Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check Virus Windows 7


  • Please log in to reply
15 replies to this topic

#1 bjk360

bjk360

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 25 February 2012 - 12:12 AM

Greetings,

Recently my computer acquired the System Check virus. I tried to get on the net and research what to do to remove it and had marginal luck. The virus has made it so that I cannot get on the net so I am using another pc. Here is the short version of what I did.

Researched the topic
Downloaded Malwarebytes
Downloaded Rkill
Downloaded Unhide
Downloaded Avast
Downloaded SuperAntispyware

I ran them each seperately but Im not sure this is the correct way to do it from reading some of the previous examples of fixing the issue, but I didnt know this until after I ran them.

I can give a more accurate list of what was done if you wish. I have not been able to get rid of the virus. It was then today that I found your site here with a good thread on fixing this issue. My question to you is, what do I need to do to fix this? There are several sites that want you to download some kind of software but I am leary of them. There is one site that says I need to erase registry entries but I am not adept at doing anything with the registry. I feel that you are one of the only trustworthy sites. Another question is, should I go ahead and move all my files to a external drive before doing anything else?

Your help will be most appreciated.

Edited by hamluis, 25 February 2012 - 06:08 AM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 bjk360

bjk360
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 25 February 2012 - 12:24 AM

Looks like I posted this in the wrong forum by mistake. I do apologise.

Mod Edit: No problem, I moved to Am I Infected ~ Hamluis.

Edited by hamluis, 25 February 2012 - 06:09 AM.


#3 bjk360

bjk360
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 25 February 2012 - 01:16 PM

Greetings,

I stayed up and got to looking around and found the following files:

g7ilfeiU7c8cHn
g7ilfeiU7c8cHn.exe
wpyigYDfWj.exe

I changed the permissions for all there files to deny and the computer is back to normal (as far as I can tell). I know that the files are still there and Avast so far has discovered them, where as before I changed the permissions, it did not see them. What do you suggest from this point?

Best Wishes,
B

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 AM

Posted 26 February 2012 - 06:49 PM

Hello,did you also run the SUPER... scan?
The proceedure for these is to


Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode


RUN RKill/ do not reboot till all scans are done. If reboot occurs re run Rkill before the next scan.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



>>>
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 bjk360

bjk360
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 27 February 2012 - 05:41 PM

Greetings,

I followed the list of what to do and got the reports/logs as requested. Should I post them in this forum? They are lengthy and I remember seeing somewhere that certain things should not be posted in certain forums.

You had asked if I ran SuperAntiSpyware. I ran it early on and it discovered a few things that it delete/removed. But not since I posted on here.

Some background and observations I did not include in the original post:

(1) When getting to the screen where you can choose Safe Mode reboot, there is an option above Safe Mode that says 'Repair Your Computer'. I don't recall seeing this before. Is this normal? I did not choose that option.

(2) I have been using System Mechanic for some time and also System Shield which are both from Iolo. System Mechanic has a feature called System Guard that is supposed to let you know when something tries to install itself on your system. System Shield has been the only antivirus program Ive used until this infection.

(3) I use Safari as my primary browser

(4) The files the I discovered and reported in my initial post that I changed the permissions on are still present, as well as the icon on the desktop for 'System Check'. The icon changed to a generic icon after I changed the permissions to deny. I ran Avast antivirus and it found these files but I did not have it remove them or quarantine them, as I thought it would be better to wait to hear what instructions you had here. Malware bytes does not see these files though for some reason.

Let me know what to do next and I will do it. The computer is working like normal as far as I can tell. There is a slight delay once windows starts that was not there before but other than that it seems fine.

Best Wishes,
B

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 AM

Posted 27 February 2012 - 11:36 PM

No DDS, HijackThis, or ComboFix logs should be posted in this forum.,we didn't ask for those :)

Leave off the Cookies from the SAS and the •List Devices in Mini
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 bjk360

bjk360
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 28 February 2012 - 02:24 AM

Greetings,

Here are the requested logs: Im not sure what you meant by not including the cookies in SAS and I didnt see the device list in the Mini log.

