40.0074 4480 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:51:40.0076 4480 circlass - ok
17:51:40.0111 4480 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:51:40.0116 4480 CLFS - ok
17:51:40.0171 4480 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:51:40.0172 4480 CmBatt - ok
17:51:40.0230 4480 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:51:40.0232 4480 cmdide - ok
17:51:40.0264 4480 COH_Mon (de88a385898f6d13026f94f749fbaed2) C:\Windows\system32\Drivers\COH_Mon.sys
17:51:40.0264 4480 COH_Mon - ok
17:51:40.0275 4480 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:51:40.0276 4480 Compbatt - ok
17:51:40.0294 4480 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:51:40.0296 4480 crcdisk - ok
17:51:40.0339 4480 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:51:40.0341 4480 Crusoe - ok
17:51:40.0356 4480 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:51:40.0358 4480 DfsC - ok
17:51:40.0440 4480 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:51:40.0444 4480 disk - ok
17:51:40.0484 4480 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:51:40.0485 4480 drmkaud - ok
17:51:40.0610 4480 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:51:40.0660 4480 DXGKrnl - ok
17:51:40.0695 4480 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
17:51:40.0700 4480 e1express - ok
17:51:40.0738 4480 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:51:40.0741 4480 E1G60 - ok
17:51:40.0785 4480 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:51:40.0789 4480 Ecache - ok
17:51:40.0939 4480 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:51:41.0014 4480 eeCtrl - ok
17:51:41.0072 4480 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:51:41.0083 4480 elxstor - ok
17:51:41.0212 4480 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:51:41.0225 4480 EraserUtilRebootDrv - ok
17:51:41.0243 4480 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:51:41.0244 4480 ErrDev - ok
17:51:41.0306 4480 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:51:41.0311 4480 exfat - ok
17:51:41.0343 4480 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:51:41.0358 4480 fastfat - ok
17:51:41.0380 4480 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:51:41.0382 4480 fdc - ok
17:51:41.0406 4480 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:51:41.0409 4480 FileInfo - ok
17:51:41.0431 4480 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:51:41.0433 4480 Filetrace - ok
17:51:41.0448 4480 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:51:41.0450 4480 flpydisk - ok
17:51:41.0478 4480 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:51:41.0487 4480 FltMgr - ok
17:51:41.0532 4480 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:51:41.0532 4480 Fs_Rec - ok
17:51:41.0553 4480 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:51:41.0555 4480 gagp30kx - ok
17:51:41.0586 4480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:51:41.0592 4480 GEARAspiWDM - ok
17:51:41.0688 4480 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:51:41.0699 4480 HDAudBus - ok
17:51:41.0726 4480 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:51:41.0727 4480 HidBth - ok
17:51:41.0752 4480 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:51:41.0755 4480 HidIr - ok
17:51:41.0800 4480 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:51:41.0803 4480 HidUsb - ok
17:51:41.0842 4480 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:51:41.0844 4480 HpCISSs - ok
17:51:41.0885 4480 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:51:41.0887 4480 HTCAND32 - ok
17:51:41.0919 4480 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:51:41.0927 4480 HTTP - ok
17:51:41.0945 4480 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:51:41.0979 4480 i2omp - ok
17:51:42.0037 4480 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:51:42.0039 4480 i8042prt - ok
17:51:42.0070 4480 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\drivers\iastor.sys
17:51:42.0072 4480 iaStor - ok
17:51:42.0114 4480 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:51:42.0122 4480 iaStorV - ok
17:51:42.0145 4480 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:51:42.0147 4480 iirsp - ok
17:51:42.0190 4480 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
17:51:42.0192 4480 intelide - ok
17:51:42.0205 4480 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:51:42.0206 4480 intelppm - ok
17:51:42.0238 4480 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:51:42.0239 4480 IpFilterDriver - ok
17:51:42.0264 4480 IpInIp - ok
17:51:42.0305 4480 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:51:42.0318 4480 IPMIDRV - ok
17:51:42.0358 4480 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:51:42.0406 4480 IPNAT - ok
17:51:42.0433 4480 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:51:42.0435 4480 IRENUM - ok
17:51:42.0463 4480 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:51:42.0465 4480 isapnp - ok
17:51:42.0494 4480 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:51:42.0497 4480 iScsiPrt - ok
17:51:42.0518 4480 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:51:42.0520 4480 iteatapi - ok
17:51:42.0537 4480 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:51:42.0539 4480 iteraid - ok
17:51:42.0549 4480 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:51:42.0550 4480 kbdclass - ok
17:51:42.0581 4480 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:51:42.0615 4480 kbdhid - ok
17:51:42.0701 4480 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:51:42.0718 4480 KSecDD - ok
17:51:42.0762 4480 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:51:42.0764 4480 lltdio - ok
