Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what got me


  • Please log in to reply
6 replies to this topic

#1 merch

merch

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 08 February 2012 - 08:07 AM

I have a firefox plugin that allows the change of host files ("switchhosts")
This plugin also informs you when someone/thing changes the windows host file.

Was generally surfing the other day for help with a work topic.
After clicking a search result in google a message popuped saying that the host file had been changed. next thing I know AVG (business 2012) was alerting trojans and the sorts Along with some windows services crashing.

AVG removed some of the nastys and a malwarebytes found and removed a few things too.

However all is still not well

AVG scan crashes soon as I launch it (message:avg command-line scanning utility has stopped working) - rootkit scanner works and using command prompt to run avg scan seems to work
On windows startup Microsoft©Register server crashes (this also popup when installing new applications)
Other programs randomly crash with message like: notepad has stopped working

Extra info;
OS: Vista ultimate (64bit) service pack 1
Browser: firefox 3.6.26

Any help would be appriciated.

Regards
Andy

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 09 February 2012 - 12:04 AM

Welcome. I feel we should do these next.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 merch

merch
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 09 February 2012 - 04:23 AM

Hi Boopme,

Thanks for the quick reply and assistance.

Please note while performing these steps outlined by you I was running in safemode (with networking), I hope that wont have any implcations If so I can redo in normal boot conditions.

Only MBAW asked for a restart

1.minitoolbox
after downloading the app I closed down FF before running

MiniToolBox by Farbar Version: 18-01-2012
Ran by andrew (administrator) on 09-02-2012 at 09:04:16
Microsoft® Windows Vista™ Ultimate Service Pack 1 (X64)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================






93.152.11.74 curriebarnet.motorplex.co.uk
93.152.11.74 currietwickenham.motorplex.co.uk
93.152.11.74 curriechiswick.motorplex.co.uk
93.152.11.74 currielextwick.motorplex.co.uk
93.152.11.74 outram.motorplex.co.uk
174.133.130.2 www.agnito.co.uk
174.133.130.2 www.sonospro.co.uk



127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ANDREW-PC
Primary Dns Suffix . . . . . . . : SilverDisc.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : SilverDisc.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : SilverDisc.local
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-24-1D-85-8E-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d0c8:402:fe10:452%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 February 2012 12:29:40
Lease Expires . . . . . . . . . . : 17 February 2012 09:01:19
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.2
DNS Servers . . . . . . . . . . . : 192.168.1.2
217.20.29.2
217.20.22.2
212.139.132.43
212.139.132.44
158.43.240.3
Primary WINS Server . . . . . . . : 192.168.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.SilverDisc.local
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: sdserverdc.silverdisc.local
Address: 192.168.1.2

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 173.194.34.17
173.194.34.18
173.194.34.19
173.194.34.20
173.194.34.16



Pinging google.com [173.194.34.17] with 32 bytes of data:

Reply from 173.194.34.17: bytes=32 time=25ms TTL=49

Reply from 173.194.34.17: bytes=32 time=24ms TTL=49



Ping statistics for 173.194.34.17:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 25ms, Average = 24ms

Server: sdserverdc.silverdisc.local
Address: 192.168.1.2

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=149ms TTL=47

Reply from 209.191.122.70: bytes=32 time=149ms TTL=47



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 149ms, Maximum = 149ms, Average = 149ms

Server: sdserverdc.silverdisc.local
Address: 192.168.1.2

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 24 1d 85 8e 01 ...... NVIDIA nForce Networking Controller
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.SilverDisc.local
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.11 276
192.168.1.11 255.255.255.255 On-link 192.168.1.11 276
192.168.1.255 255.255.255.255 On-link 192.168.1.11 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.11 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.11 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::d0c8:402:fe10:452/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
Catalog9 02 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
Catalog9 03 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
Catalog9 04 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
Catalog9 05 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
Catalog9 06 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
Catalog9 07 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
Catalog9 08 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
Catalog9 09 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
Catalog9 10 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Program Files (x86)\NetLimiter\nl_lsp.dll [81920] ()
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/08/2012 00:30:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2012 00:30:18 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/08/2012 00:26:35 PM) (Source: Application Error) (User: )
Description: Faulting application HousecallLauncher64.exe, version 1.50.0.1154, time stamp 0x4e1d0922, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000000075265eb8,
process id 0x17a8, application start time 0xHousecallLauncher64.exe0.

Error: (02/08/2012 00:26:03 PM) (Source: Application Error) (User: )
Description: Faulting application wow_helper.exe, version 0.0.0.0, time stamp 0x4988982b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000000075265eb8,
process id 0x1654, application start time 0xwow_helper.exe0.