**TDSS KILLER log. When I ran the program, it did not detect anything.


15:49:43.0342 0276 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
15:49:43.0451 0276 ============================================================
15:49:43.0451 0276 Current date / time: 2012/02/27 15:49:43.0451
15:49:43.0451 0276 SystemInfo:
15:49:43.0451 0276
15:49:43.0451 0276 OS Version: 6.1.7601 ServicePack: 1.0
15:49:43.0451 0276 Product type: Workstation
15:49:43.0451 0276 ComputerName: MYSYSTEM
15:49:43.0451 0276 UserName: Brian
15:49:43.0451 0276 Windows directory: C:\Windows
15:49:43.0451 0276 System windows directory: C:\Windows
15:49:43.0451 0276 Running under WOW64
15:49:43.0451 0276 Processor architecture: Intel x64
15:49:43.0451 0276 Number of processors: 2
15:49:43.0451 0276 Page size: 0x1000
15:49:43.0451 0276 Boot type: Safe boot with network
15:49:43.0451 0276 ============================================================
15:49:44.0871 0276 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:44.0871 0276 \Device\Harddisk0\DR0:
15:49:44.0871 0276 MBR used
15:49:44.0871 0276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:49:44.0871 0276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
15:49:44.0933 0276 Initialize success
15:49:44.0933 0276 ============================================================
15:49:53.0872 0864 ============================================================
15:49:53.0872 0864 Scan started
15:49:53.0872 0864 Mode: Manual;
15:49:53.0872 0864 ============================================================
15:49:55.0276 0864 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:49:55.0291 0864 1394ohci - ok
15:49:55.0338 0864 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
15:49:55.0338 0864 Accelerometer - ok
15:49:55.0401 0864 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:49:55.0401 0864 ACPI - ok
15:49:55.0416 0864 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:49:55.0416 0864 AcpiPmi - ok
15:49:55.0463 0864 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:49:55.0479 0864 adp94xx - ok
15:49:55.0494 0864 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:49:55.0510 0864 adpahci - ok
15:49:55.0557 0864 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:49:55.0557 0864 adpu320 - ok
15:49:55.0635 0864 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:49:55.0635 0864 AFD - ok
15:49:55.0697 0864 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
15:49:55.0713 0864 AgereSoftModem - ok
15:49:55.0728 0864 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:49:55.0728 0864 agp440 - ok
15:49:55.0744 0864 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:49:55.0744 0864 aliide - ok
15:49:55.0791 0864 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:49:55.0791 0864 amdide - ok
15:49:55.0806 0864 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:49:55.0806 0864 AmdK8 - ok
15:49:55.0822 0864 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:49:55.0837 0864 AmdPPM - ok
15:49:55.0884 0864 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:49:55.0884 0864 amdsata - ok
15:49:55.0915 0864 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:49:55.0931 0864 amdsbs - ok
15:49:55.0978 0864 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:49:55.0978 0864 amdxata - ok
15:49:56.0025 0864 AMP (6035bf320fd4537912ade40f319ef1b1) C:\Windows\system32\Drivers\amp.sys
15:49:56.0025 0864 AMP - ok
15:49:56.0087 0864 AMPSE (5f3c572851c0896b0ee1325832139a15) C:\Windows\system32\Drivers\ampse.sys
15:49:56.0118 0864 AMPSE - ok
15:49:56.0149 0864 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:49:56.0149 0864 AppID - ok
15:49:56.0181 0864 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:49:56.0181 0864 arc - ok
15:49:56.0212 0864 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:49:56.0227 0864 arcsas - ok
15:49:56.0321 0864 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
15:49:56.0321 0864 aswFsBlk - ok
15:49:56.0399 0864 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
15:49:56.0399 0864 aswMonFlt - ok
15:49:56.0415 0864 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
15:49:56.0430 0864 aswRdr - ok
15:49:56.0493 0864 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
15:49:56.0508 0864 aswSnx - ok
15:49:56.0571 0864 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
15:49:56.0571 0864 aswSP - ok
15:49:56.0617 0864 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
15:49:56.0617 0864 aswTdi - ok
15:49:56.0664 0864 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:49:56.0664 0864 AsyncMac - ok
15:49:56.0695 0864 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:49:56.0695 0864 atapi - ok
15:49:56.0773 0864 athr (8c56e93749ba53a4b645963d3439e01e) C:\Windows\system32\DRIVERS\athrx.sys
15:49:56.0789 0864 athr - ok
15:49:56.0992 0864 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
15:49:57.0070 0864 atikmdag - ok
15:49:57.0226 0864 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:49:57.0241 0864 b06bdrv - ok
15:49:57.0273 0864 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:49:57.0273 0864 b57nd60a - ok
15:49:57.0319 0864 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:49:57.0319 0864 Beep - ok
15:49:57.0351 0864 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:49:57.0351 0864 blbdrive - ok
15:49:57.0429 0864 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:49:57.0444 0864 bowser - ok
15:49:57.0444 0864 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:49:57.0444 0864 BrFiltLo - ok
15:49:57.0475 0864 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:49:57.0491 0864 BrFiltUp - ok
15:49:57.0507 0864 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:49:57.0507 0864 Brserid - ok
15:49:57.0522 0864 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:49:57.0522 0864 BrSerWdm - ok
15:49:57.0553 0864 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:49:57.0553 0864 BrUsbMdm - ok
15:49:57.0569 0864 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:49:57.0569 0864 BrUsbSer - ok
15:49:57.0585 0864 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:49:57.0585 0864 BTHMODEM - ok
15:49:57.0663 0864 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:49:57.0663 0864 cdfs - ok
15:49:57.0678 0864 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:49:57.0694 0864 cdrom - ok
15:49:57.0741 0864 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:49:57.0741 0864 circlass - ok
15:49:57.0787 0864 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:49:57.0787 0864 CLFS - ok
15:49:57.0819 0864 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:49:57.0819 0864 CmBatt - ok
15:49:57.0850 0864 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:49:57.0865 0864 cmdide - ok
15:49:57.0928 0864 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:49:57.0928 0864 CNG - ok
15:49:57.0975 0864 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:49:57.0975 0864 Compbatt - ok
15:49:57.0990 0864 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:49:57.0990 0864 CompositeBus - ok
15:49:58.0037 0864 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:49:58.0037 0864 crcdisk - ok
15:49:58.0084 0864 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:49:58.0084 0864 DfsC - ok
