Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rediected from search enginees to ads and adult site


  • Please log in to reply
12 replies to this topic

#1 Tom Jones

Tom Jones

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 24 January 2012 - 08:26 PM

Hello,
Recently, my Norton 360 advised me that it had detected and removed pez.exe and maljava.exe. I have ran multiple scans and there doesn't seem to be anything harmful on the PC. However, since then the PC, a Dell Studio Hybrid desktop running Windows Vista, has shown the following symptoms:
- Extremely slow Internet connectivity. A page can take 1-2 minutes to load. (Other computers in the house have not slowed down, however.)
- Occassionally, various services, such as Window Search or CMD, are not available, according to the message that pops up.
- CPU runs on average at 20%.

Your help is much appreciated,
Tom

BC AdBot (Login to Remove)

 


#2 Tom Jones

Tom Jones
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 25 January 2012 - 05:55 PM

Hello,
Everytime I search on Google or Yahoo! I get redirected to ad or adult sites when I click one of the search result links. Also, my PC, a Dell Studio Hybrid running Vista Home edition, has had extremely slow internet connectivity the past few days. I am using Norton 360, which says that there's no viruses on the computer.

Can some one please advise what's wrong?

Thanks,
Tom

Edited by hamluis, 25 January 2012 - 06:07 PM.
Moved from Vista to Am I Infected.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 25 January 2012 - 06:06 PM

EDIT: I combined these and removed the other as I beleive it;s the same machine.

Hello and welcome. I don't know what you ran so we'll run these next.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed

>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware

Edited by boopme, 25 January 2012 - 06:15 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Tom Jones

Tom Jones
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 27 January 2012 - 09:48 PM

Thanks for your help. Enclosed are the MiniToolBoox, TDSSKiller and MBAM logs. However, I might have made a mistake by clicking Report after TDSSKiller rebooted and hence didn't capture the item TDSSKiller indeed cured.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Alf (administrator) on 27-01-2012 at 17:51:25
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WG111v3 Wireless-G USB Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Studio_Hybrid
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WG111v3 Wireless-G USB Adapter
Physical Address. . . . . . . . . : E0-91-F5-21-90-84
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e56e:474d:8a7f:3fed%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, January 27, 2012 5:43:41 PM
Lease Expires . . . . . . . . . . : Friday, January 27, 2012 6:44:38 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 367038965
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AA-B4-7D-00-21-70-5D-1C-75
DNS Servers . . . . . . . . . . . : 24.205.192.61
24.205.224.36
68.116.46.115
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
Physical Address. . . . . . . . . : 00-21-70-5D-1C-75
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.us.dell.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2D6EA7C3-06B0-4627-9AE3-969CEF13E044}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0972A33D-56EC-4688-B623-F40ABC103117}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{61C06ED9-144C-44F8-83E8-5D29BA177771}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vip01renonv.reno.nv.charter.com
Address: 24.205.192.61

Name: google.com
Addresses: 74.125.224.84
74.125.224.81
74.125.224.83
74.125.224.82
74.125.224.80



Pinging google.com [74.125.224.147] with 32 bytes of data:

Reply from 74.125.224.147: bytes=32 time=38ms TTL=55

Reply from 74.125.224.147: bytes=32 time=40ms TTL=55



Ping statistics for 74.125.224.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 40ms, Average = 39ms

Server: vip01renonv.reno.nv.charter.com
Address: 24.205.192.61

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=71ms TTL=54

Reply from 209.191.122.70: bytes=32 time=79ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 71ms, Maximum = 79ms, Average = 75ms

Server: vip01renonv.reno.nv.charter.com
Address: 24.205.192.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
17 ...e0 91 f5 21 90 84 ...... NETGEAR WG111v3 Wireless-G USB Adapter
16 ...00 21 70 5d 1c 75 ...... Realtek PCIe GBE Family Controller #2
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.6 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.6 281
192.168.0.6 255.255.255.255 On-link 192.168.0.6 281
192.168.0.255 255.255.255.255 On-link 192.168.0.6 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.6 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.6 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
17 281 fe80::/64 On-link
17 281 fe80::e56e:474d:8a7f:3fed/128
On-link
1 306 ff00::/8 On-link
17 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/27/2012 05:00:44 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x000662de,
process id 0x4ac, application start time 0xsvchost.exe0.

Error: (01/27/2012 08:31:22 AM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x800423f4).

Error: (01/27/2012 08:31:22 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x800423f4).

Error: (01/27/2012 08:31:22 AM) (Source: SPP) (User: )
Description: Shadow copy creation failed because of error reported by ASR Writer.

More info: The parameter is incorrect. (0x80070057).

Error: (01/27/2012 06:49:45 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module Flash11e.ocx, version 11.1.102.55, time stamp 0x4eaf89fc, exception code 0xc0000005, fault offset 0x00409a0c,
process id 0x1f90, application start time 0xsvchost.exe0.

Error: (01/27/2012 06:23:05 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c38
Start Time: 01ccdcff0fcf3230
Termination Time: 6

Error: (01/26/2012 11:21:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3167

Error: (01/26/2012 11:21:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3167

Error: (01/26/2012 11:21:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/26/2012 11:21:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2169


System errors:
=============
Error: (01/27/2012 05:44:26 PM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058

Error: (01/27/2012 05:44:26 PM) (Source: Service Control Manager) (User: )
Description: McAfee SiteAdvisor Service%%3

Error: (01/27/2012 05:04:03 PM) (Source: Service Control Manager) (User: )
Description: 1Restart the serviceWindows Management Instrumentation%%1056

Error: (01/27/2012 07:44:19 AM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058

Error: (01/27/2012 07:44:19 AM) (Source: Service Control Manager) (User: )
Description: McAfee SiteAdvisor Service%%3

Error: (01/27/2012 06:51:50 AM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (01/27/2012 06:51:22 AM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (01/27/2012 06:51:22 AM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (01/27/2012 06:51:22 AM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (01/27/2012 06:51:22 AM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection


Microsoft Office Sessions:
=========================
Error: (09/09/2011 01:50:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.1)
3DVIA player 5.0 (Version: 5.0.0.12)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 Plugin (Version: 10.3.181.22)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
AGEIA PhysX v6.10.25 (Version: 6.10.25)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
Bonjour (Version: 2.0.4.0)
BufferChm (Version: 130.0.331.000)
C4600 (Version: 130.0.425.000)
CameraHelperMsi (Version: 13.30.1395.0)
Camtasia Studio 7 (Version: 7.1.0)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.5.0.8)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities PhotoStitch (Version: 3.1.18.42)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
D3DX10 (Version: 15.4.2368.0902)
Dell Edoc Viewer (Version: 1.0.0)
Dell Support Center (Support Software) (Version: 2.2.09085)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
erLT (Version: 1.20.138.34)
Facebook Video Calling 1.1.1.1 (Version: 1.1.1)
Free Realms
Google Chrome (Version: 16.0.912.77)
GoToAssist 8.0.0.514
GPBaseService2 (Version: 130.0.371.000)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
Inbox Toolbar (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes (Version: 10.2.1.1)
Java Auto Updater (Version: 2.0.5.1)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ SE Development Kit 6 Update 21 (Version: 1.6.0.210)
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.30.1346.0)
LWS Gallery (Version: 13.30.1379.0)
LWS Help_main (Version: 13.30.1396.0)
LWS Launcher (Version: 13.30.1379.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.30.1395.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.30.1379.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.30.1346.0)
Malwarebytes' Anti-Malware
MediaButtons 5.0.0.1T4 (Version: 5.0.0.1T4)
MediaDirect (Version: 4.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 1.2.1)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MobileMe Control Panel (Version: 3.1.5.0)
Mouse Suite (Version: 3.8)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nancy Drew: Message in a Haunted Mansion
Nancy Drew: The Creature of Kapu Cave
Nancy Drew: Treasure in the Royal Tower
NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.01.10)
Norton 360 (Version: 5.1.0.29)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Opera 11.50 (Version: 11.50.1074)
Origin (Version: 8.4.1.210)
OTOY
PS_AIO_05_C4600_Software_Min (Version: 130.0.425.000)
QuickTime (Version: 7.69.80.9)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (Version: 1.00)
Realtek High Definition Audio Driver
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.33.20.27)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Shop To Win (Version: 1.1.0.0)
Skype™ 5.5 (Version: 5.5.124)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (Version: 0.5.2)
Status (Version: 130.0.373.000)
swMSM (Version: 12.0.0.1)
The Sims Medieval (Version: 2.0.113)
The Sims™ 3 (Version: 1.29.55)
The Sims™ 3 Ambitions (Version: 4.0.87)
The Sims™ 3 Create a Pattern Tool (Version: 1.0.0)
The Sims™ 3 Create a World Tool - Beta (Version: 1.13.3)
The Sims™ 3 Fast Lane Stuff (Version: 5.0.44)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 High-End Loft Stuff (Version: 3.0.38)
The Sims™ 3 Late Night (Version: 6.0.81)
The Sims™ 3 Outdoor Living Stuff (Version: 7.0.55)
The Sims™ 3 Town Life Stuff (Version: 9.0.73)
The Sims™ 3 World Adventures (Version: 2.17.2)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
WebReg (Version: 130.0.132.017)
WinRAR archiver
Yontoo 1.10.01 (Version: 1.10.01)

