PDA

View Full Version : Google results Re-Direct to Random Websites


spikyspud
2012-01-13, 17:20
Hi,

I was previously getting help in this thread (http://forums.spybot.info/showthread.php?t=64504) but due to circumstances beyond my control I couldn't reply before it was moved to the archive.

The issue still exists with the computer so if it would be possible to get some more help that would be excellent.

I have tried to run DDS again but this locks up part way through the process.

Many Thanks
ken545
2012-01-19, 01:31
Hi,

Sorry about closing your thread but we get so busy if there is no reply in 3 days the thread is closed.


Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png






Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
spikyspud
2012-01-20, 19:59
Hi,

No worries about closing the thread, understand you need to keep the forum tidy.

I did as requested below, although as a quick aside as I don't know if it is relevant or not all the browsers on the system have stopped working. Chrome and IE, they come up with an error message saying "Chrome has stopped working. Windows is trying to find a solution". I even tried Firefox portable on a USB drive but that gets the same result.

Anyway here are the contents of the aswMBR.exe log file:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-20 17:50:58
-----------------------------
17:50:58.869 OS Version: Windows 6.0.6002 Service Pack 2
17:50:58.869 Number of processors: 2 586 0xF0D
17:50:58.871 ComputerName: SANDRA-PC UserName: Sandra
17:51:22.129 Initialze error 0 - driver not loaded
17:52:04.463 Scan error: Incorrect function.
17:52:23.972 The log file has been saved successfully to "C:\Users\Sandra\Desktop\aswMBR.txt"


And the MBRCheck.exe log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M1640
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 144):
0x82450000 \SystemRoot\system32\ntkrnlpa.exe
0x8241D000 \SystemRoot\system32\hal.dll
0x80605000 \SystemRoot\system32\kdcom.dll
0x80607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80677000 \SystemRoot\system32\PSHED.dll
0x80688000 \SystemRoot\system32\BOOTVID.dll
0x80690000 \SystemRoot\system32\CLFS.SYS
0x806D1000 \SystemRoot\system32\CI.dll
0x82A0C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A88000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A95000 \SystemRoot\system32\drivers\acpi.sys
0x82ADB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82AE4000 \SystemRoot\system32\drivers\msisadrv.sys
0x82AEC000 \SystemRoot\system32\drivers\pci.sys
0x82B13000 \SystemRoot\System32\drivers\partmgr.sys
0x82B22000 \SystemRoot\system32\drivers\volmgr.sys
0x82B31000 \SystemRoot\System32\drivers\volmgrx.sys
0x82B7B000 \SystemRoot\system32\drivers\nvrd32.sys
0x82B9E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82BBF000 \SystemRoot\system32\drivers\pciide.sys
0x82BC6000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82BD4000 \SystemRoot\System32\drivers\mountmgr.sys
0x82BE4000 \SystemRoot\system32\drivers\nvraid.sys
0x82A00000 \SystemRoot\system32\drivers\atapi.sys
0x807B1000 \SystemRoot\system32\drivers\ataport.SYS
0x807CF000 \SystemRoot\system32\drivers\nvstor32.sys
0x82C07000 \SystemRoot\system32\drivers\storport.sys
0x82C48000 \SystemRoot\system32\drivers\fltmgr.sys
0x82C7A000 \SystemRoot\system32\drivers\fileinfo.sys
0x82C8A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E04000 \SystemRoot\system32\drivers\ndis.sys
0x82F0F000 \SystemRoot\system32\drivers\msrpc.sys
0x82F3A000 \SystemRoot\system32\drivers\NETIO.SYS
0x82CFB000 \SystemRoot\System32\drivers\tcpip.sys
0x82F75000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87C07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87D17000 \SystemRoot\system32\drivers\wd.sys
0x87D1F000 \SystemRoot\system32\drivers\volsnap.sys
0x87D58000 \SystemRoot\System32\Drivers\spldr.sys
0x87D60000 \SystemRoot\System32\Drivers\mup.sys
0x87D6F000 \SystemRoot\System32\drivers\ecache.sys
0x87D96000 \SystemRoot\system32\drivers\disk.sys
0x87DA7000 \SystemRoot\system32\drivers\crcdisk.sys
0x87DEB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x82F90000 \SystemRoot\system32\DRIVERS\serial.sys
0x82FAA000 \SystemRoot\system32\DRIVERS\serenum.sys
0x82FC7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87DFA000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x82FD2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B60E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B64C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B65B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B6E8000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B6F8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B706000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B71E000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8B808000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8BA01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C148000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C1E8000 \SystemRoot\System32\drivers\watchdog.sys
0x8B904000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C1F4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B933000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B94A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B955000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B978000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B987000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B99B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B9B0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B9C0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B9CB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B9CD000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B720000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B72A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B737000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B76C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C809000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8B77D000 \SystemRoot\system32\drivers\portcls.sys
0x8B7AA000 \SystemRoot\system32\drivers\drmk.sys
0x8B7CF000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8C9EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C9F3000 \SystemRoot\System32\Drivers\Null.SYS
0x8C800000 \SystemRoot\System32\Drivers\Beep.SYS
0x82FDC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B600000 \SystemRoot\System32\drivers\vga.sys
0x8CC07000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CC28000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CC30000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CC38000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CC43000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CC51000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CC5A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CC70000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CC84000 \SystemRoot\system32\drivers\afd.sys
0x8CCCC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CCFE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CD14000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CD22000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CD35000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CD71000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CD7B000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CD92000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8CDA7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CDA9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CDB2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8CDC2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CDCA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CDD7000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x87DB0000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x8CDE1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x96206000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x962AD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x98010000 \SystemRoot\System32\win32k.sys
0x962B6000 \SystemRoot\System32\drivers\Dxapi.sys
0x962C0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98230000 \SystemRoot\System32\TSDDD.dll
0x98250000 \SystemRoot\System32\cdd.dll
0x962CF000 \SystemRoot\system32\drivers\luafv.sys
0x962EA000 \SystemRoot\system32\drivers\spsys.sys
0x9639A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x963AA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x963D4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x963DE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9EE02000 \SystemRoot\system32\drivers\HTTP.sys
0x9EE6F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EE8C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9EEA5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9EEBA000 \SystemRoot\system32\drivers\mrxdav.sys
0x9EEDB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EEFA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EF33000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EF4B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EF73000 \SystemRoot\System32\DRIVERS\srv.sys
0x9EFC2000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x9FA04000 \SystemRoot\system32\drivers\peauth.sys
0x9FAE2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FAEC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9FAF8000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9FB0D000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9FB1F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9FB35000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9FB5D000 \??\C:\Users\Sandra\AppData\Local\Temp\aswMBR.sys
0x77B60000 \Windows\System32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
468 C:\Windows\System32\smss.exe
616 csrss.exe
668 C:\Windows\System32\wininit.exe
680 csrss.exe
712 C:\Windows\System32\services.exe
724 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
848 C:\Windows\System32\winlogon.exe
932 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1028 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1172 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\audiodg.exe
1388 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\SLsvc.exe
1568 C:\Windows\System32\svchost.exe
1748 C:\Windows\System32\svchost.exe
1940 C:\Windows\System32\spoolsv.exe
1968 C:\Windows\System32\svchost.exe
488 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
704 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
796 C:\Windows\System32\lxbkcoms.exe
1756 C:\Windows\System32\svchost.exe
1976 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1788 C:\Windows\System32\svchost.exe
2092 C:\Windows\System32\svchost.exe
2128 C:\Windows\System32\SearchIndexer.exe
2228 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2256 WUDFHost.exe
2600 WmiPrvSE.exe
2796 C:\Windows\System32\taskeng.exe
3492 C:\Windows\System32\svchost.exe
3660 C:\Program Files\Windows Media Player\wmpnetwk.exe
2124 C:\Windows\System32\taskeng.exe
832 C:\Windows\System32\dwm.exe
988 C:\Windows\explorer.exe
2612 C:\Windows\RtHDVCpl.exe
2060 C:\Windows\System32\rundll32.exe
896 C:\Windows\System32\nvraidservice.exe
2252 C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
1988 C:\Program Files\Common Files\microsoft shared\Works Shared\WkUFind.exe
3008 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2964 C:\Program Files\QuickTime\qttask.exe
2948 WmiPrvSE.exe
2684 C:\Program Files\Microsoft Security Client\msseces.exe
3020 C:\Windows\ehome\ehtray.exe
3000 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3076 C:\Windows\System32\wbem\unsecapp.exe
3132 C:\Windows\System32\rundll32.exe
3180 C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe
3472 C:\Program Files\Windows Media Player\wmpnscfg.exe
3816 C:\Windows\ehome\ehmsas.exe
1884 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
4056 C:\Windows\System32\taskmgr.exe
808 C:\Windows\System32\SearchProtocolHost.exe
524 C:\Windows\System32\SearchFilterHost.exe
1232 C:\Windows\System32\dllhost.exe
2728 C:\Users\Sandra\Desktop\MBRCheck.exe
2468 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`83700000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200AAJS-22B4A, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 5C5256E6372F8B10093C4D5D49246621DA11B88B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!