Error: (02/08/2012 00:26:02 PM) (Source: Application Error) (User: )
Description: Faulting application wow_helper.exe, version 0.0.0.0, time stamp 0x4988982b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000000075265eb8,
process id 0x15e0, application start time 0xwow_helper.exe0.

Error: (02/08/2012 00:26:00 PM) (Source: Application Error) (User: )
Description: Faulting application wow_helper.exe, version 0.0.0.0, time stamp 0x4988982b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000000075265eb8,
process id 0x1588, application start time 0xwow_helper.exe0.

Error: (02/08/2012 00:25:30 PM) (Source: Application Error) (User: )
Description: Faulting application wow_helper.exe, version 0.0.0.0, time stamp 0x4988982b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000000075265eb8,
process id 0x1310, application start time 0xwow_helper.exe0.

Error: (02/08/2012 00:17:14 PM) (Source: Application Error) (User: )
Description: Faulting application avgscana.exe, version 12.0.0.1773, time stamp 0x4e375e6e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000000075265eb8,
process id 0x11cc, application start time 0xavgscana.exe0.

Error: (02/08/2012 00:14:04 PM) (Source: Application Error) (User: )
Description: Faulting application regsvr32.exe, version 6.0.6000.16386, time stamp 0x4549bf8f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000000075265eb8,
process id 0x970, application start time 0xregsvr32.exe0.

Error: (02/08/2012 00:11:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (02/08/2012 00:30:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2012 00:30:18 PM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/08/2012 00:26:35 PM) (Source: Application Error)(User: )
Description: HousecallLauncher64.exe1.50.0.11544e1d0922unknown0.0.0.000000000c00000050000000075265eb817a801cce65ce609ed1d

Error: (02/08/2012 00:26:03 PM) (Source: Application Error)(User: )
Description: wow_helper.exe0.0.0.04988982bunknown0.0.0.000000000c00000050000000075265eb8165401cce65cd2c6702d

Error: (02/08/2012 00:26:02 PM) (Source: Application Error)(User: )
Description: wow_helper.exe0.0.0.04988982bunknown0.0.0.000000000c00000050000000075265eb815e001cce65cd1f53d7d

Error: (02/08/2012 00:26:00 PM) (Source: Application Error)(User: )
Description: wow_helper.exe0.0.0.04988982bunknown0.0.0.000000000c00000050000000075265eb8158801cce65cd0f7f1bd

Error: (02/08/2012 00:25:30 PM) (Source: Application Error)(User: )
Description: wow_helper.exe0.0.0.04988982bunknown0.0.0.000000000c00000050000000075265eb8131001cce65cbf18237d

Error: (02/08/2012 00:17:14 PM) (Source: Application Error)(User: )
Description: avgscana.exe12.0.0.17734e375e6eunknown0.0.0.000000000c00000050000000075265eb811cc01cce65b96c0470d

Error: (02/08/2012 00:14:04 PM) (Source: Application Error)(User: )
Description: regsvr32.exe6.0.6000.163864549bf8funknown0.0.0.000000000c00000050000000075265eb897001cce65b240acc8d

Error: (02/08/2012 00:11:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Canon MP510
CPUID CPU-Z 1.57.1
Google Chrome (Version: 16.0.912.77)
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
NVIDIA Drivers (Version: 1.3)
Paint.NET v3.5.10 (Version: 3.60.0)
Spotify (Version: 0.8.1.64.g5c5914e3)
Unity Web Player (Version: )
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 3069.76 MB
Available physical RAM: 2010.11 MB
Total Pagefile: 7006.06 MB
Available Pagefile: 6229.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 4000.9 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:232.88 GB) (Free:107.5 GB) NTFS
4 Drive u: (Data) (Network) (Total:136.51 GB) (Free:49.28 GB) NTFS
5 Drive y: (Data) (Network) (Total:136.51 GB) (Free:49.28 GB) NTFS
6 Drive z: (Data) (Network) (Total:136.51 GB) (Free:49.28 GB) NTFS