========================= Devices: ================================

Name: Multi-Card
Description: Multi-Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Photosmart C4600
Description: Photosmart C4600
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: HP
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 3318.26 MB
Available physical RAM: 1614.19 MB
Total Pagefile: 6832.52 MB
Available Pagefile: 5201.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.13 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:134 GB) (Free:14.98 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.43 GB) NTFS

========================= Users: ========================================

User accounts for \\STUDIO_HYBRID

Administrator Alf Cate
Emily Guest Ruby

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini091511-01.dmp

**** End of log ****


18:00:48.0591 5852 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
18:00:49.0605 5852 ============================================================
18:00:49.0605 5852 Current date / time: 2012/01/27 18:00:49.0605
18:00:49.0605 5852 SystemInfo:
18:00:49.0605 5852
18:00:49.0605 5852 OS Version: 6.0.6002 ServicePack: 2.0
18:00:49.0605 5852 Product type: Workstation
18:00:49.0605 5852 ComputerName: STUDIO_HYBRID
18:00:49.0605 5852 UserName: Alf
18:00:49.0605 5852 Windows directory: C:\Windows
18:00:49.0605 5852 System windows directory: C:\Windows
18:00:49.0605 5852 Processor architecture: Intel x86
18:00:49.0605 5852 Number of processors: 2
18:00:49.0605 5852 Page size: 0x1000
18:00:49.0605 5852 Boot type: Normal boot
18:00:49.0605 5852 ============================================================
18:00:51.0633 5852 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:00:51.0898 5852 Initialize success
18:01:39.0790 4072 ============================================================
18:01:39.0790 4072 Scan started
18:01:39.0790 4072 Mode: Manual;
18:01:39.0790 4072 ============================================================
18:01:41.0085 4072 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:01:41.0085 4072 ACPI - ok
18:01:41.0319 4072 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:01:41.0319 4072 adp94xx - ok
18:01:41.0490 4072 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:01:41.0490 4072 adpahci - ok
18:01:41.0521 4072 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:01:41.0521 4072 adpu160m - ok
18:01:41.0553 4072 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:01:41.0568 4072 adpu320 - ok
18:01:41.0662 4072 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:01:41.0662 4072 AFD - ok
18:01:41.0709 4072 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:01:41.0709 4072 agp440 - ok
18:01:41.0755 4072 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:01:41.0755 4072 aic78xx - ok
18:01:41.0833 4072 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:01:41.0833 4072 aliide - ok
18:01:41.0927 4072 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:01:41.0927 4072 amdagp - ok
18:01:41.0958 4072 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:01:41.0958 4072 amdide - ok
18:01:41.0989 4072 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:01:41.0989 4072 AmdK7 - ok
18:01:42.0005 4072 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:01:42.0005 4072 AmdK8 - ok
18:01:42.0052 4072 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:01:42.0052 4072 arc - ok
18:01:42.0099 4072 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:01:42.0099 4072 arcsas - ok
18:01:42.0161 4072 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:42.0161 4072 AsyncMac - ok
18:01:42.0208 4072 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:01:42.0208 4072 atapi - ok
18:01:42.0301 4072 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:01:42.0301 4072 Beep - ok
18:01:42.0769 4072 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx86.sys
18:01:42.0769 4072 BHDrvx86 - ok
18:01:42.0910 4072 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:01:42.0910 4072 blbdrive - ok
18:01:43.0019 4072 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:01:43.0019 4072 bowser - ok
18:01:43.0097 4072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:01:43.0113 4072 BrFiltLo - ok
18:01:43.0128 4072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:01:43.0128 4072 BrFiltUp - ok
18:01:43.0206 4072 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:01:43.0206 4072 Brserid - ok
18:01:43.0300 4072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:01:43.0300 4072 BrSerWdm - ok
18:01:43.0378 4072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:01:43.0378 4072 BrUsbMdm - ok
18:01:43.0503 4072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:01:43.0503 4072 BrUsbSer - ok
18:01:43.0534 4072 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:01:43.0534 4072 BTHMODEM - ok
18:01:43.0596 4072 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:01:43.0596 4072 cdfs - ok
18:01:43.0643 4072 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:01:43.0643 4072 cdrom - ok
18:01:43.0721 4072 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:01:43.0737 4072 circlass - ok
18:01:43.0846 4072 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:01:43.0846 4072 CLFS - ok
18:01:43.0939 4072 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:01:43.0939 4072 cmdide - ok
18:01:43.0939 4072 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
18:01:43.0955 4072 Compbatt - ok
18:01:43.0971 4072 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:01:43.0971 4072 crcdisk - ok
18:01:43.0986 4072 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:01:44.0002 4072 Crusoe - ok
18:01:44.0049 4072 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:01:44.0064 4072 DfsC - ok
18:01:44.0095 4072 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:01:44.0095 4072 disk - ok
18:01:44.0127 4072 DLXPDisplayName (251be1d81cecb8a3aef509631ea40522) C:\Windows\system32\DRIVERS\DLACPI.sys
18:01:44.0127 4072 DLXPDisplayName - ok
18:01:44.0189 4072 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:01:44.0189 4072 Dot4 - ok
18:01:44.0220 4072 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:01:44.0220 4072 Dot4Print - ok
18:01:44.0236 4072 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:01:44.0236 4072 dot4usb - ok
18:01:44.0283 4072 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:01:44.0298 4072 drmkaud - ok
18:01:44.0407 4072 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:01:44.0407 4072 DXGKrnl - ok
18:01:44.0501 4072 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
18:01:44.0501 4072 e1express - ok
18:01:44.0548 4072 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:01:44.0563 4072 E1G60 - ok
18:01:44.0595 4072 EagleNT - ok
18:01:44.0719 4072 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:01:44.0719 4072 Ecache - ok
18:01:44.0875 4072 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:01:44.0875 4072 eeCtrl - ok
18:01:45.0016 4072 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:01:45.0031 4072 elxstor - ok
18:01:45.0187 4072 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:01:45.0187 4072 EraserUtilRebootDrv - ok
18:01:45.0328 4072 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
18:01:45.0328 4072 ErrDev - ok
18:01:45.0406 4072 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:01:45.0421 4072 exfat - ok
18:01:45.0499 4072 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:01:45.0531 4072 fastfat - ok
18:01:45.0546 4072 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:01:45.0546 4072 fdc - ok
18:01:45.0577 4072 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:01:45.0577 4072 FileInfo - ok
18:01:45.0609 4072 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:01:45.0609 4072 Filetrace - ok
18:01:45.0624 4072 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:01:45.0624 4072 flpydisk - ok
18:01:45.0765 4072 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:01:45.0765 4072 FltMgr - ok
18:01:45.0858 4072 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:01:45.0858 4072 Fs_Rec - ok
18:01:45.0874 4072 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:01:45.0874 4072 gagp30kx - ok
18:01:45.0952 4072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:01:45.0952 4072 GEARAspiWDM - ok
18:01:46.0061 4072 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:01:46.0061 4072 HDAudBus - ok
18:01:46.0155 4072 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:01:46.0155 4072 HidBth - ok
18:01:46.0233 4072 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:01:46.0233 4072 HidIr - ok
18:01:46.0311 4072 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:01:46.0311 4072 HidUsb - ok
18:01:46.0326 4072 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:01:46.0342 4072 HpCISSs - ok
18:01:46.0435 4072 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
18:01:46.0435 4072 HTTP - ok
18:01:46.0482 4072 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:01:46.0482 4072 i2omp - ok
18:01:46.0529 4072 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:01:46.0529 4072 i8042prt - ok
18:01:46.0669 4072 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
18:01:46.0669 4072 iaStor - ok
18:01:46.0872 4072 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:01:46.0888 4072 iaStorV - ok
18:01:47.0231 4072 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120126.003\IDSvix86.sys
18:01:47.0231 4072 IDSVix86 - ok
18:01:47.0637 4072 igfx (9ac822567e96d2efad86d2267caeb1e1) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:01:47.0761 4072 igfx - ok
18:01:47.0839 4072 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:01:47.0855 4072 iirsp - ok
18:01:47.0964 4072 IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
18:01:47.0980 4072 IntcAzAudAddService - ok
18:01:48.0073 4072 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
18:01:48.0073 4072 intelide - ok
18:01:48.0136 4072 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:01:48.0136 4072 intelppm - ok
18:01:48.0261 4072 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:48.0261 4072 IpFilterDriver - ok
18:01:48.0307 4072 IpInIp - ok
18:01:48.0354 4072 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:01:48.0354 4072 IPMIDRV - ok
18:01:48.0385 4072 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:01:48.0385 4072 IPNAT - ok
18:01:48.0417 4072 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:01:48.0417 4072 IRENUM - ok
18:01:48.0448 4072 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:01:48.0448 4072 isapnp - ok
18:01:48.0510 4072 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:01:48.0510 4072 iScsiPrt - ok
18:01:48.0557 4072 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:01:48.0557 4072 iteatapi - ok
18:01:48.0604 4072 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:01:48.0604 4072 iteraid - ok
18:01:48.0635 4072 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:01:48.0635 4072 kbdclass - ok
18:01:48.0697 4072 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:01:48.0697 4072 kbdhid - ok
18:01:48.0775 4072 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
18:01:48.0775 4072 klmd23 - ok
18:01:48.0822 4072 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:01:48.0838 4072 KSecDD - ok
18:01:48.0885 4072 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:01:48.0885 4072 lltdio - ok
18:01:48.0947 4072 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:01:48.0947 4072 LSI_FC - ok
18:01:48.0978 4072 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:01:48.0978 4072 LSI_SAS - ok
18:01:48.0994 4072 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:01:49.0009 4072 LSI_SCSI - ok
18:01:49.0025 4072 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:01:49.0025 4072 luafv - ok
18:01:49.0103 4072 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
18:01:49.0119 4072 LVPr2Mon - ok
18:01:49.0150 4072 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
18:01:49.0165 4072 LVRS - ok
18:01:49.0555 4072 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
18:01:49.0665 4072 LVUVC - ok
18:01:49.0758 4072 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:01:49.0758 4072 megasas - ok
18:01:49.0805 4072 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:01:49.0805 4072 MegaSR - ok
18:01:49.0836 4072 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:01:49.0852 4072 Modem - ok
18:01:49.0899 4072 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:01:49.0899 4072 monitor - ok
18:01:49.0945 4072 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:01:49.0945 4072 mouclass - ok
18:01:49.0961 4072 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:01:49.0977 4072 mouhid - ok
18:01:49.0992 4072 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:01:49.0992 4072 MountMgr - ok
18:01:50.0023 4072 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:01:50.0023 4072 mpio - ok
18:01:50.0070 4072 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:01:50.0070 4072 mpsdrv - ok
18:01:50.0195 4072 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:01:50.0195 4072 Mraid35x - ok
18:01:50.0304 4072 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:01:50.0304 4072 MRxDAV - ok
18:01:50.0398 4072 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:50.0398 4072 mrxsmb - ok
18:01:50.0445 4072 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:50.0460 4072 mrxsmb10 - ok
18:01:50.0476 4072 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:50.0491 4072 mrxsmb20 - ok
18:01:50.0523 4072 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:01:50.0523 4072 msahci - ok
18:01:50.0569 4072 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:01:50.0569 4072 msdsm - ok
18:01:50.0616 4072 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:01:50.0616 4072 Msfs - ok
18:01:50.0632 4072 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:01:50.0632 4072 msisadrv - ok
18:01:50.0679 4072 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:01:50.0679 4072 MSKSSRV - ok
18:01:50.0694 4072 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:01:50.0694 4072 MSPCLOCK - ok
18:01:50.0725 4072 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:01:50.0725 4072 MSPQM - ok
18:01:50.0803 4072 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:01:50.0819 4072 MsRPC - ok