Thanks
ken545
2012-01-20, 22:28
Hey,

Its possible that your Master Boot Record is infected, lots of this going around lately. See if you can run this program

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)
spikyspud
2012-01-20, 23:42
Hi,

Ran TDSSKiller and it did find something, so selected cure as directed. Here is the log:


21:35:14.0077 4072 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
21:35:14.0238 4072 ============================================================
21:35:14.0238 4072 Current date / time: 2012/01/20 21:35:14.0238
21:35:14.0238 4072 SystemInfo:
21:35:14.0238 4072
21:35:14.0239 4072 OS Version: 6.0.6002 ServicePack: 2.0
21:35:14.0239 4072 Product type: Workstation
21:35:14.0239 4072 ComputerName: SANDRA-PC
21:35:14.0239 4072 UserName: Sandra
21:35:14.0239 4072 Windows directory: C:\Windows
21:35:14.0239 4072 System windows directory: C:\Windows
21:35:14.0239 4072 Processor architecture: Intel x86
21:35:14.0239 4072 Number of processors: 2
21:35:14.0239 4072 Page size: 0x1000
21:35:14.0239 4072 Boot type: Normal boot
21:35:14.0239 4072 ============================================================
21:35:14.0617 4072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:35:14.0705 4072 Drive \Device\Harddisk5\DR5 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:35:14.0772 4072 Initialize success
21:35:19.0251 3484 ============================================================
21:35:19.0251 3484 Scan started
21:35:19.0251 3484 Mode: Manual;
21:35:19.0251 3484 ============================================================
21:35:20.0030 3484 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:35:20.0036 3484 ACPI - ok
21:35:20.0103 3484 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:35:20.0120 3484 adp94xx - ok
21:35:20.0168 3484 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:35:20.0174 3484 adpahci - ok
21:35:20.0199 3484 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:35:20.0202 3484 adpu160m - ok
21:35:20.0225 3484 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:35:20.0229 3484 adpu320 - ok
21:35:20.0297 3484 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:35:20.0303 3484 AFD - ok
21:35:20.0321 3484 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:35:20.0323 3484 agp440 - ok
21:35:20.0347 3484 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:35:20.0350 3484 aic78xx - ok
21:35:20.0375 3484 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:35:20.0376 3484 aliide - ok
21:35:20.0400 3484 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:35:20.0402 3484 amdagp - ok
21:35:20.0426 3484 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:35:20.0427 3484 amdide - ok
21:35:20.0450 3484 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:35:20.0452 3484 AmdK7 - ok
21:35:20.0472 3484 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:35:20.0475 3484 AmdK8 - ok
21:35:20.0507 3484 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:35:20.0510 3484 arc - ok
21:35:20.0534 3484 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:35:20.0536 3484 arcsas - ok
21:35:20.0559 3484 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:20.0560 3484 AsyncMac - ok
21:35:20.0591 3484 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:35:20.0593 3484 atapi - ok
21:35:20.0629 3484 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:35:20.0635 3484 Beep - ok
21:35:20.0671 3484 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:35:20.0672 3484 blbdrive - ok
21:35:20.0714 3484 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:35:20.0716 3484 bowser - ok
21:35:20.0735 3484 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:35:20.0737 3484 BrFiltLo - ok
21:35:20.0759 3484 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:35:20.0760 3484 BrFiltUp - ok
21:35:20.0785 3484 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:35:20.0788 3484 Brserid - ok
21:35:20.0809 3484 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:35:20.0811 3484 BrSerWdm - ok
21:35:20.0830 3484 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:35:20.0831 3484 BrUsbMdm - ok
21:35:20.0856 3484 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:35:20.0857 3484 BrUsbSer - ok
21:35:20.0876 3484 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:35:20.0877 3484 BTHMODEM - ok
21:35:20.0925 3484 catchme - ok
21:35:20.0984 3484 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:20.0987 3484 cdfs - ok
21:35:21.0015 3484 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:35:21.0017 3484 cdrom - ok
21:35:21.0056 3484 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:35:21.0058 3484 circlass - ok
21:35:21.0114 3484 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:35:21.0119 3484 CLFS - ok
21:35:21.0152 3484 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:35:21.0154 3484 cmdide - ok
21:35:21.0201 3484 CoachUsb (6bcf334d06f69089e247addc821fea79) C:\Windows\system32\DRIVERS\CoachUsb.sys
21:35:21.0203 3484 CoachUsb - ok
21:35:21.0245 3484 CoachVc (614ca0bfa09861e42ad8d14b83540758) C:\Windows\system32\DRIVERS\CoachVc.sys
21:35:21.0246 3484 CoachVc - ok
21:35:21.0268 3484 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:35:21.0270 3484 Compbatt - ok
21:35:21.0290 3484 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:35:21.0292 3484 crcdisk - ok
21:35:21.0312 3484 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:35:21.0313 3484 Crusoe - ok
21:35:21.0374 3484 cudoxygl - ok
21:35:21.0433 3484 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:35:21.0436 3484 DfsC - ok
21:35:21.0489 3484 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:35:21.0490 3484 disk - ok
21:35:21.0523 3484 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:35:21.0524 3484 drmkaud - ok
21:35:21.0573 3484 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:21.0588 3484 DXGKrnl - ok
21:35:21.0637 3484 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:35:21.0640 3484 E1G60 - ok
21:35:21.0690 3484 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:35:21.0692 3484 Ecache - ok
21:35:21.0727 3484 elootrcg - ok
21:35:21.0758 3484 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:35:21.0775 3484 elxstor - ok
21:35:21.0808 3484 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:35:21.0811 3484 ErrDev - ok
21:35:21.0879 3484 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:35:21.0882 3484 exfat - ok
21:35:21.0936 3484 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:35:21.0940 3484 fastfat - ok
21:35:21.0958 3484 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:35:21.0961 3484 fdc - ok
21:35:21.0990 3484 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:35:21.0992 3484 FileInfo - ok
21:35:22.0007 3484 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:35:22.0009 3484 Filetrace - ok