========================= Users: ========================================

User accounts for \\ANDREW-PC

Administrator Guest


**** End of log ****

2.tdsskiller results
nothing found no re-boot required

09:07:19.0775 1524 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
09:07:19.0885 1524 ============================================================
09:07:19.0885 1524 Current date / time: 2012/02/09 09:07:19.0885
09:07:19.0885 1524 SystemInfo:
09:07:19.0885 1524
09:07:19.0885 1524 OS Version: 6.0.6001 ServicePack: 1.0
09:07:19.0885 1524 Product type: Workstation
09:07:19.0885 1524 ComputerName: ANDREW-PC
09:07:19.0885 1524 UserName: andrew
09:07:19.0885 1524 Windows directory: C:\Windows
09:07:19.0885 1524 System windows directory: C:\Windows
09:07:19.0885 1524 Running under WOW64
09:07:19.0885 1524 Processor architecture: Intel x64
09:07:19.0885 1524 Number of processors: 4
09:07:19.0885 1524 Page size: 0x1000
09:07:19.0885 1524 Boot type: Safe boot with network
09:07:19.0885 1524 ============================================================
09:07:20.0945 1524 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:07:20.0945 1524 \Device\Harddisk0\DR0:
09:07:20.0945 1524 MBR used
09:07:20.0945 1524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4000
09:07:20.0961 1524 Initialize success
09:07:20.0961 1524 ============================================================
09:07:57.0512 1548 ============================================================
09:07:57.0512 1548 Scan started
09:07:57.0512 1548 Mode: Manual; TDLFS;
09:07:57.0512 1548 ============================================================
09:07:59.0119 1548 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
09:07:59.0134 1548 ACPI - ok
09:07:59.0165 1548 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
09:07:59.0165 1548 adp94xx - ok
09:07:59.0259 1548 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
09:07:59.0259 1548 adpahci - ok
09:07:59.0275 1548 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
09:07:59.0275 1548 adpu160m - ok
09:07:59.0321 1548 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
09:07:59.0337 1548 adpu320 - ok
09:07:59.0524 1548 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
09:07:59.0540 1548 AFD - ok
09:07:59.0587 1548 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
09:07:59.0587 1548 agp440 - ok
09:07:59.0649 1548 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
09:07:59.0649 1548 aic78xx - ok
09:07:59.0665 1548 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
09:07:59.0665 1548 aliide - ok
09:07:59.0680 1548 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
09:07:59.0680 1548 amdide - ok
09:07:59.0727 1548 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
09:07:59.0727 1548 AmdK8 - ok
09:07:59.0836 1548 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
09:07:59.0836 1548 arc - ok
09:07:59.0883 1548 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
09:07:59.0883 1548 arcsas - ok
09:07:59.0930 1548 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
09:07:59.0945 1548 AsyncMac - ok
09:07:59.0977 1548 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
09:07:59.0992 1548 atapi - ok
09:08:00.0101 1548 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:08:00.0101 1548 AVGIDSDriver - ok
09:08:00.0164 1548 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:08:00.0164 1548 AVGIDSEH - ok
09:08:00.0179 1548 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:08:00.0179 1548 AVGIDSFilter - ok
09:08:00.0226 1548 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
09:08:00.0226 1548 Avgldx64 - ok
09:08:00.0335 1548 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:08:00.0335 1548 Avgmfx64 - ok
09:08:00.0398 1548 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
09:08:00.0398 1548 Avgrkx64 - ok
09:08:00.0445 1548 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
09:08:00.0445 1548 blbdrive - ok
09:08:00.0538 1548 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
09:08:00.0538 1548 bowser - ok
09:08:00.0569 1548 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
09:08:00.0585 1548 BrFiltLo - ok
09:08:00.0601 1548 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
09:08:00.0601 1548 BrFiltUp - ok
09:08:00.0679 1548 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
09:08:00.0679 1548 Brserid - ok
09:08:00.0710 1548 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
09:08:00.0725 1548 BrSerWdm - ok
09:08:00.0757 1548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
09:08:00.0757 1548 BrUsbMdm - ok
09:08:00.0803 1548 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
09:08:00.0803 1548 BrUsbSer - ok
09:08:00.0881 1548 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
09:08:00.0881 1548 BTHMODEM - ok
09:08:00.0928 1548 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
09:08:00.0928 1548 cdfs - ok
09:08:00.0959 1548 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
09:08:00.0959 1548 cdrom - ok
09:08:01.0006 1548 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
09:08:01.0006 1548 circlass - ok
09:08:01.0069 1548 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
09:08:01.0069 1548 CLFS - ok
09:08:01.0147 1548 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