15:49:58.0131 0864 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:49:58.0131 0864 discache - ok
15:49:58.0146 0864 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:49:58.0146 0864 Disk - ok
15:49:58.0224 0864 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:49:58.0224 0864 drmkaud - ok
15:49:58.0302 0864 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:49:58.0302 0864 DXGKrnl - ok
15:49:58.0443 0864 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:49:58.0505 0864 ebdrv - ok
15:49:58.0567 0864 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
15:49:58.0567 0864 ElRawDisk - ok
15:49:58.0614 0864 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:49:58.0614 0864 elxstor - ok
15:49:58.0677 0864 enecir (a9ec08727c64d985678f5b64c03823f0) C:\Windows\system32\DRIVERS\enecir.sys
15:49:58.0677 0864 enecir - ok
15:49:58.0708 0864 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:49:58.0708 0864 ErrDev - ok
15:49:58.0801 0864 ewusbnet (53913561a7089c9a4649ce4e42f6101b) C:\Windows\system32\DRIVERS\ewusbnet.sys
15:49:58.0801 0864 ewusbnet - ok
15:49:58.0817 0864 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:49:58.0817 0864 exfat - ok
15:49:58.0848 0864 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:49:58.0848 0864 fastfat - ok
15:49:58.0879 0864 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:49:58.0879 0864 fdc - ok
15:49:58.0926 0864 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:49:58.0926 0864 FileInfo - ok
15:49:58.0957 0864 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:49:58.0957 0864 Filetrace - ok
15:49:58.0973 0864 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:49:58.0973 0864 flpydisk - ok
15:49:59.0004 0864 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:49:59.0004 0864 FltMgr - ok
15:49:59.0051 0864 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:49:59.0051 0864 FsDepends - ok
15:49:59.0067 0864 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:49:59.0067 0864 Fs_Rec - ok
15:49:59.0129 0864 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:49:59.0129 0864 fvevol - ok
15:49:59.0145 0864 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:49:59.0145 0864 gagp30kx - ok
15:49:59.0191 0864 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:49:59.0191 0864 GEARAspiWDM - ok
15:49:59.0223 0864 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:49:59.0223 0864 hcw85cir - ok
15:49:59.0285 0864 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:49:59.0285 0864 HdAudAddService - ok
15:49:59.0332 0864 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:49:59.0347 0864 HDAudBus - ok
15:49:59.0347 0864 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:49:59.0347 0864 HidBatt - ok
15:49:59.0363 0864 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:49:59.0379 0864 HidBth - ok
15:49:59.0410 0864 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:49:59.0425 0864 HidIr - ok
15:49:59.0441 0864 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:49:59.0441 0864 HidUsb - ok
15:49:59.0535 0864 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
15:49:59.0535 0864 hpdskflt - ok
15:49:59.0566 0864 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:49:59.0566 0864 HpSAMD - ok
15:49:59.0613 0864 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:49:59.0613 0864 HTTP - ok
15:49:59.0659 0864 hwdatacard (d96a290f699081ae737390c0fe329d7c) C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:49:59.0675 0864 hwdatacard - ok
15:49:59.0691 0864 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:49:59.0691 0864 hwpolicy - ok
15:49:59.0753 0864 hwusbdev (e0c7255498640fc64b19aae17fd6f965) C:\Windows\system32\DRIVERS\ewusbdev.sys
15:49:59.0753 0864 hwusbdev - ok
15:49:59.0800 0864 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:49:59.0800 0864 i8042prt - ok
15:49:59.0847 0864 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:49:59.0862 0864 iaStorV - ok
15:49:59.0878 0864 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:49:59.0893 0864 iirsp - ok
15:49:59.0909 0864 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:49:59.0909 0864 intelide - ok
15:49:59.0940 0864 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
15:49:59.0956 0864 intelppm - ok
15:49:59.0971 0864 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:49:59.0971 0864 IpFilterDriver - ok
15:49:59.0987 0864 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:49:59.0987 0864 IPMIDRV - ok
15:50:00.0034 0864 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:50:00.0034 0864 IPNAT - ok
15:50:00.0049 0864 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:50:00.0049 0864 IRENUM - ok
15:50:00.0081 0864 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:50:00.0081 0864 isapnp - ok
15:50:00.0112 0864 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:50:00.0127 0864 iScsiPrt - ok
15:50:00.0174 0864 JMCR (54df9eafb54a98e1a2ac3db69c16cf05) C:\Windows\system32\DRIVERS\jmcr.sys
15:50:00.0174 0864 JMCR - ok
15:50:00.0205 0864 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:50:00.0205 0864 kbdclass - ok
15:50:00.0252 0864 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:50:00.0252 0864 kbdhid - ok
15:50:00.0283 0864 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:50:00.0283 0864 KSecDD - ok
15:50:00.0330 0864 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:50:00.0330 0864 KSecPkg - ok
15:50:00.0361 0864 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:50:00.0361 0864 ksthunk - ok
15:50:00.0439 0864 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:50:00.0439 0864 lltdio - ok
15:50:00.0486 0864 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:50:00.0502 0864 LSI_FC - ok
15:50:00.0502 0864 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:50:00.0517 0864 LSI_SAS - ok
15:50:00.0517 0864 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:50:00.0533 0864 LSI_SAS2 - ok
15:50:00.0580 0864 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:50:00.0580 0864 LSI_SCSI - ok
15:50:00.0611 0864 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:50:00.0611 0864 luafv - ok
15:50:00.0658 0864 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:50:00.0658 0864 megasas - ok
15:50:00.0689 0864 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:50:00.0705 0864 MegaSR - ok
15:50:00.0736 0864 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:50:00.0736 0864 Modem - ok
15:50:00.0767 0864 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:50:00.0767 0864 monitor - ok
15:50:00.0814 0864 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:50:00.0814 0864 mouclass - ok
15:50:00.0829 0864 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:50:00.0829 0864 mouhid - ok
15:50:00.0876 0864 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:50:00.0876 0864 mountmgr - ok
15:50:00.0892 0864 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:50:00.0892 0864 mpio - ok
15:50:00.0907 0864 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:50:00.0907 0864 mpsdrv - ok
15:50:00.0954 0864 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:50:00.0954 0864 MRxDAV - ok
15:50:01.0001 0864 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:50:01.0001 0864 mrxsmb - ok