21:35:22.0028 3484 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:22.0029 3484 flpydisk - ok
21:35:22.0077 3484 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:35:22.0081 3484 FltMgr - ok
21:35:22.0146 3484 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:35:22.0147 3484 Fs_Rec - ok
21:35:22.0173 3484 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:35:22.0175 3484 gagp30kx - ok
21:35:22.0215 3484 GemCCID (86d3d834d35ebe920d85ffedcef79faf) C:\Windows\system32\Drivers\GemCCID.sys
21:35:22.0216 3484 GemCCID - ok
21:35:22.0246 3484 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:35:22.0250 3484 HdAudAddService - ok
21:35:22.0300 3484 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:35:22.0318 3484 HDAudBus - ok
21:35:22.0339 3484 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:35:22.0340 3484 HidBth - ok
21:35:22.0365 3484 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:35:22.0366 3484 HidIr - ok
21:35:22.0403 3484 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:35:22.0405 3484 HidUsb - ok
21:35:22.0433 3484 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:35:22.0434 3484 HpCISSs - ok
21:35:22.0491 3484 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:35:22.0509 3484 HTTP - ok
21:35:22.0528 3484 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:35:22.0531 3484 i2omp - ok
21:35:22.0545 3484 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:35:22.0547 3484 i8042prt - ok
21:35:22.0564 3484 iadusb - ok
21:35:22.0597 3484 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\Windows\system32\drivers\iastor.sys
21:35:22.0602 3484 iaStor - ok
21:35:22.0625 3484 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:35:22.0629 3484 iaStorV - ok
21:35:22.0655 3484 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:35:22.0657 3484 iirsp - ok
21:35:22.0673 3484 ikmqmlcs - ok
21:35:22.0740 3484 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
21:35:22.0741 3484 int15 - ok
21:35:22.0849 3484 IntcAzAudAddService (f6e17c275666a4402588a30e36565910) C:\Windows\system32\drivers\RTKVHDA.sys
21:35:22.0884 3484 IntcAzAudAddService - ok
21:35:22.0925 3484 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:35:22.0926 3484 intelide - ok
21:35:22.0954 3484 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:35:22.0955 3484 intelppm - ok
21:35:22.0985 3484 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:22.0987 3484 IpFilterDriver - ok
21:35:23.0005 3484 IpInIp - ok
21:35:23.0038 3484 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:35:23.0040 3484 IPMIDRV - ok
21:35:23.0072 3484 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:35:23.0076 3484 IPNAT - ok
21:35:23.0109 3484 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:35:23.0111 3484 IRENUM - ok
21:35:23.0133 3484 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:35:23.0135 3484 isapnp - ok
21:35:23.0161 3484 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:35:23.0164 3484 iScsiPrt - ok
21:35:23.0184 3484 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:35:23.0186 3484 iteatapi - ok
21:35:23.0204 3484 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:35:23.0206 3484 iteraid - ok
21:35:23.0222 3484 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:35:23.0224 3484 kbdclass - ok
21:35:23.0242 3484 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:35:23.0244 3484 kbdhid - ok
21:35:23.0299 3484 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:35:23.0306 3484 KSecDD - ok
21:35:23.0351 3484 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:35:23.0353 3484 lltdio - ok
21:35:23.0400 3484 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:35:23.0402 3484 LSI_FC - ok
21:35:23.0423 3484 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:35:23.0425 3484 LSI_SAS - ok
21:35:23.0442 3484 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:35:23.0445 3484 LSI_SCSI - ok
21:35:23.0466 3484 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:35:23.0468 3484 luafv - ok
21:35:23.0492 3484 MBAMSwissArmy - ok
21:35:23.0524 3484 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:35:23.0526 3484 megasas - ok
21:35:23.0559 3484 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:35:23.0575 3484 MegaSR - ok
21:35:23.0609 3484 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:35:23.0610 3484 Modem - ok
21:35:23.0636 3484 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:35:23.0637 3484 monitor - ok
21:35:23.0654 3484 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:35:23.0656 3484 mouclass - ok
21:35:23.0672 3484 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:35:23.0675 3484 mouhid - ok
21:35:23.0693 3484 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:35:23.0695 3484 MountMgr - ok
21:35:23.0735 3484 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:35:23.0739 3484 MpFilter - ok
21:35:23.0768 3484 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:35:23.0774 3484 mpio - ok
21:35:23.0818 3484 MpKsl2c96a701 - ok
21:35:23.0843 3484 MpKsl3b218751 - ok
21:35:23.0858 3484 MpKsl41b4eace - ok
21:35:23.0875 3484 MpKsl4e07880f - ok
21:35:23.0885 3484 MpKslce3a7c9b - ok
21:35:23.0979 3484 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:35:23.0981 3484 MpNWMon - ok
21:35:24.0014 3484 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:35:24.0016 3484 mpsdrv - ok
21:35:24.0046 3484 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:35:24.0047 3484 Mraid35x - ok
21:35:24.0105 3484 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:35:24.0110 3484 MRxDAV - ok
21:35:24.0156 3484 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:24.0159 3484 mrxsmb - ok
21:35:24.0187 3484 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:24.0192 3484 mrxsmb10 - ok
21:35:24.0208 3484 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:24.0212 3484 mrxsmb20 - ok
21:35:24.0230 3484 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:35:24.0232 3484 msahci - ok
21:35:24.0256 3484 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:35:24.0259 3484 msdsm - ok
21:35:24.0311 3484 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:35:24.0312 3484 Msfs - ok
21:35:24.0325 3484 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:35:24.0327 3484 msisadrv - ok
21:35:24.0368 3484 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:35:24.0369 3484 MSKSSRV - ok
21:35:24.0399 3484 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:24.0400 3484 MSPCLOCK - ok
21:35:24.0420 3484 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:35:24.0423 3484 MSPQM - ok
21:35:24.0467 3484 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:35:24.0472 3484 MsRPC - ok
21:35:24.0504 3484 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:35:24.0505 3484 mssmbios - ok
21:35:24.0520 3484 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:35:24.0522 3484 MSTEE - ok