09:08:01.0147 1548 cmdide - ok
09:08:01.0209 1548 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
09:08:01.0209 1548 Compbatt - ok
09:08:01.0318 1548 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
09:08:01.0318 1548 cpuz135 - ok
09:08:01.0334 1548 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
09:08:01.0349 1548 crcdisk - ok
09:08:01.0412 1548 CSC (a25e4dd707714da07fe1febf1dc91d86) C:\Windows\system32\drivers\csc.sys
09:08:01.0412 1548 CSC - ok
09:08:01.0505 1548 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
09:08:01.0505 1548 DfsC - ok
09:08:01.0568 1548 DgiVecp - ok
09:08:01.0615 1548 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
09:08:01.0615 1548 disk - ok
09:08:01.0661 1548 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
09:08:01.0661 1548 drmkaud - ok
09:08:01.0755 1548 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
09:08:01.0755 1548 DXGKrnl - ok
09:08:01.0849 1548 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:08:01.0849 1548 E1G60 - ok
09:08:01.0927 1548 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
09:08:01.0927 1548 Ecache - ok
09:08:01.0989 1548 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
09:08:01.0989 1548 elxstor - ok
09:08:02.0005 1548 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
09:08:02.0005 1548 ErrDev - ok
09:08:02.0114 1548 ewusbnet (53913561a7089c9a4649ce4e42f6101b) C:\Windows\system32\DRIVERS\ewusbnet.sys
09:08:02.0114 1548 ewusbnet - ok
09:08:02.0161 1548 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
09:08:02.0176 1548 exfat - ok
09:08:02.0207 1548 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
09:08:02.0207 1548 fastfat - ok
09:08:02.0239 1548 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
09:08:02.0239 1548 fdc - ok
09:08:02.0301 1548 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
09:08:02.0301 1548 FileInfo - ok
09:08:02.0332 1548 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
09:08:02.0332 1548 Filetrace - ok
09:08:02.0363 1548 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:08:02.0363 1548 flpydisk - ok
09:08:02.0379 1548 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
09:08:02.0395 1548 FltMgr - ok
09:08:02.0426 1548 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
09:08:02.0426 1548 Fs_Rec - ok
09:08:02.0457 1548 fvevol (5cd88ce69bc24e5cfc0edcfc338b79e1) C:\Windows\system32\DRIVERS\fvevol.sys
09:08:02.0457 1548 fvevol - ok
09:08:02.0473 1548 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
09:08:02.0473 1548 gagp30kx - ok
09:08:02.0519 1548 gdrv (5ea3b256225d79a4b07a2cac6276b23d) C:\Windows\gdrv.sys
09:08:02.0519 1548 gdrv - ok
09:08:02.0629 1548 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
09:08:02.0629 1548 HdAudAddService - ok
09:08:02.0660 1548 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:08:02.0660 1548 HDAudBus - ok
09:08:02.0675 1548 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
09:08:02.0675 1548 HidBth - ok
09:08:02.0738 1548 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
09:08:02.0738 1548 HidIr - ok
09:08:02.0785 1548 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
09:08:02.0785 1548 HidUsb - ok
09:08:02.0894 1548 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
09:08:02.0894 1548 HpCISSs - ok
09:08:02.0956 1548 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
09:08:02.0972 1548 HTTP - ok
09:08:03.0050 1548 hwdatacard (d96a290f699081ae737390c0fe329d7c) C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:08:03.0050 1548 hwdatacard - ok
09:08:03.0112 1548 hwusbfake (e0c7255498640fc64b19aae17fd6f965) C:\Windows\system32\DRIVERS\ewusbfake.sys
09:08:03.0112 1548 hwusbfake - ok
09:08:03.0159 1548 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
09:08:03.0159 1548 i2omp - ok
09:08:03.0253 1548 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
09:08:03.0253 1548 i8042prt - ok
09:08:03.0284 1548 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
09:08:03.0284 1548 iaStorV - ok
09:08:03.0315 1548 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
09:08:03.0315 1548 iirsp - ok
09:08:03.0377 1548 IntcAzAudAddService (f8e3ed589e9e831aad363410c07c1411) C:\Windows\system32\drivers\RTKVHD64.sys
09:08:03.0393 1548 IntcAzAudAddService - ok
09:08:03.0471 1548 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
09:08:03.0487 1548 intelide - ok
09:08:03.0502 1548 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
09:08:03.0518 1548 intelppm - ok
09:08:03.0549 1548 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:08:03.0549 1548 IpFilterDriver - ok
09:08:03.0549 1548 IpInIp - ok
09:08:03.0565 1548 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
09:08:03.0565 1548 IPMIDRV - ok
09:08:03.0580 1548 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
09:08:03.0580 1548 IPNAT - ok
09:08:03.0674 1548 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
09:08:03.0674 1548 IRENUM - ok
09:08:03.0721 1548 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
09:08:03.0721 1548 isapnp - ok
09:08:03.0752 1548 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
09:08:03.0752 1548 iScsiPrt - ok
09:08:03.0783 1548 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
09:08:03.0783 1548 iteatapi - ok
09:08:03.0861 1548 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