17:51:42.0791 4480 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:51:42.0794 4480 LSI_FC - ok
17:51:42.0817 4480 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:51:42.0820 4480 LSI_SAS - ok
17:51:42.0850 4480 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:51:42.0854 4480 LSI_SCSI - ok
17:51:42.0865 4480 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:51:42.0868 4480 luafv - ok
17:51:42.0911 4480 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
17:51:42.0913 4480 ManyCam - ok
17:51:42.0937 4480 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:51:42.0939 4480 megasas - ok
17:51:42.0970 4480 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:51:42.0984 4480 MegaSR - ok
17:51:43.0007 4480 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:51:43.0015 4480 Modem - ok
17:51:43.0079 4480 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:51:43.0079 4480 monitor - ok
17:51:43.0153 4480 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:51:43.0154 4480 mouclass - ok
17:51:43.0276 4480 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:51:43.0278 4480 mouhid - ok
17:51:43.0332 4480 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:51:43.0333 4480 MountMgr - ok
17:51:43.0377 4480 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:51:43.0379 4480 mpio - ok
17:51:43.0404 4480 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:51:43.0408 4480 mpsdrv - ok
17:51:43.0444 4480 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:51:43.0446 4480 Mraid35x - ok
17:51:43.0491 4480 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:51:43.0495 4480 MRxDAV - ok
17:51:43.0545 4480 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:51:43.0550 4480 mrxsmb - ok
17:51:43.0579 4480 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:51:43.0584 4480 mrxsmb10 - ok
17:51:43.0597 4480 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:51:43.0600 4480 mrxsmb20 - ok
17:51:43.0637 4480 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
17:51:43.0638 4480 msahci - ok
17:51:43.0658 4480 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:51:43.0658 4480 msdsm - ok
17:51:43.0704 4480 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:51:43.0707 4480 Msfs - ok
17:51:43.0742 4480 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:51:43.0743 4480 msisadrv - ok
17:51:43.0769 4480 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:51:43.0770 4480 MSKSSRV - ok
17:51:43.0788 4480 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:51:43.0790 4480 MSPCLOCK - ok
17:51:43.0805 4480 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:51:43.0806 4480 MSPQM - ok
17:51:43.0835 4480 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:51:43.0838 4480 MsRPC - ok
17:51:43.0855 4480 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:51:43.0856 4480 mssmbios - ok
17:51:43.0888 4480 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:51:43.0889 4480 MSTEE - ok
17:51:43.0920 4480 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:51:43.0924 4480 Mup - ok
17:51:43.0984 4480 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:51:43.0989 4480 NativeWifiP - ok
17:51:44.0167 4480 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120120.004\NAVENG.SYS
17:51:44.0171 4480 NAVENG - ok
17:51:44.0321 4480 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120120.004\NAVEX15.SYS
17:51:44.0462 4480 NAVEX15 - ok
17:51:44.0697 4480 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:51:44.0775 4480 NDIS - ok
17:51:44.0844 4480 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:51:44.0846 4480 NdisTapi - ok
17:51:44.0919 4480 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:51:44.0920 4480 Ndisuio - ok
17:51:45.0127 4480 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:51:45.0131 4480 NdisWan - ok
17:51:45.0233 4480 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:51:45.0234 4480 NDProxy - ok
17:51:45.0399 4480 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:51:45.0400 4480 NetBIOS - ok
17:51:45.0523 4480 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:51:45.0527 4480 netbt - ok
17:51:45.0841 4480 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
17:51:45.0883 4480 NETw4v32 - ok
17:51:45.0917 4480 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:51:45.0919 4480 nfrd960 - ok
17:51:45.0944 4480 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:51:45.0946 4480 Npfs - ok
17:51:45.0972 4480 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:51:45.0977 4480 nsiproxy - ok
17:51:46.0290 4480 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:51:46.0475 4480 Ntfs - ok
17:51:46.0501 4480 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:51:46.0502 4480 ntrigdigi - ok
17:51:46.0513 4480 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:51:46.0515 4480 Null - ok
17:51:46.0805 4480 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:51:47.0060 4480 nvlddmkm - ok
17:51:47.0097 4480 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:51:47.0098 4480 nvraid - ok
17:51:47.0132 4480 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:51:47.0134 4480 nvstor - ok
17:51:47.0162 4480 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:51:47.0163 4480 nv_agp - ok
17:51:47.0173 4480 NwlnkFlt - ok
17:51:47.0188 4480 NwlnkFwd - ok
17:51:47.0230 4480 OEM04Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM04Vfx.sys
17:51:47.0232 4480 OEM04Vfx - ok
17:51:47.0254 4480 OEM04Vid (40e9bfd9f64dfb32c1eafbaa0576c55d) C:\Windows\system32\DRIVERS\OEM04Vid.sys
17:51:47.0258 4480 OEM04Vid - ok
17:51:47.0306 4480 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:51:47.0306 4480 ohci1394 - ok
17:51:47.0338 4480 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:51:47.0340 4480 Parport - ok