21:35:24.0571 3484 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:35:24.0573 3484 Mup - ok
21:35:24.0630 3484 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:35:24.0633 3484 NativeWifiP - ok
21:35:24.0687 3484 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:35:24.0704 3484 NDIS - ok
21:35:24.0720 3484 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:24.0724 3484 NdisTapi - ok
21:35:24.0744 3484 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:24.0745 3484 Ndisuio - ok
21:35:24.0791 3484 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:24.0794 3484 NdisWan - ok
21:35:24.0834 3484 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:35:24.0836 3484 NDProxy - ok
21:35:24.0854 3484 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:35:24.0856 3484 NetBIOS - ok
21:35:24.0904 3484 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:35:24.0908 3484 netbt - ok
21:35:25.0011 3484 netr28u (95c0e81aecb54b846664c23fb5805b38) C:\Windows\system32\DRIVERS\netr28u.sys
21:35:25.0032 3484 netr28u - ok
21:35:25.0069 3484 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:35:25.0071 3484 nfrd960 - ok
21:35:25.0117 3484 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:35:25.0122 3484 NisDrv - ok
21:35:25.0191 3484 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:35:25.0192 3484 Npfs - ok
21:35:25.0212 3484 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:35:25.0214 3484 nsiproxy - ok
21:35:25.0283 3484 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:35:25.0310 3484 Ntfs - ok
21:35:25.0328 3484 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
21:35:25.0330 3484 NTIDrvr - ok
21:35:25.0349 3484 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:35:25.0350 3484 ntrigdigi - ok
21:35:25.0365 3484 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:35:25.0368 3484 Null - ok
21:35:25.0417 3484 NVENETFD (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:35:25.0443 3484 NVENETFD - ok
21:35:25.0464 3484 NVHDA (f3ef6cb754c908c5e79fe5bb4a7e39ba) C:\Windows\system32\drivers\nvhda32v.sys
21:35:25.0466 3484 NVHDA - ok
21:35:25.0653 3484 nvlddmkm (23c24fdbc46b61a828db3779a808a68b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:35:25.0792 3484 nvlddmkm - ok
21:35:25.0836 3484 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:35:25.0838 3484 nvraid - ok
21:35:25.0860 3484 nvrd32 (6f5bb0b40d251351a913b61ba9d64b3f) C:\Windows\system32\drivers\nvrd32.sys
21:35:25.0863 3484 nvrd32 - ok
21:35:25.0875 3484 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
21:35:25.0877 3484 nvsmu - ok
21:35:25.0912 3484 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:35:25.0913 3484 nvstor - ok
21:35:25.0926 3484 nvstor32 (689a2160b851f8bf88f20728fd2f30bd) C:\Windows\system32\drivers\nvstor32.sys
21:35:25.0929 3484 nvstor32 - ok
21:35:25.0953 3484 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:35:25.0957 3484 nv_agp - ok
21:35:25.0971 3484 NwlnkFlt - ok
21:35:25.0988 3484 NwlnkFwd - ok
21:35:26.0028 3484 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:35:26.0029 3484 ohci1394 - ok
21:35:26.0073 3484 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:35:26.0075 3484 Parport - ok
21:35:26.0121 3484 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:35:26.0123 3484 partmgr - ok
21:35:26.0154 3484 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:35:26.0155 3484 Parvdm - ok
21:35:26.0196 3484 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:35:26.0198 3484 pci - ok
21:35:26.0233 3484 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:35:26.0234 3484 pciide - ok
21:35:26.0257 3484 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:35:26.0260 3484 pcmcia - ok
21:35:26.0297 3484 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:35:26.0315 3484 PEAUTH - ok
21:35:26.0411 3484 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:35:26.0413 3484 PptpMiniport - ok
21:35:26.0438 3484 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:35:26.0439 3484 Processor - ok
21:35:26.0492 3484 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:35:26.0494 3484 PSched - ok
21:35:26.0535 3484 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:35:26.0562 3484 ql2300 - ok
21:35:26.0584 3484 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:35:26.0605 3484 ql40xx - ok
21:35:26.0636 3484 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:35:26.0637 3484 QWAVEdrv - ok
21:35:26.0658 3484 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:35:26.0659 3484 RasAcd - ok
21:35:26.0684 3484 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:26.0687 3484 Rasl2tp - ok
21:35:26.0732 3484 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:26.0733 3484 RasPppoe - ok
21:35:26.0784 3484 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:35:26.0786 3484 RasSstp - ok
21:35:26.0834 3484 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:35:26.0840 3484 rdbss - ok
21:35:26.0854 3484 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:26.0856 3484 RDPCDD - ok
21:35:26.0888 3484 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:35:26.0895 3484 rdpdr - ok
21:35:26.0908 3484 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:35:26.0911 3484 RDPENCDD - ok
21:35:26.0967 3484 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:35:26.0971 3484 RDPWD - ok
21:35:27.0022 3484 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:35:27.0024 3484 rspndr - ok
21:35:27.0052 3484 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:35:27.0056 3484 sbp2port - ok
21:35:27.0090 3484 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:35:27.0097 3484 secdrv - ok
21:35:27.0158 3484 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:35:27.0160 3484 Serenum - ok
21:35:27.0182 3484 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:35:27.0184 3484 Serial - ok
21:35:27.0209 3484 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:35:27.0210 3484 sermouse - ok
21:35:27.0246 3484 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:35:27.0248 3484 sffdisk - ok
21:35:27.0269 3484 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:35:27.0271 3484 sffp_mmc - ok
21:35:27.0287 3484 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:35:27.0290 3484 sffp_sd - ok
21:35:27.0310 3484 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:35:27.0312 3484 sfloppy - ok
21:35:27.0355 3484 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:35:27.0357 3484 sisagp - ok
21:35:27.0386 3484 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:35:27.0388 3484 SiSRaid2 - ok
21:35:27.0416 3484 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:35:27.0419 3484 SiSRaid4 - ok
21:35:27.0475 3484 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:35:27.0477 3484 Smb - ok