09:08:03.0861 1548 iteraid - ok
09:08:03.0892 1548 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
09:08:03.0892 1548 kbdclass - ok
09:08:03.0908 1548 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:08:03.0908 1548 kbdhid - ok
09:08:03.0970 1548 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
09:08:03.0970 1548 KSecDD - ok
09:08:04.0017 1548 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
09:08:04.0017 1548 ksthunk - ok
09:08:04.0048 1548 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
09:08:04.0048 1548 lltdio - ok
09:08:04.0173 1548 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
09:08:04.0173 1548 LMIInfo - ok
09:08:04.0282 1548 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
09:08:04.0282 1548 lmimirr - ok
09:08:04.0298 1548 LMIRfsClientNP - ok
09:08:04.0298 1548 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
09:08:04.0313 1548 LMIRfsDriver - ok
09:08:04.0345 1548 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
09:08:04.0345 1548 LSI_FC - ok
09:08:04.0376 1548 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
09:08:04.0376 1548 LSI_SAS - ok
09:08:04.0438 1548 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
09:08:04.0454 1548 LSI_SCSI - ok
09:08:04.0485 1548 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
09:08:04.0485 1548 luafv - ok
09:08:04.0532 1548 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
09:08:04.0532 1548 megasas - ok
09:08:04.0625 1548 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
09:08:04.0625 1548 MegaSR - ok
09:08:04.0641 1548 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
09:08:04.0641 1548 Modem - ok
09:08:04.0672 1548 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
09:08:04.0672 1548 monitor - ok
09:08:04.0703 1548 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
09:08:04.0703 1548 mouclass - ok
09:08:04.0766 1548 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
09:08:04.0766 1548 mouhid - ok
09:08:04.0781 1548 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
09:08:04.0781 1548 MountMgr - ok
09:08:04.0828 1548 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
09:08:04.0828 1548 mpio - ok
09:08:04.0875 1548 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
09:08:04.0875 1548 mpsdrv - ok
09:08:04.0937 1548 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
09:08:04.0937 1548 Mraid35x - ok
09:08:04.0953 1548 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
09:08:04.0953 1548 MRxDAV - ok
09:08:05.0000 1548 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:08:05.0015 1548 mrxsmb - ok
09:08:05.0078 1548 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:08:05.0078 1548 mrxsmb10 - ok
09:08:05.0093 1548 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:08:05.0093 1548 mrxsmb20 - ok
09:08:05.0171 1548 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
09:08:05.0171 1548 msahci - ok
09:08:05.0187 1548 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
09:08:05.0187 1548 msdsm - ok
09:08:05.0234 1548 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
09:08:05.0234 1548 Msfs - ok
09:08:05.0312 1548 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
09:08:05.0312 1548 msisadrv - ok
09:08:05.0343 1548 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
09:08:05.0343 1548 MSKSSRV - ok
09:08:05.0390 1548 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
09:08:05.0390 1548 MSPCLOCK - ok
09:08:05.0421 1548 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
09:08:05.0421 1548 MSPQM - ok
09:08:05.0499 1548 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
09:08:05.0499 1548 MsRPC - ok
09:08:05.0530 1548 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
09:08:05.0530 1548 mssmbios - ok
09:08:05.0546 1548 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
09:08:05.0546 1548 MSTEE - ok
09:08:05.0561 1548 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
09:08:05.0561 1548 Mup - ok
09:08:05.0608 1548 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
09:08:05.0608 1548 NativeWifiP - ok
09:08:05.0686 1548 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
09:08:05.0702 1548 NDIS - ok
09:08:05.0702 1548 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
09:08:05.0702 1548 NdisTapi - ok
09:08:05.0733 1548 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
09:08:05.0733 1548 Ndisuio - ok
09:08:05.0749 1548 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
09:08:05.0749 1548 NdisWan - ok
09:08:05.0811 1548 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
09:08:05.0811 1548 NDProxy - ok
09:08:05.0873 1548 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
09:08:05.0873 1548 NetBIOS - ok
09:08:05.0920 1548 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
09:08:05.0920 1548 netbt - ok
09:08:05.0951 1548 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
09:08:05.0951 1548 nfrd960 - ok
09:08:06.0014 1548 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
09:08:06.0014 1548 Npfs - ok
09:08:06.0029 1548 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
09:08:06.0029 1548 nsiproxy - ok
09:08:06.0076 1548 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
09:08:06.0092 1548 Ntfs - ok
09:08:06.0092 1548 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