15:50:01.0063 0864 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:50:01.0079 0864 mrxsmb10 - ok
15:50:01.0141 0864 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:50:01.0141 0864 mrxsmb20 - ok
15:50:01.0188 0864 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:50:01.0188 0864 msahci - ok
15:50:01.0204 0864 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:50:01.0204 0864 msdsm - ok
15:50:01.0266 0864 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:50:01.0266 0864 Msfs - ok
15:50:01.0282 0864 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:50:01.0282 0864 mshidkmdf - ok
15:50:01.0313 0864 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:50:01.0313 0864 msisadrv - ok
15:50:01.0344 0864 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:50:01.0360 0864 MSKSSRV - ok
15:50:01.0375 0864 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:01.0375 0864 MSPCLOCK - ok
15:50:01.0391 0864 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:50:01.0391 0864 MSPQM - ok
15:50:01.0453 0864 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:50:01.0453 0864 MsRPC - ok
15:50:01.0500 0864 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:50:01.0500 0864 mssmbios - ok
15:50:01.0531 0864 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:50:01.0531 0864 MSTEE - ok
15:50:01.0563 0864 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:50:01.0563 0864 MTConfig - ok
15:50:01.0594 0864 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:50:01.0609 0864 Mup - ok
15:50:01.0641 0864 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:50:01.0656 0864 NativeWifiP - ok
15:50:01.0687 0864 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:50:01.0703 0864 NDIS - ok
15:50:01.0734 0864 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:50:01.0734 0864 NdisCap - ok
15:50:01.0765 0864 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:01.0765 0864 NdisTapi - ok
15:50:01.0812 0864 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:01.0812 0864 Ndisuio - ok
15:50:01.0843 0864 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:01.0843 0864 NdisWan - ok
15:50:01.0890 0864 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:50:01.0890 0864 NDProxy - ok
15:50:01.0921 0864 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:50:01.0921 0864 NetBIOS - ok
15:50:01.0937 0864 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:50:01.0953 0864 NetBT - ok
15:50:01.0999 0864 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:50:02.0015 0864 nfrd960 - ok
15:50:02.0062 0864 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:50:02.0062 0864 Npfs - ok
15:50:02.0093 0864 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:50:02.0093 0864 nsiproxy - ok
15:50:02.0202 0864 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:50:02.0233 0864 Ntfs - ok
15:50:02.0280 0864 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:50:02.0280 0864 Null - ok
15:50:02.0327 0864 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:50:02.0327 0864 nvraid - ok
15:50:02.0358 0864 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:50:02.0358 0864 nvstor - ok
15:50:02.0389 0864 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:50:02.0389 0864 nv_agp - ok
15:50:02.0421 0864 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:50:02.0436 0864 ohci1394 - ok
15:50:02.0452 0864 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:50:02.0467 0864 Parport - ok
15:50:02.0514 0864 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:50:02.0514 0864 partmgr - ok
15:50:02.0545 0864 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:50:02.0561 0864 pci - ok
15:50:02.0592 0864 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:50:02.0592 0864 pciide - ok
15:50:02.0608 0864 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:50:02.0623 0864 pcmcia - ok
15:50:02.0670 0864 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
15:50:02.0686 0864 PCTINDIS5X64 - ok
15:50:02.0701 0864 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:50:02.0701 0864 pcw - ok
15:50:02.0795 0864 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:50:02.0811 0864 PEAUTH - ok
15:50:02.0935 0864 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:50:02.0935 0864 PptpMiniport - ok
15:50:03.0013 0864 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:50:03.0029 0864 Processor - ok
15:50:03.0138 0864 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:50:03.0154 0864 Psched - ok
15:50:03.0450 0864 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:50:03.0481 0864 ql2300 - ok
15:50:03.0591 0864 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:50:03.0591 0864 ql40xx - ok
15:50:03.0715 0864 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:50:03.0731 0864 QWAVEdrv - ok
15:50:03.0809 0864 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:50:03.0809 0864 RasAcd - ok
15:50:03.0840 0864 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:50:03.0840 0864 RasAgileVpn - ok
15:50:03.0887 0864 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:50:03.0887 0864 Rasl2tp - ok
15:50:03.0918 0864 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:50:03.0918 0864 RasPppoe - ok
15:50:03.0965 0864 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:50:03.0965 0864 RasSstp - ok
15:50:03.0996 0864 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:50:03.0996 0864 rdbss - ok
15:50:04.0027 0864 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:50:04.0043 0864 rdpbus - ok
15:50:04.0059 0864 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:50:04.0059 0864 RDPCDD - ok
15:50:04.0090 0864 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:50:04.0090 0864 RDPENCDD - ok
15:50:04.0137 0864 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:50:04.0137 0864 RDPREFMP - ok
15:50:04.0168 0864 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:50:04.0168 0864 RDPWD - ok
15:50:04.0230 0864 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:50:04.0230 0864 rdyboost - ok
15:50:04.0308 0864 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:50:04.0308 0864 rspndr - ok
15:50:04.0371 0864 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:50:04.0386 0864 RTL8167 - ok
15:50:04.0558 0864 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:50:04.0558 0864 SASDIFSV - ok
15:50:04.0573 0864 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:50:04.0589 0864 SASKUTIL - ok
15:50:04.0620 0864 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:50:04.0620 0864 sbp2port - ok
15:50:04.0636 0864 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:50:04.0636 0864 scfilter - ok
15:50:04.0667 0864 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
15:50:04.0683 0864 sdbus - ok
15:50:04.0729 0864 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:50:04.0729 0864 secdrv - ok
15:50:04.0776 0864 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:50:04.0776 0864 Serenum - ok
15:50:04.0807 0864 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:50:04.0807 0864 Serial - ok
15:50:04.0839 0864 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:50:04.0839 0864 sermouse - ok
15:50:04.0870 0864 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:50:04.0870 0864 sffdisk - ok