18:01:50.0866 4072 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:01:50.0866 4072 mssmbios - ok
18:01:50.0897 4072 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:01:50.0913 4072 MSTEE - ok
18:01:51.0006 4072 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:01:51.0006 4072 Mup - ok
18:01:51.0131 4072 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:01:51.0131 4072 NativeWifiP - ok
18:01:51.0459 4072 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120127.019\NAVENG.SYS
18:01:51.0459 4072 NAVENG - ok
18:01:51.0677 4072 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120127.019\NAVEX15.SYS
18:01:51.0693 4072 NAVEX15 - ok
18:01:51.0849 4072 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:01:51.0864 4072 NDIS - ok
18:01:51.0927 4072 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:01:51.0927 4072 NdisTapi - ok
18:01:51.0942 4072 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:01:51.0942 4072 Ndisuio - ok
18:01:52.0005 4072 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:01:52.0005 4072 NdisWan - ok
18:01:52.0067 4072 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:01:52.0067 4072 NDProxy - ok
18:01:52.0129 4072 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:01:52.0129 4072 NetBIOS - ok
18:01:52.0207 4072 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:01:52.0223 4072 netbt - ok
18:01:52.0363 4072 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:01:52.0363 4072 nfrd960 - ok
18:01:52.0473 4072 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:01:52.0488 4072 Npfs - ok
18:01:52.0551 4072 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:01:52.0551 4072 nsiproxy - ok
18:01:52.0660 4072 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:01:52.0722 4072 Ntfs - ok
18:01:52.0878 4072 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:01:52.0878 4072 ntrigdigi - ok
18:01:52.0909 4072 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:01:52.0925 4072 Null - ok
18:01:52.0956 4072 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:01:52.0956 4072 nvraid - ok
18:01:52.0987 4072 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:01:52.0987 4072 nvstor - ok
18:01:53.0019 4072 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:01:53.0019 4072 nv_agp - ok
18:01:53.0065 4072 NwlnkFlt - ok
18:01:53.0081 4072 NwlnkFwd - ok
18:01:53.0143 4072 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:01:53.0143 4072 ohci1394 - ok
18:01:53.0190 4072 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:01:53.0190 4072 Parport - ok
18:01:53.0299 4072 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:01:53.0299 4072 partmgr - ok
18:01:53.0362 4072 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:01:53.0362 4072 Parvdm - ok
18:01:53.0565 4072 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:01:53.0565 4072 pci - ok
18:01:53.0674 4072 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:01:53.0674 4072 pciide - ok
18:01:53.0799 4072 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:01:53.0799 4072 pcmcia - ok
18:01:54.0001 4072 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:01:54.0111 4072 PEAUTH - ok
18:01:54.0267 4072 pelmouse (670824151bf5a291d395f57ef2999cbf) C:\Windows\system32\DRIVERS\pelmouse.sys
18:01:54.0267 4072 pelmouse - ok
18:01:54.0298 4072 pelusblf (ee8c61ce8a018a6ad1dfbd90b452e845) C:\Windows\system32\DRIVERS\pelusblf.sys
18:01:54.0313 4072 pelusblf - ok
18:01:54.0454 4072 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:01:54.0454 4072 PptpMiniport - ok
18:01:54.0579 4072 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:01:54.0579 4072 Processor - ok
18:01:54.0688 4072 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:01:54.0703 4072 PSched - ok
18:01:54.0766 4072 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
18:01:54.0766 4072 PxHelp20 - ok
18:01:54.0859 4072 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:01:54.0875 4072 ql2300 - ok
18:01:54.0953 4072 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:01:54.0969 4072 ql40xx - ok
18:01:55.0062 4072 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:01:55.0062 4072 QWAVEdrv - ok
18:01:55.0187 4072 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
18:01:55.0203 4072 R300 - ok
18:01:55.0327 4072 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:01:55.0343 4072 RasAcd - ok
18:01:55.0390 4072 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:01:55.0390 4072 Rasl2tp - ok
18:01:55.0468 4072 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:01:55.0468 4072 RasPppoe - ok
18:01:55.0608 4072 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:01:55.0608 4072 RasSstp - ok
18:01:55.0811 4072 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:01:55.0811 4072 rdbss - ok
18:01:55.0873 4072 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:01:55.0873 4072 RDPCDD - ok
18:01:55.0936 4072 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:01:55.0951 4072 rdpdr - ok
18:01:56.0029 4072 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:01:56.0029 4072 RDPENCDD - ok
18:01:56.0123 4072 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:01:56.0123 4072 RDPWD - ok
18:01:56.0170 4072 rk_remover-boot (1bdb2a8bce998ef9592d7f1ff6e76996) C:\Windows\system32\drivers\rk_remover.sys
18:01:56.0170 4072 rk_remover-boot - ok
18:01:56.0217 4072 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:01:56.0217 4072 rspndr - ok
18:01:56.0279 4072 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:01:56.0279 4072 RTL8169 - ok
18:01:56.0451 4072 RTL8187B (d5d2e9f785fda3c1e021fde9f218c7f5) C:\Windows\system32\DRIVERS\wg111v3.sys
18:01:56.0482 4072 RTL8187B - ok
18:01:56.0575 4072 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
18:01:56.0575 4072 RtlProt - ok
18:01:56.0700 4072 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
18:01:56.0700 4072 RtNdPt60 - ok
18:01:56.0731 4072 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:01:56.0731 4072 sbp2port - ok
18:01:56.0794 4072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:01:56.0794 4072 secdrv - ok
18:01:56.0887 4072 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:01:56.0887 4072 Serenum - ok
18:01:56.0934 4072 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:01:56.0934 4072 Serial - ok
18:01:56.0981 4072 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:01:56.0981 4072 sermouse - ok
18:01:57.0028 4072 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:01:57.0028 4072 sffdisk - ok
18:01:57.0043 4072 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:01:57.0043 4072 sffp_mmc - ok
18:01:57.0090 4072 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:01:57.0090 4072 sffp_sd - ok
18:01:57.0106 4072 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:01:57.0121 4072 sfloppy - ok
18:01:57.0153 4072 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:01:57.0153 4072 sisagp - ok
18:01:57.0184 4072 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:01:57.0184 4072 SiSRaid2 - ok
18:01:57.0199 4072 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:01:57.0215 4072 SiSRaid4 - ok
18:01:57.0277 4072 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:01:57.0277 4072 Smb - ok
18:01:57.0480 4072 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:01:57.0480 4072 spldr - ok
18:01:57.0667 4072 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS
18:01:57.0667 4072 SRTSP - ok
18:01:57.0761 4072 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
18:01:57.0761 4072 SRTSPX - ok
18:01:57.0870 4072 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:01:57.0870 4072 srv - ok
18:01:58.0026 4072 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:01:58.0026 4072 srv2 - ok
18:01:58.0167 4072 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:01:58.0182 4072 srvnet - ok
18:01:58.0229 4072 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:01:58.0229 4072 swenum - ok
18:01:58.0276 4072 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:01:58.0276 4072 Symc8xx - ok
18:01:58.0432 4072 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
18:01:58.0432 4072 SymDS - ok
18:01:58.0744 4072 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
18:01:58.0744 4072 SymEFA - ok
18:01:58.0869 4072 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
18:01:58.0869 4072 SymEvent - ok
18:01:59.0009 4072 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
18:01:59.0009 4072 SymIRON - ok
18:01:59.0290 4072 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS
18:01:59.0290 4072 SYMTDIv - ok
18:01:59.0368 4072 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:01:59.0383 4072 Sym_hi - ok
18:01:59.0430 4072 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:01:59.0430 4072 Sym_u3 - ok
18:01:59.0711 4072 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:01:59.0727 4072 Tcpip - ok
18:01:59.0851 4072 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:01:59.0867 4072 Tcpip6 - ok
18:01:59.0929 4072 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:01:59.0929 4072 tcpipreg - ok
18:02:00.0007 4072 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:02:00.0007 4072 TDPIPE - ok
18:02:00.0023 4072 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:02:00.0023 4072 TDTCP - ok
18:02:00.0163 4072 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:02:00.0163 4072 tdx - ok
18:02:00.0241 4072 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:02:00.0241 4072 TermDD - ok
18:02:00.0382 4072 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:02:00.0382 4072 tssecsrv - ok
18:02:00.0538 4072 tunmp (387e5f1a2e0a96faf43f11ea7a7a760e) C:\Windows\system32\DRIVERS\tunmp.sys
18:02:00.0538 4072 tunmp - ok
18:02:00.0631 4072 tunnel (4e2e4203534ebbe07bb8147a8d419143) C:\Windows\system32\DRIVERS\tunnel.sys
18:02:00.0631 4072 tunnel - ok
18:02:00.0678 4072 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:02:00.0678 4072 uagp35 - ok
18:02:00.0741 4072 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:02:00.0741 4072 udfs - ok
18:02:00.0850 4072 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:02:00.0850 4072 uliagpkx - ok
18:02:00.0881 4072 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:02:00.0881 4072 uliahci - ok
18:02:00.0912 4072 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:02:00.0912 4072 UlSata - ok
18:02:00.0928 4072 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:02:00.0928 4072 ulsata2 - ok
18:02:00.0975 4072 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:02:00.0990 4072 umbus - ok
18:02:01.0115 4072 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
18:02:01.0115 4072 USBAAPL - ok
18:02:01.0177 4072 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:02:01.0177 4072 usbaudio - ok
18:02:01.0240 4072 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:02:01.0255 4072 usbccgp - ok
18:02:01.0287 4072 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:02:01.0287 4072 usbcir - ok
18:02:01.0349 4072 usbehci (8d75aec2bba8d041976d1831a03e42fc) C:\Windows\system32\DRIVERS\usbehci.sys
18:02:01.0349 4072 usbehci - ok
18:02:01.0411 4072 usbhub (7ae1e0745b06e9dd5df66ede062bacfa) C:\Windows\system32\DRIVERS\usbhub.sys
18:02:01.0411 4072 usbhub - ok
18:02:01.0443 4072 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:02:01.0443 4072 usbohci - ok
18:02:01.0474 4072 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:02:01.0489 4072 usbprint - ok
18:02:01.0521 4072 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:02:01.0521 4072 usbscan - ok
18:02:01.0567 4072 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:02:01.0567 4072 USBSTOR - ok
18:02:01.0599 4072 usbuhci (407fa9318014a409c4575b77493950c8) C:\Windows\system32\DRIVERS\usbuhci.sys
18:02:01.0614 4072 usbuhci - ok
18:02:01.0677 4072 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
18:02:01.0677 4072 VClone - ok
18:02:01.0739 4072 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:02:01.0739 4072 vga - ok
18:02:01.0770 4072 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:02:01.0770 4072 VgaSave - ok
18:02:01.0786 4072 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:02:01.0786 4072 viaagp - ok
18:02:01.0801 4072 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:02:01.0817 4072 ViaC7 - ok
18:02:01.0833 4072 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:02:01.0833 4072 viaide - ok
18:02:01.0864 4072 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:02:01.0864 4072 volmgr - ok
18:02:01.0926 4072 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:02:01.0942 4072 volmgrx - ok
18:02:02.0004 4072 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:02:02.0020 4072 volsnap - ok
18:02:02.0051 4072 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:02:02.0051 4072 vsmraid - ok
18:02:02.0098 4072 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:02:02.0113 4072 WacomPen - ok
18:02:02.0129 4072 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:02.0129 4072 Wanarp - ok
18:02:02.0145 4072 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:02.0145 4072 Wanarpv6 - ok
18:02:02.0176 4072 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:02:02.0176 4072 Wd - ok
18:02:02.0223 4072 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:02:02.0238 4072 Wdf01000 - ok
18:02:02.0347 4072 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
18:02:02.0347 4072 WmiAcpi - ok
18:02:02.0503 4072 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:02:02.0519 4072 WpdUsb - ok
18:02:02.0566 4072 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:02:02.0566 4072 ws2ifsl - ok
18:02:02.0644 4072 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:02:02.0706 4072 \Device\Harddisk0\DR0 - ok
18:02:02.0722 4072 Boot (0x1200) (75e04d574be89ca04eb46d29b07e663d) \Device\Harddisk0\DR0\Partition0
18:02:02.0737 4072 \Device\Harddisk0\DR0\Partition0 - ok
18:02:02.0737 4072 Boot (0x1200) (9a021bc52edab9156b04206941b26ac3) \Device\Harddisk0\DR0\Partition1
18:02:02.0737 4072 \Device\Harddisk0\DR0\Partition1 - ok
18:02:02.0737 4072 ============================================================
18:02:02.0737 4072 Scan finished
18:02:02.0737 4072 ============================================================
18:02:02.0862 3628 Detected object count: 0
18:02:02.0862 3628 Actual detected object count: 0



Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Alf :: STUDIO_HYBRID [administrator]

Protection: Enabled

1/27/2012 6:14:47 PM
mbam-log-2012-01-27 (18-14-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269484
Time elapsed: 11 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\Ruby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\Ruby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\Ruby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Users\Ruby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\Ruby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\Ruby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\Ruby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\Ruby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.xpt (PUP.PlaySushi) -> Quarantined and deleted successfully.

(end)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 30 January 2012 - 07:30 PM

Are your redirects gone?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Tom Jones

Tom Jones
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 30 January 2012 - 09:29 PM

Yes, they are gone and the network performance is back to normal.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 30 January 2012 - 09:36 PM

Excellent.. If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Tom Jones

Tom Jones
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 31 January 2012 - 01:11 PM

Restore point set. Thank you so very much for the help.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 31 January 2012 - 08:45 PM

You're very welcome!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Tom Jones

Tom Jones
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 February 2012 - 10:07 PM

Hello again.

Seems like there still are some issues with the computer. Today the redrict began again. I ran TDSSKiller and found Virus.Win32.ZAccess.aml and Rootkit.Boot.Pihar.b, which was cured before the computer rebooted, see report below. Also ran MBAM and found seven issues, see log below.

After the reboot, the redirect was gone and the internet connection back to normal speed. But, of course, that happened last time, too. Can you please help me clean it all out?