09:08:06.0092 1548 Null - ok
09:08:06.0185 1548 NVENETFD (ae17aae41fc47ada0b989d1fa6fba60b) C:\Windows\system32\DRIVERS\nvmfdx64.sys
09:08:06.0201 1548 NVENETFD - ok
09:08:06.0404 1548 nvlddmkm (fd8cd0e7a3045ee6e4c3a3694cdf7f39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:08:06.0575 1548 nvlddmkm - ok
09:08:06.0653 1548 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
09:08:06.0653 1548 nvraid - ok
09:08:06.0685 1548 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
09:08:06.0685 1548 nvstor - ok
09:08:06.0731 1548 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
09:08:06.0731 1548 nv_agp - ok
09:08:06.0747 1548 NwlnkFlt - ok
09:08:06.0747 1548 NwlnkFwd - ok
09:08:06.0778 1548 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
09:08:06.0778 1548 ohci1394 - ok
09:08:06.0872 1548 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
09:08:06.0872 1548 Parport - ok
09:08:06.0950 1548 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
09:08:06.0950 1548 partmgr - ok
09:08:06.0965 1548 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
09:08:06.0965 1548 pci - ok
09:08:06.0981 1548 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
09:08:06.0981 1548 pciide - ok
09:08:07.0043 1548 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
09:08:07.0043 1548 pcmcia - ok
09:08:07.0075 1548 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
09:08:07.0075 1548 PEAUTH - ok
09:08:07.0153 1548 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
09:08:07.0153 1548 PptpMiniport - ok
09:08:07.0215 1548 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
09:08:07.0215 1548 Processor - ok
09:08:07.0246 1548 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
09:08:07.0246 1548 PSched - ok
09:08:07.0309 1548 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
09:08:07.0309 1548 ql2300 - ok
09:08:07.0402 1548 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
09:08:07.0402 1548 ql40xx - ok
09:08:07.0433 1548 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
09:08:07.0433 1548 QWAVEdrv - ok
09:08:07.0449 1548 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
09:08:07.0449 1548 RasAcd - ok
09:08:07.0527 1548 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:08:07.0527 1548 Rasl2tp - ok
09:08:07.0543 1548 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
09:08:07.0543 1548 RasPppoe - ok
09:08:07.0558 1548 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
09:08:07.0558 1548 RasSstp - ok
09:08:07.0574 1548 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
09:08:07.0574 1548 rdbss - ok
09:08:07.0589 1548 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:08:07.0589 1548 RDPCDD - ok
09:08:07.0652 1548 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\DRIVERS\rdpdr.sys
09:08:07.0652 1548 rdpdr - ok
09:08:07.0667 1548 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
09:08:07.0667 1548 RDPENCDD - ok
09:08:07.0683 1548 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
09:08:07.0683 1548 RDPWD - ok
09:08:07.0714 1548 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
09:08:07.0714 1548 rspndr - ok
09:08:07.0792 1548 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
09:08:07.0792 1548 sbp2port - ok
09:08:07.0823 1548 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:08:07.0823 1548 secdrv - ok
09:08:07.0855 1548 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
09:08:07.0855 1548 Serenum - ok
09:08:07.0901 1548 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
09:08:07.0901 1548 Serial - ok
09:08:07.0917 1548 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
09:08:07.0917 1548 sermouse - ok
09:08:07.0995 1548 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
09:08:07.0995 1548 sffdisk - ok
09:08:08.0011 1548 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
09:08:08.0011 1548 sffp_mmc - ok
09:08:08.0026 1548 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
09:08:08.0026 1548 sffp_sd - ok
09:08:08.0042 1548 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
09:08:08.0042 1548 sfloppy - ok
09:08:08.0073 1548 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
09:08:08.0073 1548 SiSRaid2 - ok
09:08:08.0135 1548 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
09:08:08.0151 1548 SiSRaid4 - ok
09:08:08.0167 1548 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
09:08:08.0167 1548 Smb - ok
09:08:08.0198 1548 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
09:08:08.0198 1548 spldr - ok
09:08:08.0276 1548 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
09:08:08.0276 1548 srv - ok
09:08:08.0369 1548 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
09:08:08.0369 1548 srv2 - ok
09:08:08.0385 1548 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
09:08:08.0385 1548 srvnet - ok
09:08:08.0401 1548 SSPORT - ok
09:08:08.0463 1548 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
09:08:08.0463 1548 swenum - ok
09:08:08.0494 1548 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
09:08:08.0494 1548 Symc8xx - ok
09:08:08.0510 1548 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
09:08:08.0525 1548 Sym_hi - ok
09:08:08.0541 1548 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
09:08:08.0541 1548 Sym_u3 - ok