15:50:04.0885 0864 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:50:04.0885 0864 sffp_mmc - ok
15:50:04.0917 0864 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:50:04.0917 0864 sffp_sd - ok
15:50:04.0932 0864 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:50:04.0932 0864 sfloppy - ok
15:50:04.0995 0864 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:50:04.0995 0864 SiSRaid2 - ok
15:50:05.0010 0864 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:50:05.0010 0864 SiSRaid4 - ok
15:50:05.0041 0864 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:50:05.0041 0864 Smb - ok
15:50:05.0119 0864 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:50:05.0119 0864 spldr - ok
15:50:05.0197 0864 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:50:05.0213 0864 srv - ok
15:50:05.0260 0864 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:50:05.0275 0864 srv2 - ok
15:50:05.0291 0864 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:50:05.0291 0864 srvnet - ok
15:50:05.0338 0864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:50:05.0338 0864 stexstor - ok
15:50:05.0400 0864 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
15:50:05.0400 0864 STHDA - ok
15:50:05.0431 0864 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:50:05.0431 0864 swenum - ok
15:50:05.0525 0864 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
15:50:05.0525 0864 SynTP - ok
15:50:05.0619 0864 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:50:05.0650 0864 Tcpip - ok
15:50:05.0728 0864 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:50:05.0743 0864 TCPIP6 - ok
15:50:05.0806 0864 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:50:05.0806 0864 tcpipreg - ok
15:50:05.0868 0864 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:50:05.0868 0864 TDPIPE - ok
15:50:05.0884 0864 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:50:05.0884 0864 TDTCP - ok
15:50:05.0931 0864 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:50:05.0931 0864 tdx - ok
15:50:05.0962 0864 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:50:05.0962 0864 TermDD - ok
15:50:06.0040 0864 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:50:06.0040 0864 tssecsrv - ok
15:50:06.0071 0864 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:50:06.0087 0864 TsUsbFlt - ok
15:50:06.0087 0864 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:50:06.0102 0864 TsUsbGD - ok
15:50:06.0133 0864 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:50:06.0133 0864 tunnel - ok
15:50:06.0165 0864 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:50:06.0165 0864 uagp35 - ok
15:50:06.0196 0864 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:50:06.0196 0864 udfs - ok
15:50:06.0258 0864 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:50:06.0258 0864 uliagpkx - ok
15:50:06.0274 0864 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:50:06.0289 0864 umbus - ok
15:50:06.0321 0864 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:50:06.0321 0864 UmPass - ok
15:50:06.0399 0864 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:50:06.0399 0864 usbaudio - ok
15:50:06.0461 0864 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:50:06.0461 0864 usbccgp - ok
15:50:06.0477 0864 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:50:06.0477 0864 usbcir - ok
15:50:06.0492 0864 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:50:06.0492 0864 usbehci - ok
15:50:06.0555 0864 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:50:06.0555 0864 usbhub - ok
15:50:06.0570 0864 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:50:06.0586 0864 usbohci - ok
15:50:06.0617 0864 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:50:06.0617 0864 usbprint - ok
15:50:06.0648 0864 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:50:06.0648 0864 usbscan - ok
15:50:06.0695 0864 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:50:06.0695 0864 USBSTOR - ok
15:50:06.0726 0864 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:50:06.0726 0864 usbuhci - ok
15:50:06.0789 0864 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:50:06.0789 0864 usbvideo - ok
15:50:06.0835 0864 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
15:50:06.0835 0864 usb_rndisx - ok
15:50:06.0867 0864 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:50:06.0867 0864 vdrvroot - ok
15:50:06.0882 0864 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:50:06.0882 0864 vga - ok
15:50:06.0929 0864 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:50:06.0929 0864 VgaSave - ok
15:50:06.0945 0864 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:50:06.0945 0864 vhdmp - ok
15:50:06.0960 0864 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:50:06.0960 0864 viaide - ok
15:50:07.0023 0864 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:50:07.0023 0864 volmgr - ok
15:50:07.0054 0864 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:50:07.0054 0864 volmgrx - ok
15:50:07.0085 0864 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:50:07.0085 0864 volsnap - ok
15:50:07.0116 0864 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:50:07.0116 0864 vsmraid - ok
15:50:07.0179 0864 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:50:07.0179 0864 vwifibus - ok
15:50:07.0225 0864 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:50:07.0225 0864 vwififlt - ok
15:50:07.0303 0864 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:50:07.0303 0864 WacomPen - ok
15:50:07.0350 0864 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:07.0350 0864 WANARP - ok
15:50:07.0366 0864 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:07.0366 0864 Wanarpv6 - ok
15:50:07.0413 0864 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:50:07.0413 0864 Wd - ok
15:50:07.0459 0864 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:50:07.0475 0864 Wdf01000 - ok
15:50:07.0537 0864 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:50:07.0537 0864 WfpLwf - ok
15:50:07.0569 0864 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:50:07.0569 0864 WIMMount - ok
15:50:07.0678 0864 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:50:07.0678 0864 WmiAcpi - ok
15:50:07.0756 0864 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:50:07.0756 0864 ws2ifsl - ok
15:50:07.0818 0864 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:50:07.0818 0864 WudfPf - ok
15:50:07.0849 0864 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:50:07.0849 0864 WUDFRd - ok
15:50:07.0943 0864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:50:08.0005 0864 \Device\Harddisk0\DR0 - ok
15:50:08.0021 0864 Boot (0x1200) (41686e5e324eb817e6c164657426130b) \Device\Harddisk0\DR0\Partition0
15:50:08.0021 0864 \Device\Harddisk0\DR0\Partition0 - ok
15:50:08.0037 0864 Boot (0x1200) (13d5c60043bc4f70a2e8ebb9498ed1ec) \Device\Harddisk0\DR0\Partition1
15:50:08.0037 0864 \Device\Harddisk0\DR0\Partition1 - ok
15:50:08.0037 0864 ============================================================
15:50:08.0037 0864 Scan finished
15:50:08.0037 0864 ============================================================
15:50:08.0052 1856 Detected object count: 0
15:50:08.0052 1856 Actual detected object count: 0
15:52:11.0464 1776 Deinitialize success