Thanks,
Tom


8:54:02.0618 3856 ============================================================
18:54:02.0618 3856 Current date / time: 2012/02/06 18:54:02.0618
18:54:02.0618 3856 SystemInfo:
18:54:02.0618 3856
18:54:02.0618 3856 OS Version: 6.0.6002 ServicePack: 2.0
18:54:02.0618 3856 Product type: Workstation
18:54:02.0618 3856 ComputerName: STUDIO_HYBRID
18:54:02.0633 3856 UserName: Emily
18:54:02.0633 3856 Windows directory: C:\Windows
18:54:02.0633 3856 System windows directory: C:\Windows
18:54:02.0633 3856 Processor architecture: Intel x86
18:54:02.0633 3856 Number of processors: 2
18:54:02.0633 3856 Page size: 0x1000
18:54:02.0633 3856 Boot type: Normal boot
18:54:02.0633 3856 ============================================================
18:54:03.0585 3856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:54:03.0601 3856 \Device\Harddisk0\DR0:
18:54:03.0601 3856 MBR used
18:54:03.0601 3856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
18:54:03.0601 3856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x10BFD800
18:54:03.0803 3856 Initialize success
18:54:03.0803 3856 ============================================================
18:54:05.0270 3156 ============================================================
18:54:05.0270 3156 Scan started
18:54:05.0270 3156 Mode: Manual;
18:54:05.0270 3156 ============================================================
18:54:06.0861 3156 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:54:06.0861 3156 ACPI - ok
18:54:07.0282 3156 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:54:07.0391 3156 adp94xx - ok
18:54:07.0469 3156 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:54:07.0485 3156 adpahci - ok
18:54:07.0594 3156 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:54:07.0594 3156 adpu160m - ok
18:54:07.0703 3156 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:54:07.0703 3156 adpu320 - ok
18:54:08.0171 3156 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:54:08.0203 3156 AFD - ok
18:54:08.0608 3156 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:54:08.0608 3156 agp440 - ok
18:54:08.0811 3156 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:54:08.0827 3156 aic78xx - ok
18:54:08.0873 3156 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:54:08.0873 3156 aliide - ok
18:54:08.0936 3156 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:54:08.0936 3156 amdagp - ok
18:54:08.0983 3156 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:54:08.0998 3156 amdide - ok
18:54:09.0045 3156 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:54:09.0045 3156 AmdK7 - ok
18:54:09.0232 3156 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:54:09.0232 3156 AmdK8 - ok
18:54:09.0529 3156 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:54:09.0529 3156 arc - ok
18:54:09.0575 3156 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:54:09.0575 3156 arcsas - ok
18:54:09.0669 3156 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:54:09.0669 3156 AsyncMac - ok
18:54:09.0809 3156 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:54:09.0809 3156 atapi - ok
18:54:09.0903 3156 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:54:09.0903 3156 Beep - ok
18:54:10.0636 3156 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx86.sys
18:54:10.0652 3156 BHDrvx86 - ok
18:54:10.0917 3156 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:54:10.0917 3156 blbdrive - ok
18:54:11.0057 3156 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:54:11.0057 3156 bowser - ok
18:54:11.0135 3156 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:54:11.0135 3156 BrFiltLo - ok
18:54:11.0198 3156 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:54:11.0213 3156 BrFiltUp - ok
18:54:11.0307 3156 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:54:11.0307 3156 Brserid - ok
18:54:11.0510 3156 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:54:11.0510 3156 BrSerWdm - ok
18:54:11.0541 3156 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:54:11.0541 3156 BrUsbMdm - ok
18:54:11.0557 3156 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:54:11.0557 3156 BrUsbSer - ok
18:54:11.0635 3156 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:54:11.0650 3156 BTHMODEM - ok
18:54:11.0744 3156 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:54:11.0744 3156 cdfs - ok
18:54:11.0947 3156 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:54:11.0947 3156 cdrom - ok
18:54:12.0009 3156 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:54:12.0009 3156 circlass - ok
18:54:12.0087 3156 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:54:12.0087 3156 CLFS - ok
18:54:12.0118 3156 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:54:12.0134 3156 cmdide - ok
18:54:12.0212 3156 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
18:54:12.0212 3156 Compbatt - ok
18:54:12.0243 3156 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:54:12.0243 3156 crcdisk - ok
18:54:12.0259 3156 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:54:12.0259 3156 Crusoe - ok
18:54:12.0352 3156 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:54:12.0352 3156 DfsC - ok
18:54:12.0415 3156 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:54:12.0415 3156 disk - ok
18:54:12.0461 3156 DLXPDisplayName (251be1d81cecb8a3aef509631ea40522) C:\Windows\system32\DRIVERS\DLACPI.sys
18:54:12.0461 3156 DLXPDisplayName - ok
18:54:12.0508 3156 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:54:12.0508 3156 Dot4 - ok
18:54:12.0539 3156 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:54:12.0555 3156 Dot4Print - ok
18:54:12.0571 3156 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:54:12.0571 3156 dot4usb - ok
18:54:12.0649 3156 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:54:12.0649 3156 drmkaud - ok
18:54:12.0805 3156 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:54:12.0805 3156 DXGKrnl - ok
18:54:12.0945 3156 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
18:54:12.0961 3156 e1express - ok
18:54:12.0976 3156 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:54:12.0976 3156 E1G60 - ok
18:54:13.0007 3156 EagleNT - ok
18:54:13.0101 3156 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:54:13.0101 3156 Ecache - ok
18:54:13.0429 3156 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:54:13.0429 3156 eeCtrl - ok
18:54:13.0756 3156 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:54:13.0756 3156 elxstor - ok
18:54:13.0990 3156 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:54:13.0990 3156 EraserUtilRebootDrv - ok
18:54:14.0318 3156 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
18:54:14.0318 3156 ErrDev - ok
18:54:14.0583 3156 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:54:14.0583 3156 exfat - ok
18:54:14.0848 3156 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:54:14.0864 3156 fastfat - ok
18:54:15.0020 3156 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:54:15.0020 3156 fdc - ok
18:54:15.0176 3156 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:54:15.0176 3156 FileInfo - ok
18:54:15.0223 3156 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:54:15.0223 3156 Filetrace - ok
18:54:15.0379 3156 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:54:15.0394 3156 flpydisk - ok
18:54:15.0581 3156 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:54:15.0581 3156 FltMgr - ok
18:54:15.0644 3156 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:54:15.0644 3156 Fs_Rec - ok
18:54:15.0769 3156 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:54:15.0784 3156 gagp30kx - ok
18:54:15.0909 3156 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:54:15.0909 3156 GEARAspiWDM - ok
18:54:16.0081 3156 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:54:16.0081 3156 HDAudBus - ok
18:54:16.0283 3156 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:54:16.0283 3156 HidBth - ok
18:54:16.0424 3156 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:54:16.0424 3156 HidIr - ok
18:54:16.0611 3156 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:54:16.0611 3156 HidUsb - ok
18:54:16.0658 3156 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:54:16.0658 3156 HpCISSs - ok
18:54:16.0720 3156 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
18:54:16.0720 3156 HTTP - ok
18:54:16.0767 3156 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:54:16.0783 3156 i2omp - ok
18:54:16.0798 3156 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:54:16.0798 3156 i8042prt - ok
18:54:16.0939 3156 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
18:54:16.0939 3156 iaStor - ok
18:54:17.0048 3156 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:54:17.0048 3156 iaStorV - ok
18:54:17.0500 3156 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120203.002\IDSvix86.sys
18:54:17.0500 3156 IDSVix86 - ok
18:54:18.0311 3156 igfx (9ac822567e96d2efad86d2267caeb1e1) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:54:18.0639 3156 igfx - ok
18:54:18.0779 3156 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:54:18.0779 3156 iirsp - ok
18:54:19.0247 3156 IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
18:54:19.0263 3156 IntcAzAudAddService - ok
18:54:19.0559 3156 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
18:54:19.0575 3156 intelide - ok
18:54:19.0715 3156 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:54:19.0731 3156 intelppm - ok
18:54:19.0856 3156 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:54:19.0856 3156 IpFilterDriver - ok
18:54:19.0981 3156 IpInIp - ok
18:54:20.0261 3156 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:54:20.0261 3156 IPMIDRV - ok
18:54:20.0542 3156 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:54:20.0542 3156 IPNAT - ok
18:54:20.0667 3156 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:54:20.0667 3156 IRENUM - ok
18:54:20.0729 3156 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:54:20.0729 3156 isapnp - ok