17:51:47.0364 4480 Partizan - ok
17:51:47.0400 4480 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:51:47.0402 4480 partmgr - ok
17:51:47.0454 4480 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:51:47.0456 4480 Parvdm - ok
17:51:47.0521 4480 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:51:47.0524 4480 pci - ok
17:51:47.0582 4480 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:51:47.0584 4480 pciide - ok
17:51:47.0604 4480 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:51:47.0609 4480 pcmcia - ok
17:51:47.0655 4480 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:51:47.0703 4480 PEAUTH - ok
17:51:47.0738 4480 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:51:47.0740 4480 PptpMiniport - ok
17:51:47.0785 4480 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:51:47.0787 4480 Processor - ok
17:51:47.0878 4480 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:51:47.0881 4480 PSched - ok
17:51:47.0958 4480 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:51:48.0023 4480 ql2300 - ok
17:51:48.0062 4480 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:51:48.0065 4480 ql40xx - ok
17:51:48.0092 4480 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:51:48.0102 4480 QWAVEdrv - ok
17:51:48.0182 4480 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
17:51:48.0251 4480 R300 - ok
17:51:48.0279 4480 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:51:48.0281 4480 RasAcd - ok
17:51:48.0297 4480 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:51:48.0300 4480 Rasl2tp - ok
17:51:48.0328 4480 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:51:48.0330 4480 RasPppoe - ok
17:51:48.0401 4480 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:51:48.0405 4480 RasSstp - ok
17:51:48.0466 4480 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:51:48.0470 4480 rdbss - ok
17:51:48.0497 4480 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:51:48.0498 4480 RDPCDD - ok
17:51:48.0554 4480 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:51:48.0560 4480 rdpdr - ok
17:51:48.0581 4480 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:51:48.0583 4480 RDPENCDD - ok
17:51:48.0619 4480 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:51:48.0624 4480 RDPWD - ok
17:51:48.0673 4480 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
17:51:48.0677 4480 RFCOMM - ok
17:51:48.0709 4480 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
17:51:48.0711 4480 rimmptsk - ok
17:51:48.0750 4480 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
17:51:48.0751 4480 rimsptsk - ok
17:51:48.0772 4480 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
17:51:48.0774 4480 rismxdp - ok
17:51:48.0800 4480 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:51:48.0808 4480 rspndr - ok
17:51:48.0840 4480 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:51:48.0843 4480 sbp2port - ok
17:51:48.0894 4480 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
17:51:48.0896 4480 sdbus - ok
17:51:48.0937 4480 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:51:48.0938 4480 secdrv - ok
17:51:48.0966 4480 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:51:48.0978 4480 Serenum - ok
17:51:49.0024 4480 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:51:49.0029 4480 Serial - ok
17:51:49.0062 4480 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:51:49.0066 4480 sermouse - ok
17:51:49.0098 4480 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:51:49.0103 4480 sffdisk - ok
17:51:49.0148 4480 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:51:49.0152 4480 sffp_mmc - ok
17:51:49.0204 4480 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:51:49.0206 4480 sffp_sd - ok
17:51:49.0240 4480 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:51:49.0243 4480 sfloppy - ok
17:51:49.0273 4480 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:51:49.0276 4480 sisagp - ok
17:51:49.0301 4480 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:51:49.0304 4480 SiSRaid2 - ok
17:51:49.0328 4480 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:51:49.0331 4480 SiSRaid4 - ok
17:51:49.0379 4480 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:51:49.0383 4480 Smb - ok
17:51:49.0487 4480 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:51:49.0504 4480 SPBBCDrv - ok
17:51:49.0530 4480 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:51:49.0533 4480 spldr - ok
17:51:49.0568 4480 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
17:51:49.0572 4480 SRTSP - ok
17:51:49.0598 4480 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
17:51:49.0605 4480 SRTSPL - ok
17:51:49.0630 4480 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
17:51:49.0631 4480 SRTSPX - ok
17:51:49.0676 4480 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:51:49.0682 4480 srv - ok
17:51:49.0704 4480 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:51:49.0709 4480 srv2 - ok
17:51:49.0729 4480 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:51:49.0733 4480 srvnet - ok
17:51:49.0799 4480 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
17:51:49.0807 4480 STHDA - ok
17:51:49.0843 4480 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:51:49.0845 4480 swenum - ok
17:51:49.0873 4480 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:51:49.0875 4480 Symc8xx - ok
17:51:49.0899 4480 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
17:51:49.0902 4480 SymEvent - ok
17:51:49.0921 4480 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:51:49.0922 4480 Sym_hi - ok
17:51:49.0945 4480 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:51:49.0947 4480 Sym_u3 - ok
17:51:50.0032 4480 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