09:08:08.0572 1548 TBPanel - ok
09:08:08.0681 1548 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
09:08:08.0697 1548 Tcpip - ok
09:08:08.0713 1548 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
09:08:08.0728 1548 Tcpip6 - ok
09:08:08.0744 1548 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
09:08:08.0744 1548 tcpipreg - ok
09:08:08.0791 1548 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
09:08:08.0791 1548 TDPIPE - ok
09:08:08.0853 1548 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
09:08:08.0853 1548 TDTCP - ok
09:08:08.0869 1548 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
09:08:08.0869 1548 tdx - ok
09:08:08.0931 1548 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
09:08:08.0931 1548 TermDD - ok
09:08:08.0978 1548 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:08:08.0978 1548 tssecsrv - ok
09:08:09.0056 1548 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
09:08:09.0056 1548 tunmp - ok
09:08:09.0149 1548 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
09:08:09.0149 1548 tunnel - ok
09:08:09.0181 1548 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
09:08:09.0181 1548 uagp35 - ok
09:08:09.0243 1548 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
09:08:09.0243 1548 udfs - ok
09:08:09.0290 1548 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
09:08:09.0290 1548 uliagpkx - ok
09:08:09.0321 1548 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
09:08:09.0321 1548 uliahci - ok
09:08:09.0399 1548 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
09:08:09.0399 1548 UlSata - ok
09:08:09.0461 1548 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
09:08:09.0461 1548 ulsata2 - ok
09:08:09.0493 1548 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
09:08:09.0493 1548 umbus - ok
09:08:09.0586 1548 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys
09:08:09.0586 1548 usbaudio - ok
09:08:09.0617 1548 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
09:08:09.0633 1548 usbccgp - ok
09:08:09.0664 1548 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
09:08:09.0664 1548 usbcir - ok
09:08:09.0727 1548 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
09:08:09.0727 1548 usbehci - ok
09:08:09.0742 1548 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
09:08:09.0758 1548 usbhub - ok
09:08:09.0773 1548 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
09:08:09.0773 1548 usbohci - ok
09:08:09.0836 1548 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
09:08:09.0836 1548 usbprint - ok
09:08:09.0883 1548 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:08:09.0883 1548 USBSTOR - ok
09:08:09.0929 1548 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
09:08:09.0945 1548 usbuhci - ok
09:08:09.0992 1548 usb_rndisx (567d09d1c41809550ece9ed22d6d612b) C:\Windows\system32\DRIVERS\usb8023x.sys
09:08:09.0992 1548 usb_rndisx - ok
09:08:10.0070 1548 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
09:08:10.0070 1548 vga - ok
09:08:10.0132 1548 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
09:08:10.0132 1548 VgaSave - ok
09:08:10.0163 1548 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
09:08:10.0163 1548 viaide - ok
09:08:10.0226 1548 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
09:08:10.0226 1548 volmgr - ok
09:08:10.0257 1548 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
09:08:10.0273 1548 volmgrx - ok
09:08:10.0288 1548 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
09:08:10.0288 1548 volsnap - ok
09:08:10.0366 1548 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
09:08:10.0366 1548 vsmraid - ok
09:08:10.0413 1548 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
09:08:10.0413 1548 WacomPen - ok
09:08:10.0444 1548 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
09:08:10.0444 1548 Wanarp - ok
09:08:10.0444 1548 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
09:08:10.0444 1548 Wanarpv6 - ok
09:08:10.0507 1548 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
09:08:10.0507 1548 Wd - ok
09:08:10.0569 1548 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
09:08:10.0585 1548 Wdf01000 - ok
09:08:10.0663 1548 winusb (2215b7b794b3b7e5cc9fc423e985e2aa) C:\Windows\system32\DRIVERS\winusb.sys
09:08:10.0663 1548 winusb - ok
09:08:10.0725 1548 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:08:10.0725 1548 WmiAcpi - ok
09:08:10.0787 1548 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
09:08:10.0787 1548 WpdUsb - ok
09:08:10.0834 1548 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
09:08:10.0834 1548 ws2ifsl - ok
09:08:10.0865 1548 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:08:10.0881 1548 WUDFRd - ok
09:08:10.0959 1548 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:08:11.0084 1548 \Device\Harddisk0\DR0 - ok
09:08:11.0099 1548 Boot (0x1200) (052cdecbd26aaea17f6b88b7da43d481) \Device\Harddisk0\DR0\Partition0
09:08:11.0099 1548 \Device\Harddisk0\DR0\Partition0 - ok
09:08:11.0099 1548 ============================================================
09:08:11.0099 1548 Scan finished
09:08:11.0099 1548 ============================================================
09:08:11.0115 0552 Detected object count: 0
09:08:11.0115 0552 Actual detected object count: 0
09:08:45.0061 1956 Deinitialize success