**MBAM LOG:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.25.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Brian :: MYSYSTEM [administrator]

2/27/2012 3:53:10 PM
mbam-log-2012-02-27 (15-53-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184968
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Brian\AppData\Local\Temp\QS90gxdSxaiH5A.exe.tmp (Rogue.SystemCheck) -> Quarantined and deleted successfully.

(end)

**MINI LOG

MiniToolBox by Farbar Version: 18-01-2012
Ran by Brian (administrator) on 27-02-2012 at 16:20:47
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection (Media disconnected)
Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Media disconnected)
HUAWEI Mobile Connect - 3G Network Card = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 4" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MySystem
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter Broadband:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadband
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 21.208.160.236(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 10.177.0.34
10.168.183.116
Primary WINS Server . . . . . . . : 10.11.12.13
Secondary WINS Server . . . . . . : 10.11.12.14
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HUAWEI Mobile Connect - 3G Network Card
Physical Address. . . . . . . . . : 00-1E-10-1F-25-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-24-2C-00-23-75
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-23-5A-44-40-1F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0A106E99-953F-4238-B61C-1653FF0F0335}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{48D80BD3-0F59-435D-9D7B-2A332DD6403E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:15d0:a0ec::15d0:a0ec(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 10.177.0.34
10.168.183.116
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{18CCAC65-6AEB-461F-B2C5-456579DD6585}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{08398CF6-6B48-4CD6-989F-AC06A94314C8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:287c:3f84:ea2f:5f13(Preferred)
Link-local IPv6 Address . . . . . : fe80::287c:3f84:ea2f:5f13%15(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 10.177.0.34

Name: google.com
Addresses: 74.125.227.73
74.125.227.65
74.125.227.69
74.125.227.64
74.125.227.66
74.125.227.68
74.125.227.71
74.125.227.67
74.125.227.78
74.125.227.72
74.125.227.70


Pinging google.com [74.125.227.73] with 32 bytes of data:
Reply from 74.125.227.73: bytes=32 time=288ms TTL=52
Reply from 74.125.227.73: bytes=32 time=275ms TTL=52

Ping statistics for 74.125.227.73:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 275ms, Maximum = 288ms, Average = 281ms
Server: UnKnown
Address: 10.177.0.34

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
98.139.127.62


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=452ms TTL=47
Reply from 98.139.183.24: bytes=32 time=430ms TTL=47

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 430ms, Maximum = 452ms, Average = 441ms
Server: UnKnown
Address: 10.177.0.34

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 10.160.168.139: Destination host unreachable.
Reply from 10.160.168.139: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
37...........................Broadband
13...00 1e 10 1f 25 00 ......HUAWEI Mobile Connect - 3G Network Card
12...00 24 2c 00 23 75 ......Atheros AR5007 802.11b/g WiFi Adapter
11...00 23 5a 44 40 1f ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 On-link 21.208.160.236 31
21.208.160.236 255.255.255.255 On-link 21.208.160.236 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 21.208.160.236 31
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 21.208.160.236 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 1140 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:287c:3f84:ea2f:5f13/128
On-link
14 1040 2002::/16 On-link
14 296 2002:15d0:a0ec::15d0:a0ec/128
On-link
15 306 fe80::/64 On-link
15 306 fe80::287c:3f84:ea2f:5f13/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\iavlsp.dll [118784] (iolo technologies, LLC)
Catalog9 02 C:\Windows\SysWOW64\iavlsp.dll [118784] (iolo technologies, LLC)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\iavlsp.dll [118784] (iolo technologies, LLC)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\iavlsp64.dll [160256] ()
x64-Catalog9 02 C:\Windows\System32\iavlsp64.dll [160256] ()
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\iavlsp64.dll [160256] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/27/2012 04:21:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/27/2012 04:21:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/27/2012 04:21:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/27/2012 04:10:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2012 03:48:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2012 03:22:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2012 10:50:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2012 07:02:01 PM) (Source: Application Hang) (User: )
Description: The program Safari.exe version 5.34.52.7 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1174

Start Time: 01ccf421b3a434b9

Termination Time: 18

Application Path: C:\Program Files (x86)\Safari\Safari.exe

Report Id: 6a2a53f1-6015-11e1-8a9b-001e101fb45e

Error: (02/25/2012 06:56:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2012 00:04:28 PM) (Source: RasClient) (User: )
Description: CoId={1D11E7A4-C34D-4979-9677-CDF679DD6E7C}: The user MySystem\Brian dialed a connection named Broadband which has failed. The error code returned on failure is 678.