21:35:27.0511 3484 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:35:27.0512 3484 spldr - ok
21:35:27.0563 3484 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:35:27.0569 3484 srv - ok
21:35:27.0611 3484 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:35:27.0615 3484 srv2 - ok
21:35:27.0696 3484 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:35:27.0698 3484 srvnet - ok
21:35:27.0744 3484 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:35:27.0746 3484 swenum - ok
21:35:27.0776 3484 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:35:27.0778 3484 Symc8xx - ok
21:35:27.0796 3484 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:35:27.0798 3484 Sym_hi - ok
21:35:27.0822 3484 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:35:27.0823 3484 Sym_u3 - ok
21:35:27.0894 3484 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
21:35:27.0911 3484 Tcpip - ok
21:35:27.0984 3484 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
21:35:27.0992 3484 Tcpip6 - ok
21:35:28.0050 3484 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
21:35:28.0052 3484 tcpipreg - ok
21:35:28.0074 3484 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:35:28.0075 3484 TDPIPE - ok
21:35:28.0097 3484 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:35:28.0099 3484 TDTCP - ok
21:35:28.0142 3484 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:35:28.0145 3484 tdx - ok
21:35:28.0185 3484 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:35:28.0187 3484 TermDD - ok
21:35:28.0248 3484 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:28.0249 3484 tssecsrv - ok
21:35:28.0273 3484 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:35:28.0274 3484 tunmp - ok
21:35:28.0300 3484 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:35:28.0303 3484 tunnel - ok
21:35:28.0339 3484 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:35:28.0341 3484 uagp35 - ok
21:35:28.0390 3484 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:35:28.0396 3484 udfs - ok
21:35:28.0432 3484 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:35:28.0434 3484 uliagpkx - ok
21:35:28.0471 3484 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:35:28.0475 3484 uliahci - ok
21:35:28.0503 3484 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:35:28.0505 3484 UlSata - ok
21:35:28.0523 3484 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:35:28.0526 3484 ulsata2 - ok
21:35:28.0545 3484 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:35:28.0547 3484 umbus - ok
21:35:28.0594 3484 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:28.0596 3484 usbccgp - ok
21:35:28.0631 3484 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
21:35:28.0632 3484 USBCCID - ok
21:35:28.0657 3484 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:35:28.0659 3484 usbcir - ok
21:35:28.0689 3484 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:35:28.0691 3484 usbehci - ok
21:35:28.0722 3484 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:35:28.0726 3484 usbhub - ok
21:35:28.0758 3484 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:35:28.0760 3484 usbohci - ok
21:35:28.0792 3484 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:35:28.0793 3484 usbprint - ok
21:35:28.0820 3484 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:35:28.0822 3484 usbscan - ok
21:35:28.0848 3484 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:28.0850 3484 USBSTOR - ok
21:35:28.0877 3484 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:35:28.0879 3484 usbuhci - ok
21:35:28.0929 3484 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:28.0931 3484 vga - ok
21:35:28.0954 3484 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:35:28.0956 3484 VgaSave - ok
21:35:28.0979 3484 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:35:28.0981 3484 viaagp - ok
21:35:29.0001 3484 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:35:29.0005 3484 ViaC7 - ok
21:35:29.0028 3484 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:35:29.0030 3484 viaide - ok
21:35:29.0047 3484 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:35:29.0050 3484 volmgr - ok
21:35:29.0107 3484 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:35:29.0112 3484 volmgrx - ok
21:35:29.0152 3484 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:35:29.0160 3484 volsnap - ok
21:35:29.0196 3484 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:35:29.0199 3484 vsmraid - ok
21:35:29.0248 3484 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:35:29.0250 3484 WacomPen - ok
21:35:29.0273 3484 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:29.0275 3484 Wanarp - ok
21:35:29.0283 3484 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:29.0285 3484 Wanarpv6 - ok
21:35:29.0320 3484 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:35:29.0321 3484 Wd - ok
21:35:29.0352 3484 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:35:29.0370 3484 Wdf01000 - ok
21:35:29.0514 3484 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:35:29.0515 3484 WmiAcpi - ok
21:35:29.0587 3484 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:35:29.0588 3484 WpdUsb - ok
21:35:29.0610 3484 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:35:29.0611 3484 ws2ifsl - ok
21:35:29.0652 3484 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:29.0655 3484 WUDFRd - ok
21:35:29.0692 3484 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
21:35:29.0729 3484 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:35:29.0729 3484 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:35:29.0743 3484 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk5\DR5
21:35:32.0738 3484 \Device\Harddisk5\DR5 - ok
21:35:32.0757 3484 Boot (0x1200) (8afecffca47d38ad053a14ba3a9e8a94) \Device\Harddisk0\DR0\Partition0
21:35:32.0758 3484 \Device\Harddisk0\DR0\Partition0 - ok
21:35:32.0780 3484 Boot (0x1200) (d7f883ba45b3b31019674e988a03f09e) \Device\Harddisk0\DR0\Partition1
21:35:32.0781 3484 \Device\Harddisk0\DR0\Partition1 - ok
21:35:32.0790 3484 Boot (0x1200) (af3435bcee81fe83404f608153eee676) \Device\Harddisk5\DR5\Partition0
21:35:32.0792 3484 \Device\Harddisk5\DR5\Partition0 - ok
21:35:32.0795 3484 ============================================================
21:35:32.0795 3484 Scan finished
21:35:32.0795 3484 ============================================================
21:35:32.0817 1244 Detected object count: 1
21:35:32.0817 1244 Actual detected object count: 1
21:36:31.0198 1244 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:36:31.0198 1244 \Device\Harddisk0\DR0 - ok
21:36:31.0199 1244 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:36:47.0038 3080 Deinitialize success
ken545
2012-01-20, 23:53
Go ahead and reboot your computer, than run TDSSKiller again and make sure you post the NEW LOG
spikyspud
2012-01-21, 00:42
Hi,