3.Malware anti-bytes
7 items detected

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.07.04

Windows Vista Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.6001.18000
andrew :: ANDREW-PC [administrator]

09/02/2012 09:11:45
mbam-log-2012-02-09 (09-11-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263692
Time elapsed: 11 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Spyware.Password) -> Data: C:\Users\andrew\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Spyware.Password) -> Data: C:\Users\andrew\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\andrew\AppData\Local\dplaysvr.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\andrew\Local Settings\dplaysvr.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\andrew\Local Settings\dplayx.dll (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\andrew\Local Settings\Application Data\dplaysvr.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\andrew\Local Settings\Application Data\dplayx.dll (Spyware.Password) -> Quarantined and deleted successfully.

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 09 February 2012 - 10:48 AM

Hello again.... do you know/use these and are you in the UK?

93.152.11.74 curriebarnet.motorplex.co.uk
93.152.11.74 currietwickenham.motorplex.co.uk
93.152.11.74 curriechiswick.motorplex.co.uk
93.152.11.74 currielextwick.motorplex.co.uk
93.152.11.74 outram.motorplex.co.uk
174.133.130.2 www.agnito.co.uk
174.133.130.2 www.sonospro.co.uk

If that is AVG free we may change it.
We will run these now...

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.




Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 merch

merch
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 10 February 2012 - 04:24 AM

Hi boopme,

Yes I know these domains in my host file and yes im in the UK.
Forgot to mention in my first post that when my host files were changed by the trojan/virus both a record for google and bing were added pointing to malicious IP's however the switchhost plugin i have on Firefox automaticaly replaced these with my default host file which has those 7 sites you pointed out.

First batch of scan/fixes have recoverd AVG from crashing on scanning also I've not had any microsoft© register server issues.


ESET report

C:\$Recycle.Bin\S-1-5-21-1870062909-4000082199-1247557346-1493\$RL35A2R.rar probably a variant of Win32/Agent.YRFVW trojan deleted - quarantined
C:\Users\andrew\AppData\Local\Temp\jar_cache3044507293386934188.tmp a variant of J2ME/Agent.AA trojan deleted - quarantined
C:\Users\andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5550c98b-3c6a2b44 Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\andrew\Desktop\clients\ben pdfs\Freeware_PrimoPDF.exe Win32/OpenCandy application deleted - quarantined

aswMBR report

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-10 09:20:50
-----------------------------
09:20:50.708 OS Version: Windows x64 6.0.6001 Service Pack 1
09:20:50.708 Number of processors: 4 586 0x170A
09:20:50.709 ComputerName: ANDREW-PC UserName: andrew
09:20:52.105 Initialize success
09:21:14.499 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-3
09:21:14.500 Disk 0 Vendor: ExcelStor_Technology_J9250S GM2OA52A Size: 238474MB BusType: 3
09:21:14.513 Disk 0 MBR read successfully
09:21:14.514 Disk 0 MBR scan
09:21:14.515 Disk 0 Windows VISTA default MBR code
09:21:14.523 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 2048
09:21:14.526 Service scanning
09:21:16.256 Modules scanning
09:21:16.260 Disk 0 trace - called modules:
09:21:16.304 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
09:21:16.306 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003697790]
09:21:16.308 3 CLASSPNP.SYS[fffffa6000b94b3a] -> nt!IofCallDriver -> [0xfffffa80028c2410]
09:21:16.310 5 acpi.sys[fffffa60008f4ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-3[0xfffffa8003404060]
09:21:16.312 Scan finished successfully
09:21:25.240 Disk 0 MBR has been saved successfully to "C:\Users\andrew\Desktop\MBR.dat"
09:21:25.249 The log file has been saved successfully to "C:\Users\andrew\Desktop\aswMBR.txt"

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 10 February 2012 - 11:18 AM

All looks good here!If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 merch

merch
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 13 February 2012 - 07:03 AM

Everything is looking ok for now :)

Thanks for your help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users