17:51:50.0037 4480 SynTP - ok
17:51:50.0073 4480 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:51:50.0087 4480 Tcpip - ok
17:51:50.0113 4480 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:51:50.0119 4480 Tcpip6 - ok
17:51:50.0145 4480 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:51:50.0153 4480 tcpipreg - ok
17:51:50.0185 4480 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
17:51:50.0187 4480 TcUsb - ok
17:51:50.0211 4480 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:51:50.0212 4480 TDPIPE - ok
17:51:50.0231 4480 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:51:50.0233 4480 TDTCP - ok
17:51:50.0264 4480 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:51:50.0267 4480 tdx - ok
17:51:50.0288 4480 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:51:50.0291 4480 TermDD - ok
17:51:50.0322 4480 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:51:50.0323 4480 tssecsrv - ok
17:51:50.0354 4480 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:51:50.0357 4480 tunmp - ok
17:51:50.0370 4480 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
17:51:50.0372 4480 tunnel - ok
17:51:50.0397 4480 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:51:50.0399 4480 uagp35 - ok
17:51:50.0426 4480 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:51:50.0430 4480 udfs - ok
17:51:50.0469 4480 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:51:50.0483 4480 uliagpkx - ok
17:51:50.0542 4480 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:51:50.0546 4480 uliahci - ok
17:51:50.0586 4480 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:51:50.0596 4480 UlSata - ok
17:51:50.0635 4480 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:51:50.0638 4480 ulsata2 - ok
17:51:50.0657 4480 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:51:50.0659 4480 umbus - ok
17:51:50.0714 4480 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
17:51:50.0716 4480 USBAAPL - ok
17:51:50.0749 4480 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:51:50.0754 4480 usbccgp - ok
17:51:50.0796 4480 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:51:50.0797 4480 usbcir - ok
17:51:50.0844 4480 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:51:50.0851 4480 usbehci - ok
17:51:50.0891 4480 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:51:50.0894 4480 usbhub - ok
17:51:50.0917 4480 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:51:50.0919 4480 usbohci - ok
17:51:50.0952 4480 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:51:50.0954 4480 usbprint - ok
17:51:50.0996 4480 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:51:51.0001 4480 usbscan - ok
17:51:51.0071 4480 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:51:51.0077 4480 USBSTOR - ok
17:51:51.0099 4480 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:51:51.0100 4480 usbuhci - ok
17:51:51.0145 4480 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:51:51.0155 4480 vga - ok
17:51:51.0205 4480 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:51:51.0208 4480 VgaSave - ok
17:51:51.0245 4480 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:51:51.0249 4480 viaagp - ok
17:51:51.0284 4480 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:51:51.0287 4480 ViaC7 - ok
17:51:51.0311 4480 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:51:51.0313 4480 viaide - ok
17:51:51.0326 4480 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:51:51.0328 4480 volmgr - ok
17:51:51.0375 4480 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:51:51.0407 4480 volmgrx - ok
17:51:51.0423 4480 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:51:51.0428 4480 volsnap - ok
17:51:51.0455 4480 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:51:51.0458 4480 vsmraid - ok
17:51:51.0487 4480 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:51:51.0489 4480 WacomPen - ok
17:51:51.0517 4480 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:51:51.0519 4480 Wanarp - ok
17:51:51.0533 4480 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:51:51.0534 4480 Wanarpv6 - ok
17:51:51.0557 4480 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:51:51.0559 4480 Wd - ok
17:51:51.0589 4480 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:51:51.0599 4480 Wdf01000 - ok
17:51:51.0653 4480 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:51:51.0653 4480 WmiAcpi - ok
17:51:51.0701 4480 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:51:51.0702 4480 WpdUsb - ok
17:51:51.0732 4480 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:51:51.0734 4480 ws2ifsl - ok
17:51:51.0772 4480 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:51:51.0774 4480 WUDFRd - ok
17:51:51.0798 4480 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
17:51:51.0831 4480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:51:51.0831 4480 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:51:51.0858 4480 Boot (0x1200) (66631424a998e250e4b3eae3f87ff726) \Device\Harddisk0\DR0\Partition0
17:51:51.0861 4480 \Device\Harddisk0\DR0\Partition0 - ok
17:51:51.0878 4480 Boot (0x1200) (7ac9b3e12c16ae751be823a0f24d2ffd) \Device\Harddisk0\DR0\Partition1
17:51:51.0882 4480 \Device\Harddisk0\DR0\Partition1 - ok
17:51:51.0883 4480 ============================================================
17:51:51.0883 4480 Scan finished
17:51:51.0883 4480 ============================================================
17:51:51.0895 4524 Detected object count: 1
17:51:51.0895 4524 Actual detected object count: 1
17:51:56.0414 4524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:51:56.0495 4524 \Device\Harddisk0\DR0 - ok
17:51:56.0496 4524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:38 PM