Done that now, TDSSKiller didn't find anything this time. New log is here:


22:36:33.0044 3164 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
22:36:35.0044 3164 ============================================================
22:36:35.0044 3164 Current date / time: 2012/01/20 22:36:35.0044
22:36:35.0044 3164 SystemInfo:
22:36:35.0044 3164
22:36:35.0044 3164 OS Version: 6.0.6002 ServicePack: 2.0
22:36:35.0044 3164 Product type: Workstation
22:36:35.0044 3164 ComputerName: SANDRA-PC
22:36:35.0044 3164 UserName: Sandra
22:36:35.0044 3164 Windows directory: C:\Windows
22:36:35.0044 3164 System windows directory: C:\Windows
22:36:35.0044 3164 Processor architecture: Intel x86
22:36:35.0044 3164 Number of processors: 2
22:36:35.0044 3164 Page size: 0x1000
22:36:35.0044 3164 Boot type: Normal boot
22:36:35.0044 3164 ============================================================
22:36:35.0509 3164 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:36:35.0809 3164 Initialize success
22:36:37.0969 3980 ============================================================
22:36:37.0969 3980 Scan started
22:36:37.0969 3980 Mode: Manual;
22:36:37.0969 3980 ============================================================
22:36:38.0354 3980 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:36:38.0359 3980 ACPI - ok
22:36:38.0414 3980 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:36:38.0419 3980 adp94xx - ok
22:36:38.0779 3980 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:36:38.0784 3980 adpahci - ok
22:36:38.0999 3980 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:36:39.0004 3980 adpu160m - ok
22:36:39.0084 3980 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:36:39.0089 3980 adpu320 - ok
22:36:39.0164 3980 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:36:39.0169 3980 AFD - ok
22:36:39.0189 3980 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:36:39.0189 3980 agp440 - ok
22:36:39.0249 3980 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:36:39.0249 3980 aic78xx - ok
22:36:39.0369 3980 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:36:39.0369 3980 aliide - ok
22:36:39.0569 3980 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:36:39.0569 3980 amdagp - ok
22:36:39.0869 3980 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:36:39.0869 3980 amdide - ok
22:36:40.0069 3980 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:36:40.0069 3980 AmdK7 - ok
22:36:40.0099 3980 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:36:40.0099 3980 AmdK8 - ok
22:36:40.0144 3980 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:36:40.0149 3980 arc - ok
22:36:40.0179 3980 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:36:40.0179 3980 arcsas - ok
22:36:40.0204 3980 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:36:40.0204 3980 AsyncMac - ok
22:36:40.0234 3980 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:36:40.0234 3980 atapi - ok
22:36:40.0354 3980 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:36:40.0359 3980 Beep - ok
22:36:40.0399 3980 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:36:40.0399 3980 blbdrive - ok
22:36:40.0439 3980 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:36:40.0444 3980 bowser - ok
22:36:40.0734 3980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:36:40.0739 3980 BrFiltLo - ok
22:36:40.0779 3980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:36:40.0779 3980 BrFiltUp - ok
22:36:40.0829 3980 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:36:40.0829 3980 Brserid - ok
22:36:40.0879 3980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:36:40.0879 3980 BrSerWdm - ok
22:36:41.0064 3980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:36:41.0064 3980 BrUsbMdm - ok
22:36:41.0134 3980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:36:41.0134 3980 BrUsbSer - ok
22:36:41.0184 3980 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:36:41.0189 3980 BTHMODEM - ok
22:36:41.0279 3980 catchme - ok
22:36:41.0394 3980 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:36:41.0394 3980 cdfs - ok
22:36:41.0519 3980 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:36:41.0519 3980 cdrom - ok
22:36:41.0689 3980 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:36:41.0689 3980 circlass - ok
22:36:41.0884 3980 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:36:41.0884 3980 CLFS - ok
22:36:41.0989 3980 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:36:41.0989 3980 cmdide - ok
22:36:42.0094 3980 CoachUsb (6bcf334d06f69089e247addc821fea79) C:\Windows\system32\DRIVERS\CoachUsb.sys
22:36:42.0094 3980 CoachUsb - ok
22:36:42.0289 3980 CoachVc (614ca0bfa09861e42ad8d14b83540758) C:\Windows\system32\DRIVERS\CoachVc.sys
22:36:42.0289 3980 CoachVc - ok
22:36:42.0509 3980 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
22:36:42.0514 3980 Compbatt - ok
22:36:42.0684 3980 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:36:42.0684 3980 crcdisk - ok
22:36:42.0854 3980 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:36:42.0854 3980 Crusoe - ok
22:36:43.0009 3980 cudoxygl - ok
22:36:43.0119 3980 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:36:43.0119 3980 DfsC - ok
22:36:43.0174 3980 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:36:43.0174 3980 disk - ok
22:36:43.0239 3980 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:36:43.0244 3980 drmkaud - ok
22:36:43.0349 3980 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:36:43.0354 3980 DXGKrnl - ok
22:36:43.0404 3980 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:36:43.0409 3980 E1G60 - ok
22:36:43.0539 3980 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:36:43.0544 3980 Ecache - ok
22:36:43.0699 3980 elootrcg - ok
22:36:43.0784 3980 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:36:43.0789 3980 elxstor - ok
22:36:43.0834 3980 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:36:43.0834 3980 ErrDev - ok
22:36:43.0899 3980 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:36:43.0899 3980 exfat - ok
22:36:43.0944 3980 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:36:43.0949 3980 fastfat - ok
22:36:43.0974 3980 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:36:43.0979 3980 fdc - ok
22:36:44.0009 3980 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:36:44.0009 3980 FileInfo - ok
22:36:44.0034 3980 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:36:44.0034 3980 Filetrace - ok
22:36:44.0054 3980 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:36:44.0054 3980 flpydisk - ok
22:36:44.0104 3980 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:36:44.0104 3980 FltMgr - ok
22:36:44.0149 3980 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:36:44.0149 3980 Fs_Rec - ok
22:36:44.0174 3980 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:36:44.0174 3980 gagp30kx - ok
22:36:44.0214 3980 GemCCID (86d3d834d35ebe920d85ffedcef79faf) C:\Windows\system32\Drivers\GemCCID.sys
22:36:44.0219 3980 GemCCID - ok
22:36:44.0249 3980 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:36:44.0249 3980 HdAudAddService - ok
22:36:44.0354 3980 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:36:44.0354 3980 HDAudBus - ok
22:36:44.0374 3980 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:36:44.0374 3980 HidBth - ok
22:36:44.0389 3980 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:36:44.0394 3980 HidIr - ok
22:36:44.0439 3980 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:36:44.0439 3980 HidUsb - ok
22:36:44.0474 3980 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:36:44.0479 3980 HpCISSs - ok
22:36:44.0599 3980 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:36:44.0604 3980 HTTP - ok
22:36:44.0729 3980 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:36:44.0729 3980 i2omp - ok