18:54:20.0854 3156 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:54:20.0854 3156 iScsiPrt - ok
18:54:20.0885 3156 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:54:20.0885 3156 iteatapi - ok
18:54:20.0932 3156 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:54:20.0932 3156 iteraid - ok
18:54:20.0979 3156 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:54:20.0979 3156 kbdclass - ok
18:54:21.0166 3156 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:54:21.0166 3156 kbdhid - ok
18:54:21.0229 3156 klmd23 - ok
18:54:21.0353 3156 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:54:21.0353 3156 KSecDD - ok
18:54:21.0431 3156 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:54:21.0431 3156 lltdio - ok
18:54:21.0494 3156 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:54:21.0494 3156 LSI_FC - ok
18:54:21.0525 3156 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:54:21.0525 3156 LSI_SAS - ok
18:54:21.0556 3156 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:54:21.0556 3156 LSI_SCSI - ok
18:54:21.0603 3156 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:54:21.0603 3156 luafv - ok
18:54:21.0665 3156 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
18:54:21.0681 3156 LVPr2Mon - ok
18:54:21.0853 3156 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
18:54:21.0853 3156 LVRS - ok
18:54:22.0352 3156 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
18:54:22.0383 3156 LVUVC - ok
18:54:22.0523 3156 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:54:22.0539 3156 MBAMProtector - ok
18:54:22.0586 3156 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:54:22.0586 3156 megasas - ok
18:54:22.0664 3156 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:54:22.0664 3156 MegaSR - ok
18:54:22.0711 3156 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:54:22.0711 3156 Modem - ok
18:54:22.0882 3156 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:54:22.0882 3156 monitor - ok
18:54:23.0116 3156 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:54:23.0116 3156 mouclass - ok
18:54:23.0397 3156 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:54:23.0397 3156 mouhid - ok
18:54:23.0569 3156 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:54:23.0569 3156 MountMgr - ok
18:54:23.0631 3156 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:54:23.0631 3156 mpio - ok
18:54:24.0005 3156 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:54:24.0005 3156 mpsdrv - ok
18:54:24.0505 3156 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:54:24.0505 3156 Mraid35x - ok
18:54:24.0739 3156 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:54:24.0739 3156 MRxDAV - ok
18:54:24.0910 3156 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:54:24.0910 3156 mrxsmb - ok
18:54:25.0253 3156 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:54:25.0253 3156 mrxsmb10 - ok
18:54:25.0425 3156 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:54:25.0425 3156 mrxsmb20 - ok
18:54:25.0550 3156 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:54:25.0550 3156 msahci - ok
18:54:25.0628 3156 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:54:25.0628 3156 msdsm - ok
18:54:25.0690 3156 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:54:25.0690 3156 Msfs - ok
18:54:25.0768 3156 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:54:25.0768 3156 msisadrv - ok
18:54:25.0940 3156 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:54:25.0940 3156 MSKSSRV - ok
18:54:26.0158 3156 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:54:26.0158 3156 MSPCLOCK - ok
18:54:26.0299 3156 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:54:26.0314 3156 MSPQM - ok
18:54:26.0517 3156 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:54:26.0533 3156 MsRPC - ok
18:54:26.0673 3156 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:54:26.0673 3156 mssmbios - ok
18:54:26.0751 3156 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:54:26.0751 3156 MSTEE - ok
18:54:26.0923 3156 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:54:26.0923 3156 Mup - ok
18:54:27.0094 3156 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:54:27.0094 3156 NativeWifiP - ok
18:54:27.0625 3156 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120206.002\NAVENG.SYS
18:54:27.0625 3156 NAVENG - ok
18:54:28.0061 3156 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120206.002\NAVEX15.SYS
18:54:28.0077 3156 NAVEX15 - ok
18:54:28.0561 3156 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:54:28.0732 3156 NDIS - ok
18:54:28.0873 3156 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:54:28.0873 3156 NdisTapi - ok
18:54:29.0138 3156 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:54:29.0138 3156 Ndisuio - ok
18:54:29.0247 3156 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:54:29.0247 3156 NdisWan - ok
18:54:29.0325 3156 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:54:29.0341 3156 NDProxy - ok
18:54:29.0434 3156 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:54:29.0450 3156 NetBIOS - ok
18:54:29.0543 3156 netbt (838337dccff1cdfba06c53c740a47ccd) C:\Windows\system32\DRIVERS\netbt.sys
18:54:29.0543 3156 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 838337dccff1cdfba06c53c740a47ccd, Fake md5: ecd64230a59cbd93c85f1cd1cab9f3f6
18:54:29.0559 3156 netbt ( Virus.Win32.ZAccess.aml ) - infected
18:54:29.0559 3156 netbt - detected Virus.Win32.ZAccess.aml (0)
18:54:29.0621 3156 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:54:29.0621 3156 nfrd960 - ok
18:54:29.0684 3156 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:54:29.0684 3156 Npfs - ok
18:54:29.0699 3156 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:54:29.0699 3156 nsiproxy - ok
18:54:29.0902 3156 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:54:30.0183 3156 Ntfs - ok
18:54:30.0277 3156 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:54:30.0277 3156 ntrigdigi - ok
18:54:30.0323 3156 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:54:30.0323 3156 Null - ok
18:54:30.0370 3156 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:54:30.0370 3156 nvraid - ok
18:54:30.0401 3156 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:54:30.0417 3156 nvstor - ok
18:54:30.0448 3156 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:54:30.0448 3156 nv_agp - ok
18:54:30.0464 3156 NwlnkFlt - ok
18:54:30.0479 3156 NwlnkFwd - ok
18:54:30.0651 3156 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:54:30.0667 3156 ohci1394 - ok
18:54:30.0760 3156 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:54:30.0760 3156 Parport - ok
18:54:30.0916 3156 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:54:30.0916 3156 partmgr - ok
18:54:30.0979 3156 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:54:30.0979 3156 Parvdm - ok
18:54:31.0103 3156 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:54:31.0103 3156 pci - ok
18:54:31.0259 3156 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:54:31.0259 3156 pciide - ok
18:54:31.0369 3156 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:54:31.0384 3156 pcmcia - ok
18:54:31.0868 3156 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:54:31.0993 3156 PEAUTH - ok
18:54:32.0086 3156 pelmouse (670824151bf5a291d395f57ef2999cbf) C:\Windows\system32\DRIVERS\pelmouse.sys
18:54:32.0086 3156 pelmouse - ok
18:54:32.0273 3156 pelusblf (ee8c61ce8a018a6ad1dfbd90b452e845) C:\Windows\system32\DRIVERS\pelusblf.sys
18:54:32.0273 3156 pelusblf - ok
18:54:32.0648 3156 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:54:32.0663 3156 PptpMiniport - ok
18:54:32.0710 3156 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:54:32.0710 3156 Processor - ok
18:54:32.0804 3156 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:54:32.0819 3156 PSched - ok
18:54:32.0866 3156 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
18:54:32.0866 3156 PxHelp20 - ok
18:54:32.0929 3156 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:54:32.0929 3156 ql2300 - ok
18:54:32.0991 3156 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:54:32.0991 3156 ql40xx - ok
18:54:33.0085 3156 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:54:33.0085 3156 QWAVEdrv - ok
18:54:33.0584 3156 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
18:54:33.0599 3156 R300 - ok
18:54:33.0771 3156 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:54:33.0771 3156 RasAcd - ok
18:54:33.0849 3156 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:54:33.0849 3156 Rasl2tp - ok
18:54:33.0943 3156 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:54:33.0943 3156 RasPppoe - ok
18:54:34.0067 3156 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:54:34.0067 3156 RasSstp - ok
18:54:34.0270 3156 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:54:34.0270 3156 rdbss - ok
18:54:34.0489 3156 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:54:34.0489 3156 RDPCDD - ok
18:54:34.0613 3156 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:54:34.0613 3156 rdpdr - ok
18:54:34.0738 3156 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:54:34.0738 3156 RDPENCDD - ok
18:54:34.0910 3156 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:54:34.0941 3156 RDPWD - ok
18:54:35.0409 3156 rk_remover-boot (1bdb2a8bce998ef9592d7f1ff6e76996) C:\Windows\system32\drivers\rk_remover.sys
18:54:35.0409 3156 rk_remover-boot - ok
18:54:35.0549 3156 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:54:35.0549 3156 rspndr - ok
18:54:35.0721 3156 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:54:35.0721 3156 RTL8169 - ok
18:54:36.0002 3156 RTL8187B (d5d2e9f785fda3c1e021fde9f218c7f5) C:\Windows\system32\DRIVERS\wg111v3.sys
18:54:36.0002 3156 RTL8187B - ok
18:54:36.0111 3156 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
18:54:36.0111 3156 RtlProt - ok
18:54:36.0251 3156 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