Posted 20 January 2012 - 05:56 PM

Good :)

Post new aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 ragolas

ragolas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 20 January 2012 - 06:05 PM

scanning now, can already see it worked though will post results in like 5-10 minutes when done scanning, thank you so much!

Edited by ragolas, 20 January 2012 - 06:05 PM.


#10 ragolas

ragolas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 20 January 2012 - 06:46 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-20 18:04:09
-----------------------------
18:04:09.610 OS Version: Windows 6.0.6002 Service Pack 2
18:04:09.610 Number of processors: 2 586 0x1706
18:04:09.610 ComputerName: NIC-PC UserName: Nic
18:04:19.844 Initialize success
18:04:31.840 AVAST engine defs: 12012001
18:04:34.898 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:04:34.898 Disk 0 Vendor: ST932042 DE14 Size: 305245MB BusType: 3
18:04:34.913 Disk 0 MBR read successfully
18:04:34.913 Disk 0 MBR scan
18:04:34.929 Disk 0 Windows VISTA default MBR code
18:04:34.929 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
18:04:34.945 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 194560
18:04:34.960 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 292348 MB offset 21166080
18:04:34.960 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 619896832
18:04:35.007 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 619898880
18:04:35.007 Disk 0 scanning sectors +625139712
18:04:35.194 Disk 0 scanning C:\Windows\system32\drivers
18:05:00.326 Service scanning
18:05:02.713 Modules scanning
18:05:16.815 Disk 0 trace - called modules:
18:05:16.831 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
18:05:16.831 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd7ac8]
18:05:16.831 3 CLASSPNP.SYS[8bfa48b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85c73028]
18:05:18.079 AVAST engine scan C:\Windows
18:05:29.591 AVAST engine scan C:\Windows\system32
18:10:51.513 AVAST engine scan C:\Windows\system32\drivers
18:11:37.783 AVAST engine scan C:\Users\Nic
18:25:26.186 AVAST engine scan C:\ProgramData
18:33:49.535 Scan finished successfully
18:45:20.899 Disk 0 MBR has been saved successfully to "C:\Users\Nic\Desktop\MBR.dat"
18:45:20.912 The log file has been saved successfully to "C:\Users\Nic\Desktop\aswMBR.txt"
18:45:26.646 Disk 0 MBR has been saved successfully to "C:\Users\Nic\Desktop\MBR.dat"
18:45:26.650 The log file has been saved successfully to "C:\Users\Nic\Desktop\aswMBR.txt"

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:38 PM

Posted 20 January 2012 - 07:59 PM

Very well.

How are the issues?

See if you can post complete FSS log now.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users