22:36:44.0844 3980 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:36:44.0844 3980 i8042prt - ok
22:36:44.0949 3980 iadusb - ok
22:36:45.0059 3980 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\Windows\system32\drivers\iastor.sys
22:36:45.0059 3980 iaStor - ok
22:36:45.0104 3980 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:36:45.0104 3980 iaStorV - ok
22:36:45.0189 3980 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:36:45.0189 3980 iirsp - ok
22:36:45.0294 3980 ikmqmlcs - ok
22:36:45.0399 3980 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
22:36:45.0399 3980 int15 - ok
22:36:45.0714 3980 IntcAzAudAddService (f6e17c275666a4402588a30e36565910) C:\Windows\system32\drivers\RTKVHDA.sys
22:36:45.0734 3980 IntcAzAudAddService - ok
22:36:45.0879 3980 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:36:45.0879 3980 intelide - ok
22:36:46.0054 3980 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:36:46.0059 3980 intelppm - ok
22:36:46.0119 3980 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:36:46.0119 3980 IpFilterDriver - ok
22:36:46.0209 3980 IpInIp - ok
22:36:46.0264 3980 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:36:46.0264 3980 IPMIDRV - ok
22:36:46.0289 3980 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:36:46.0294 3980 IPNAT - ok
22:36:46.0344 3980 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:36:46.0344 3980 IRENUM - ok
22:36:46.0369 3980 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:36:46.0369 3980 isapnp - ok
22:36:46.0419 3980 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:36:46.0419 3980 iScsiPrt - ok
22:36:46.0529 3980 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:36:46.0529 3980 iteatapi - ok
22:36:46.0629 3980 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:36:46.0634 3980 iteraid - ok
22:36:46.0774 3980 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:36:46.0774 3980 kbdclass - ok
22:36:46.0879 3980 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:36:46.0884 3980 kbdhid - ok
22:36:46.0979 3980 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:36:46.0989 3980 KSecDD - ok
22:36:47.0059 3980 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:36:47.0064 3980 lltdio - ok
22:36:47.0119 3980 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:36:47.0119 3980 LSI_FC - ok
22:36:47.0144 3980 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:36:47.0144 3980 LSI_SAS - ok
22:36:47.0169 3980 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:36:47.0169 3980 LSI_SCSI - ok
22:36:47.0194 3980 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:36:47.0194 3980 luafv - ok
22:36:47.0224 3980 MBAMSwissArmy - ok
22:36:47.0259 3980 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:36:47.0259 3980 megasas - ok
22:36:47.0314 3980 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:36:47.0324 3980 MegaSR - ok
22:36:47.0369 3980 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:36:47.0369 3980 Modem - ok
22:36:47.0394 3980 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:36:47.0399 3980 monitor - ok
22:36:47.0414 3980 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:36:47.0419 3980 mouclass - ok
22:36:47.0439 3980 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:36:47.0439 3980 mouhid - ok
22:36:47.0459 3980 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:36:47.0464 3980 MountMgr - ok
22:36:47.0514 3980 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
22:36:47.0514 3980 MpFilter - ok
22:36:47.0534 3980 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:36:47.0539 3980 mpio - ok
22:36:47.0594 3980 MpKsl2c96a701 - ok
22:36:47.0609 3980 MpKsl3b218751 - ok
22:36:47.0629 3980 MpKsl41b4eace - ok
22:36:47.0644 3980 MpKsl4e07880f - ok
22:36:47.0654 3980 MpKslce3a7c9b - ok
22:36:47.0779 3980 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:36:47.0784 3980 MpNWMon - ok
22:36:47.0864 3980 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:36:47.0869 3980 mpsdrv - ok
22:36:47.0899 3980 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:36:47.0899 3980 Mraid35x - ok
22:36:47.0939 3980 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:36:47.0944 3980 MRxDAV - ok
22:36:47.0989 3980 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:36:47.0994 3980 mrxsmb - ok
22:36:48.0024 3980 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:36:48.0029 3980 mrxsmb10 - ok
22:36:48.0049 3980 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:36:48.0054 3980 mrxsmb20 - ok
22:36:48.0089 3980 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:36:48.0094 3980 msahci - ok
22:36:48.0134 3980 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:36:48.0134 3980 msdsm - ok
22:36:48.0179 3980 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:36:48.0179 3980 Msfs - ok
22:36:48.0194 3980 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:36:48.0194 3980 msisadrv - ok
22:36:48.0234 3980 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:36:48.0239 3980 MSKSSRV - ok
22:36:48.0259 3980 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:36:48.0259 3980 MSPCLOCK - ok
22:36:48.0279 3980 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:36:48.0284 3980 MSPQM - ok
22:36:48.0344 3980 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:36:48.0349 3980 MsRPC - ok
22:36:48.0379 3980 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:36:48.0384 3980 mssmbios - ok
22:36:48.0399 3980 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:36:48.0399 3980 MSTEE - ok
22:36:48.0449 3980 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:36:48.0449 3980 Mup - ok
22:36:48.0509 3980 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:36:48.0509 3980 NativeWifiP - ok
22:36:48.0569 3980 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:36:48.0589 3980 NDIS - ok
22:36:48.0619 3980 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:36:48.0619 3980 NdisTapi - ok
22:36:48.0639 3980 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:36:48.0639 3980 Ndisuio - ok
22:36:48.0684 3980 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:36:48.0689 3980 NdisWan - ok
22:36:48.0709 3980 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:36:48.0714 3980 NDProxy - ok
22:36:48.0739 3980 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:36:48.0739 3980 NetBIOS - ok
22:36:48.0789 3980 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:36:48.0794 3980 netbt - ok
22:36:48.0904 3980 netr28u (95c0e81aecb54b846664c23fb5805b38) C:\Windows\system32\DRIVERS\netr28u.sys
22:36:48.0924 3980 netr28u - ok
22:36:49.0154 3980 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:36:49.0154 3980 nfrd960 - ok
22:36:49.0344 3980 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:36:49.0344 3980 NisDrv - ok
22:36:49.0424 3980 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:36:49.0429 3980 Npfs - ok
22:36:49.0464 3980 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:36:49.0464 3980 nsiproxy - ok
22:36:49.0614 3980 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:36:49.0634 3980 Ntfs - ok
22:36:49.0829 3980 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
22:36:49.0834 3980 NTIDrvr - ok
22:36:49.0894 3980 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:36:49.0894 3980 ntrigdigi - ok
22:36:49.0929 3980 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:36:49.0929 3980 Null - ok
22:36:49.0974 3980 NVENETFD (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:36:49.0984 3980 NVENETFD - ok
22:36:50.0064 3980 NVHDA (f3ef6cb754c908c5e79fe5bb4a7e39ba) C:\Windows\system32\drivers\nvhda32v.sys
22:36:50.0069 3980 NVHDA - ok
22:36:50.0479 3980 nvlddmkm (23c24fdbc46b61a828db3779a808a68b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:36:50.0634 3980 nvlddmkm - ok
22:36:50.0804 3980 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:36:50.0804 3980 nvraid - ok