18:54:36.0251 3156 RtNdPt60 - ok
18:54:36.0376 3156 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:54:36.0376 3156 sbp2port - ok
18:54:36.0532 3156 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:54:36.0548 3156 secdrv - ok
18:54:36.0610 3156 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:54:36.0610 3156 Serenum - ok
18:54:36.0626 3156 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:54:36.0626 3156 Serial - ok
18:54:36.0657 3156 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:54:36.0657 3156 sermouse - ok
18:54:36.0704 3156 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:54:36.0719 3156 sffdisk - ok
18:54:36.0735 3156 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:54:36.0735 3156 sffp_mmc - ok
18:54:36.0829 3156 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:54:36.0829 3156 sffp_sd - ok
18:54:36.0875 3156 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:54:36.0875 3156 sfloppy - ok
18:54:37.0047 3156 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:54:37.0047 3156 sisagp - ok
18:54:37.0156 3156 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:54:37.0156 3156 SiSRaid2 - ok
18:54:37.0453 3156 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:54:37.0468 3156 SiSRaid4 - ok
18:54:37.0655 3156 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:54:37.0655 3156 Smb - ok
18:54:37.0702 3156 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:54:37.0702 3156 spldr - ok
18:54:37.0889 3156 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
18:54:37.0889 3156 SRTSP - ok
18:54:38.0217 3156 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
18:54:38.0217 3156 SRTSPX - ok
18:54:38.0513 3156 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:54:38.0513 3156 srv - ok
18:54:38.0747 3156 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:54:38.0763 3156 srv2 - ok
18:54:38.0794 3156 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:54:38.0794 3156 srvnet - ok
18:54:38.0872 3156 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:54:38.0872 3156 swenum - ok
18:54:38.0950 3156 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:54:38.0950 3156 Symc8xx - ok
18:54:39.0184 3156 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
18:54:39.0184 3156 SymDS - ok
18:54:40.0027 3156 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
18:54:40.0027 3156 SymEFA - ok
18:54:40.0307 3156 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
18:54:40.0323 3156 SymEvent - ok
18:54:40.0526 3156 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
18:54:40.0526 3156 SymIRON - ok
18:54:41.0025 3156 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
18:54:41.0041 3156 SYMTDIv - ok
18:54:41.0259 3156 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:54:41.0259 3156 Sym_hi - ok
18:54:41.0353 3156 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:54:41.0353 3156 Sym_u3 - ok
18:54:41.0540 3156 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:54:41.0555 3156 Tcpip - ok
18:54:41.0821 3156 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:54:41.0821 3156 Tcpip6 - ok
18:54:41.0961 3156 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:54:41.0961 3156 tcpipreg - ok
18:54:42.0101 3156 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:54:42.0101 3156 TDPIPE - ok
18:54:42.0179 3156 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:54:42.0179 3156 TDTCP - ok
18:54:42.0367 3156 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:54:42.0382 3156 tdx - ok
18:54:42.0523 3156 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:54:42.0538 3156 TermDD - ok
18:54:42.0741 3156 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:54:42.0741 3156 tssecsrv - ok
18:54:43.0053 3156 tunmp (387e5f1a2e0a96faf43f11ea7a7a760e) C:\Windows\system32\DRIVERS\tunmp.sys
18:54:43.0053 3156 tunmp - ok
18:54:43.0303 3156 tunnel (4e2e4203534ebbe07bb8147a8d419143) C:\Windows\system32\DRIVERS\tunnel.sys
18:54:43.0318 3156 tunnel - ok
18:54:43.0381 3156 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:54:43.0381 3156 uagp35 - ok
18:54:43.0552 3156 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:54:43.0552 3156 udfs - ok
18:54:43.0661 3156 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:54:43.0661 3156 uliagpkx - ok
18:54:43.0739 3156 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:54:43.0739 3156 uliahci - ok
18:54:43.0771 3156 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:54:43.0771 3156 UlSata - ok
18:54:43.0802 3156 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:54:43.0802 3156 ulsata2 - ok
18:54:43.0880 3156 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:54:43.0880 3156 umbus - ok
18:54:44.0020 3156 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
18:54:44.0020 3156 USBAAPL - ok
18:54:44.0114 3156 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:54:44.0114 3156 usbaudio - ok
18:54:44.0270 3156 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:54:44.0270 3156 usbccgp - ok
18:54:44.0410 3156 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:54:44.0426 3156 usbcir - ok
18:54:44.0644 3156 usbehci (8d75aec2bba8d041976d1831a03e42fc) C:\Windows\system32\DRIVERS\usbehci.sys
18:54:44.0644 3156 usbehci - ok
18:54:44.0816 3156 usbhub (7ae1e0745b06e9dd5df66ede062bacfa) C:\Windows\system32\DRIVERS\usbhub.sys
18:54:44.0816 3156 usbhub - ok
18:54:44.0972 3156 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:54:44.0972 3156 usbohci - ok
18:54:45.0128 3156 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:54:45.0128 3156 usbprint - ok
18:54:45.0284 3156 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:54:45.0284 3156 usbscan - ok
18:54:45.0471 3156 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:54:45.0471 3156 USBSTOR - ok
18:54:45.0596 3156 usbuhci (407fa9318014a409c4575b77493950c8) C:\Windows\system32\DRIVERS\usbuhci.sys
18:54:45.0596 3156 usbuhci - ok
18:54:45.0736 3156 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
18:54:45.0752 3156 VClone - ok
18:54:45.0877 3156 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:54:45.0877 3156 vga - ok
18:54:45.0908 3156 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:54:45.0908 3156 VgaSave - ok
18:54:45.0923 3156 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:54:45.0939 3156 viaagp - ok
18:54:46.0017 3156 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:54:46.0033 3156 ViaC7 - ok
18:54:46.0048 3156 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:54:46.0064 3156 viaide - ok
18:54:46.0095 3156 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:54:46.0095 3156 volmgr - ok
18:54:46.0235 3156 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:54:46.0235 3156 volmgrx - ok
18:54:46.0423 3156 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:54:46.0423 3156 volsnap - ok
18:54:46.0641 3156 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:54:46.0641 3156 vsmraid - ok
18:54:46.0906 3156 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:54:46.0906 3156 WacomPen - ok
18:54:47.0078 3156 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:54:47.0093 3156 Wanarp - ok
18:54:47.0093 3156 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:54:47.0093 3156 Wanarpv6 - ok
18:54:47.0468 3156 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:54:47.0468 3156 Wd - ok
18:54:47.0717 3156 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:54:47.0811 3156 Wdf01000 - ok
18:54:47.0967 3156 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
18:54:47.0967 3156 WmiAcpi - ok
18:54:48.0029 3156 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:54:48.0029 3156 WpdUsb - ok
18:54:48.0045 3156 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:54:48.0045 3156 ws2ifsl - ok
18:54:48.0123 3156 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
18:54:48.0154 3156 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:54:48.0154 3156 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:54:48.0248 3156 Boot (0x1200) (75e04d574be89ca04eb46d29b07e663d) \Device\Harddisk0\DR0\Partition0
18:54:48.0248 3156 \Device\Harddisk0\DR0\Partition0 - ok
18:54:48.0279 3156 Boot (0x1200) (9a021bc52edab9156b04206941b26ac3) \Device\Harddisk0\DR0\Partition1
18:54:48.0279 3156 \Device\Harddisk0\DR0\Partition1 - ok
18:54:48.0279 3156 ============================================================
18:54:48.0279 3156 Scan finished
18:54:48.0279 3156 ============================================================
18:54:48.0295 3388 Detected object count: 2
18:54:48.0295 3388 Actual detected object count: 2
18:59:45.0187 3388 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
18:59:45.0467 3388 Backup copy found, using it..
18:59:45.0507 3388 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
18:59:49.0347 3388 netbt ( Virus.Win32.ZAccess.aml ) - User select action: Cure
18:59:49.0487 3388 \Device\Harddisk0\DR0\# - copied to quarantine
18:59:49.0487 3388 \Device\Harddisk0\DR0 - copied to quarantine
18:59:49.0657 3388 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:59:49.0687 3388 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:59:49.0697 3388 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:59:49.0717 3388 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:59:49.0737 3388 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:59:49.0747 3388 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:59:49.0757 3388 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:59:49.0757 3388 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:59:49.0767 3388 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:59:49.0767 3388 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:59:49.0787 3388 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
18:59:49.0837 3388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:59:49.0837 3388 \Device\Harddisk0\DR0 - ok
18:59:49.0837 3388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure





Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Emily :: STUDIO_HYBRID [administrator]

2/6/2012 6:29:39 PM
mbam-log-2012-02-06 (18-29-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269760
Time elapsed: 13 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 06 February 2012 - 10:25 PM

Interesting as it wasn't here the other day,which means you just picked it up.

Let's also do these.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

>>>

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Tom Jones

Tom Jones
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 07 February 2012 - 12:16 PM

Thanks for your quick response. Here are the two logs:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 08:58:23
-----------------------------
08:58:23.669 OS Version: Windows 6.0.6002 Service Pack 2
08:58:23.669 Number of processors: 2 586 0x170A
08:58:23.669 ComputerName: STUDIO_HYBRID UserName: Cate
08:58:28.115 Initialize success
09:00:50.390 AVAST engine defs: 12020701
09:03:21.407 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
09:03:21.407 Disk 0 Vendor: ST9160314AS 0003DEM1 Size: 152627MB BusType: 3
09:03:21.422 Disk 0 MBR read successfully
09:03:21.438 Disk 0 MBR scan
09:03:21.438 Disk 0 Windows VISTA default MBR code
09:03:21.453 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
09:03:21.469 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
09:03:21.500 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 137211 MB offset 31569920
09:03:21.516 Disk 0 scanning sectors +312578048
09:03:21.594 Disk 0 scanning C:\Windows\system32\drivers
09:03:36.617 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Sirefef-JQ [Trj]
09:03:40.610 Disk 0 trace - called modules:
09:03:40.626 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x961e2fc0]<<
09:03:40.626 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8601d1e0]
09:03:40.626 3 CLASSPNP.SYS[8b5a98b3] -> nt!IofCallDriver -> [0x881d8208]
09:03:40.626 \Driver\00004358[0x87e4d920] -> IRP_MJ_CREATE -> 0x961e2fc0
09:03:42.014 AVAST engine scan C:\Windows
09:03:46.647 AVAST engine scan C:\Windows\system32
09:09:03.657 AVAST engine scan C:\Windows\system32\drivers
09:09:26.777 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Sirefef-JQ [Trj]
09:09:43.567 AVAST engine scan C:\Users\Cate
09:11:15.128 Disk 0 MBR has been saved successfully to "C:\Users\Cate\Desktop\MBR.dat"
09:11:15.130 The log file has been saved successfully to "C:\Users\Cate\Desktop\aswMBR.txt"


Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
2), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c3700000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:02 PM

Posted 07 February 2012 - 12:28 PM

Hmmmm I'm afraid we mat still have it. Lets move and get it out where its protected,

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Include the aswMBR log above.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users