System errors:
=============
Error: (02/27/2012 04:09:09 PM) (Source: Service Control Manager) (User: )
Description: The iolo FileInfoList Service service failed to start due to the following error:
%%1083

Error: (02/27/2012 04:08:33 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/27/2012 04:08:33 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/27/2012 03:48:03 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/27/2012 03:48:03 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/27/2012 03:48:01 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/27/2012 03:47:55 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/27/2012 03:46:42 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswSnx
aswSP
aswTdi
discache
ElRawDisk
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (02/27/2012 03:46:41 PM) (Source: Service Control Manager) (User: )
Description: The iolo System Service service depends on the Background Intelligent Transfer Service service which failed to start because of the following error:
%%1068

Error: (02/27/2012 03:20:47 PM) (Source: Service Control Manager) (User: )
Description: The iolo FileInfoList Service service failed to start due to the following error:
%%1083


Microsoft Office Sessions:
=========================
Error: (02/27/2012 04:21:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/27/2012 04:21:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/27/2012 04:21:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/27/2012 04:10:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2012 03:48:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2012 03:22:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2012 10:50:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2012 07:02:01 PM) (Source: Application Hang)(User: )
Description: Safari.exe5.34.52.7117401ccf421b3a434b918C:\Program Files (x86)\Safari\Safari.exe6a2a53f1-6015-11e1-8a9b-001e101fb45e

Error: (02/25/2012 06:56:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2012 00:04:28 PM) (Source: RasClient)(User: )
Description: {1D11E7A4-C34D-4979-9677-CDF679DD6E7C}MySystem\BrianBroadband678


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.2201.41622)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
AGEIA PhysX v7.09.13 (Version: 7.09.13)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 7.0.1407.0)
AVSDK5 (Version: 5.3.3)
Babylon toolbar on IE
Baldur's Gate
Battle Slots (Version: 1.00.0000)
Bonjour (Version: 3.0.0.10)
CassetteMate
DarkCrusade (Version: 1.20)
Doom 3 (Version: 1.00.0000)
Dragonsphere
Dungeon Keeper 2
DUNGEONS (Version: 1.0.0.3)
Dungeons and Dragons - Dragonshard
ENE CIR Receiver Driver (Version: 2.7.3.519)
F.E.A.R. 2: Project Origin
Icewind Dale Complete
iolo technologies' System Mechanic (Version: 10.7.7)
iolo technologies' System Shield (Version: 4.2.2)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
JMicron JMB38X Flash Media Controller Driver (Version: 1.00.20.07)
Lexmark 3600-4600 Series
Lexmark Fax Solutions
Lexmark Toolbar (Version: 4.0.53.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE (Version: 2.0.675.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.673.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyTomTom 3.1.0.530 (Version: 3.1.0.530)
Oblivion (Version: 1.00.0000)
OpenOffice.org 3.3 (Version: 3.3.9567)
Painkiller Black (Version: 1.0.0)
Painkiller Overdose build 75 (NA)
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Rise Of Legends (Version: 1.00.0000)
Safari (Version: 5.34.52.7)
StarCraft II (Version: 1.3.6.19269)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1134)
Synaptics Pointing Device Driver (Version: 15.0.17.4)
T-Mobile webConnect Manager (Version: 2.04.0030.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
VLC media player 1.1.11 (Version: 1.1.11)
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
WinZip 15.5 (Version: 15.5.9579)
WinZip Courier (Version: 3.0.9557)
X-COM: UFO Defense

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 7933.83 MB
Available physical RAM: 6262.05 MB
Total Pagefile: 15865.86 MB
Available Pagefile: 14034.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.26 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:156.41 GB) NTFS
3 Drive e: (webConnect Mgr) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\MYSYSTEM

Administrator Brian Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Please let me know what you think and thanks again for assisting.

Best Wishes,
B

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 AM

Posted 28 February 2012 - 04:59 PM

OK, looks like a hit on System Check ... Hows it now?
We need to do 2 things.

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.



>>>>

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 bjk360

bjk360
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 29 February 2012 - 05:03 PM

Greetings,

I followed your instructions and fixed the HOSTS file and also removed the older version of Java and installed the newest version (version 6, update 31). What should I do from this point? Is it ok to run the anti virus programs or should I do something else? The System Check icon is still on the desk top and is still a generic icon.

Best Wishes,
B

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 AM

Posted 29 February 2012 - 07:55 PM

Run the AV,,See if it gets that icon.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 bjk360

bjk360
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 01 March 2012 - 08:26 PM

Greetings,

In the last few days I have spent time working on this issue and have learned a lot. I believe the virus is gone now but I have some questions remaining. I will also take you through what steps I took and what happened.


Here is what I did and what happened:

I first booted into safe mode and ran rkill and then TDSS Killer, which didn't find anything. I then ran MBM and it didn't find anything. Next I ran Avast and it discovered 2 files that it said were threats; the ones I posted in one of my original posts. There were 3 total but it only found 2 of them. Before the scan finished, the pc shut down. This happened 3 times in a row. At first I thought it was the computer over-heating so I placed a cooling element underneath it. It did it again right at about the same place during the Avast scan. I got online on another computer and read that this particular virus can shut down your pc so I figured that was what was going on; Avast found the files and the files took action in response to being found, was my guess. So then I decided to scan the folder where the files were located and it found them without shutting the pc down. When I tried to move them to the virus chest, I got an error message that read:

Error: Access is denied (5)

I couldn't move them to the virus chest, repair them, or delete them through Avast. Next I tried System Shield and it didn't find anything. After that, I tried SuperAntiSpyware and it found one of the files and killed it without incident. It did not see the other 2 files for some reason. I then ran Avast again because Avast was the only one of the group that saw the 2nd file. This time it found the file and I was able to kill it with no error this time.

After this, the system check icon was gone from the desktop. So I rebooted the system and decided to scan with Avast from safe mode. It then found the following items:

DAE5.TMP
W32TM.EXE

Avast determined that these were rootkits and took care of them by moving them to the virus chest. I did some further checking and at some point in the past I had downloaded Foxtab FLV Player and installed it. One of the files listed above was related to the FLV player according to some posts about malware. I then researched the flv player more and started noticing posts on the net that this item has malware hidden in it.

So now that you know the story, here are my questions

(1) There is still one file that remains that was part of the virus → g7ilfeiU7c8cHn that is 1kb and it has no extension. Should I manually delete it?

(2) Why aren't the virus scanner programs finding this last file?

(3) Why did the AV programs see different results or no results at all?

(4) Should I get rid of Fox Tab FLV player... do you or anyone on the website know if it does indeed contain malware?

(5) Why did the other virus scanners also not see the rootkit files (if they are indeed rootkits) listed above, and then it only saw them AFTER the system check virus was dealt with..? Should I delete the rootkits from the Avast virus chest or leave them there for some reason?

(6) In Windows 7, when you hit the Start button, a list of programs pops up with the option to list 'All Programs'. System Check is listed there along with an 'uninstaller'. I don't believe it's actually an uninstaller. How do I get rid of this? Is it as simple as right-click to delete, or is there a specific procedure to follow since this was virus related?

(7) When I changed the permissions of the virus files, it seemed that the virus activity stopped. I thought that if the files were 'in jail'... sitting there without being able to do anything, then nothing would replicate or take action from deletion, etc. Was this a good thing to do?

(8) When booting into safe mode, there is an option at the top of the list that says something to the effect of 'Repair computer'. Is this a product of the virus or is it legit and what should I do about it? I suspect it is something like chkdsk but don't recall seeing it there before this incident with the virus.

I do apologize if this is too much to ask with all these questions but in dealing with all of this I have tried to understand what is going on, how it started, and all the whys that go with that so that it doesn't happen again. I thank you for all of your help.

Best Wishes,
B

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 AM

Posted 02 March 2012 - 11:38 AM

Hello.
(1) There is still one file that remains that was part of the virus → g7ilfeiU7c8cHn that is 1kb and it has no extension. Should I manually delete it?


Lets' upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



(2) Why aren't the virus scanner programs finding this last file?
Possinbly it's location,Eg.. if its in a System restore folder it is not scanned.
Or it's hidden,see How to see hidden files in Windows above and scan.

(3) Why did the AV programs see different results or no results at all?
I put this on the "No one tool does it all" factor. Different virus signatures in their databases. Hidden system file or not in its proer location. That makes it a malware. In these files case it is usually a HAXDOOR infection.

(4) Should I get rid of Fox Tab FLV player... do you or anyone on the website know if it does indeed contain malware?
You can also submit that File to JoTTi and VT.. Or Scan the download file on your desktop with Avast.,MBAM
I see mixed reviews.

(5) Why did the other virus scanners also not see the rootkit files (if they are indeed rootkits) listed above, and then it only saw them AFTER the system check virus was dealt with..? Should I delete the rootkits from the Avast virus chest or leave them there for some reason?
Files in the chest or Quarantine can no longer harm the PC. It is put there in case the file was impostant to the smooth operation of the system. If after a few days all is running well you may delete if you want to.

As with the other they may be hidden. The w32tm.exe is a Windows Time Service Diagnostic Tool.

This file is part of Microsoft Windows Operating System. W32tm.exe is developed by Microsoft Corporation. It’s a system and hidden file. W32tm.exe is usually located in the %SYSTEM% sub-folder and its usual size is 49,664 bytes
(6) In Windows 7, when you hit the Start button, a list of programs pops up with the option to list 'All Programs'. System Check is listed there along with an 'uninstaller'. I don't believe it's actually an uninstaller. How do I get rid of this? Is it as simple as right-click to delete, or is there a specific procedure to follow since this was virus related?

(7) When I changed the permissions of the virus files, it seemed that the virus activity stopped. I thought that if the files were 'in jail'... sitting there without being able to do anything, then nothing would replicate or take action from deletion, etc. Was this a good thing to do?
See Above >chest/quarantine.

(8) When booting into safe mode, there is an option at the top of the list that says something to the effect of 'Repair computer'. Is this a product of the virus or is it legit and what should I do about it? I suspect it is something like chkdsk but don't recall seeing it there before this incident with the virus.

Ask that one in WIN7 as I do not kknow for sure,but a mod or advisor there will.


So all is ruuning well here now?

Edited by boopme, 02 March 2012 - 11:42 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 bjk360

bjk360
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 03 March 2012 - 03:42 PM

Greetings,

I tried to upload the file to the sites you provided links for and I got a windows pop up that says I don't have permission to do it. My keyboard then started to produce extra keystrokes every time I would try and write. When I would press the w key, I would be 3 w characters. This happened a few times and would fix itself once the browser was closed and restarted. I am guessing it was my changing the permissions that lead to the pop up window.

I did upload the foxtab media player file FLVPlayer.exe to the Jotti site. Out of the 20 different virus scanners, one found something:

eset found Win32/InstallCore.A

The Virustotal site says out of 43 scanners, 1 detected:

NOD32 a variant of Win32/InstallCore.A


Things seem to be functioning normally on the computer thus far. Do you think there a link between the virus and this media player? What do you recommend from here?


Best Wishes,
B

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 AM

Posted 03 March 2012 - 09:15 PM

I say while its functional,we get a deeper look. This will find any more malware,If yhere is and see if its in legeiy apps.

Start a new topic titled "not certain I am clean."

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Include a link back to this topic as it will help.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 bjk360

bjk360
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 13 March 2012 - 11:41 AM

Greetings,

I posted in the other forum as you instructed and they helped me run several tests and checks to clean my system. Things appear to be running fine now. Thank you for your help, it was most appreciated.

Best Wishes,
B




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users