22:36:51.0009 3980 nvrd32 (6f5bb0b40d251351a913b61ba9d64b3f) C:\Windows\system32\drivers\nvrd32.sys
22:36:51.0014 3980 nvrd32 - ok
22:36:51.0089 3980 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
22:36:51.0089 3980 nvsmu - ok
22:36:51.0254 3980 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:36:51.0254 3980 nvstor - ok
22:36:51.0384 3980 nvstor32 (689a2160b851f8bf88f20728fd2f30bd) C:\Windows\system32\drivers\nvstor32.sys
22:36:51.0384 3980 nvstor32 - ok
22:36:51.0449 3980 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:36:51.0449 3980 nv_agp - ok
22:36:51.0464 3980 NwlnkFlt - ok
22:36:51.0484 3980 NwlnkFwd - ok
22:36:51.0539 3980 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:36:51.0539 3980 ohci1394 - ok
22:36:51.0749 3980 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:36:51.0749 3980 Parport - ok
22:36:51.0969 3980 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:36:51.0974 3980 partmgr - ok
22:36:52.0049 3980 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:36:52.0049 3980 Parvdm - ok
22:36:52.0124 3980 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:36:52.0124 3980 pci - ok
22:36:52.0159 3980 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:36:52.0159 3980 pciide - ok
22:36:52.0184 3980 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:36:52.0184 3980 pcmcia - ok
22:36:52.0299 3980 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:36:52.0349 3980 PEAUTH - ok
22:36:52.0569 3980 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:36:52.0574 3980 PptpMiniport - ok
22:36:52.0664 3980 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:36:52.0669 3980 Processor - ok
22:36:52.0744 3980 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:36:52.0749 3980 PSched - ok
22:36:53.0049 3980 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:36:53.0074 3980 ql2300 - ok
22:36:53.0154 3980 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:36:53.0154 3980 ql40xx - ok
22:36:53.0344 3980 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:36:53.0349 3980 QWAVEdrv - ok
22:36:53.0524 3980 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:36:53.0529 3980 RasAcd - ok
22:36:53.0594 3980 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:36:53.0594 3980 Rasl2tp - ok
22:36:53.0769 3980 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:36:53.0769 3980 RasPppoe - ok
22:36:53.0994 3980 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:36:53.0994 3980 RasSstp - ok
22:36:54.0114 3980 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:36:54.0119 3980 rdbss - ok
22:36:54.0349 3980 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:36:54.0349 3980 RDPCDD - ok
22:36:54.0429 3980 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:36:54.0434 3980 rdpdr - ok
22:36:54.0464 3980 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:36:54.0469 3980 RDPENCDD - ok
22:36:54.0539 3980 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:36:54.0544 3980 RDPWD - ok
22:36:54.0649 3980 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:36:54.0649 3980 rspndr - ok
22:36:54.0869 3980 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:36:54.0869 3980 sbp2port - ok
22:36:55.0049 3980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:36:55.0054 3980 secdrv - ok
22:36:55.0129 3980 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
22:36:55.0129 3980 Serenum - ok
22:36:55.0159 3980 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
22:36:55.0159 3980 Serial - ok
22:36:55.0194 3980 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:36:55.0194 3980 sermouse - ok
22:36:55.0239 3980 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:36:55.0244 3980 sffdisk - ok
22:36:55.0264 3980 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:36:55.0264 3980 sffp_mmc - ok
22:36:55.0284 3980 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:36:55.0309 3980 sffp_sd - ok
22:36:55.0334 3980 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:36:55.0339 3980 sfloppy - ok
22:36:55.0389 3980 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:36:55.0389 3980 sisagp - ok
22:36:55.0409 3980 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:36:55.0414 3980 SiSRaid2 - ok
22:36:55.0434 3980 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:36:55.0434 3980 SiSRaid4 - ok
22:36:55.0494 3980 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:36:55.0494 3980 Smb - ok
22:36:55.0539 3980 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:36:55.0539 3980 spldr - ok
22:36:55.0649 3980 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:36:55.0654 3980 srv - ok
22:36:55.0789 3980 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:36:55.0794 3980 srv2 - ok
22:36:55.0849 3980 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:36:55.0854 3980 srvnet - ok
22:36:55.0904 3980 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:36:55.0904 3980 swenum - ok
22:36:55.0934 3980 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:36:55.0939 3980 Symc8xx - ok
22:36:55.0954 3980 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:36:55.0959 3980 Sym_hi - ok
22:36:55.0984 3980 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:36:55.0984 3980 Sym_u3 - ok
22:36:56.0064 3980 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
22:36:56.0089 3980 Tcpip - ok
22:36:56.0129 3980 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
22:36:56.0139 3980 Tcpip6 - ok
22:36:56.0184 3980 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
22:36:56.0184 3980 tcpipreg - ok
22:36:56.0219 3980 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:36:56.0219 3980 TDPIPE - ok
22:36:56.0249 3980 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:36:56.0254 3980 TDTCP - ok
22:36:56.0329 3980 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:36:56.0329 3980 tdx - ok
22:36:56.0359 3980 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:36:56.0364 3980 TermDD - ok
22:36:56.0434 3980 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:36:56.0434 3980 tssecsrv - ok
22:36:56.0459 3980 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:36:56.0459 3980 tunmp - ok
22:36:56.0514 3980 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:36:56.0514 3980 tunnel - ok
22:36:56.0539 3980 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:36:56.0544 3980 uagp35 - ok
22:36:56.0609 3980 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:36:56.0614 3980 udfs - ok
22:36:56.0659 3980 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:36:56.0659 3980 uliagpkx - ok
22:36:56.0699 3980 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:36:56.0709 3980 uliahci - ok
22:36:56.0829 3980 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:36:56.0834 3980 UlSata - ok
22:36:56.0874 3980 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:36:56.0879 3980 ulsata2 - ok
22:36:56.0914 3980 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:36:56.0914 3980 umbus - ok
22:36:57.0004 3980 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:36:57.0004 3980 usbccgp - ok
22:36:57.0059 3980 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
22:36:57.0059 3980 USBCCID - ok
22:36:57.0084 3980 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:36:57.0084 3980 usbcir - ok
22:36:57.0114 3980 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:36:57.0119 3980 usbehci - ok
22:36:57.0159 3980 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:36:57.0164 3980 usbhub - ok
22:36:57.0209 3980 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
22:36:57.0209 3980 usbohci - ok
22:36:57.0244 3980 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:36:57.0244 3980 usbprint - ok
22:36:57.0279 3980 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:36:57.0284 3980 usbscan - ok
22:36:57.0349 3980 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:36:57.0349 3980 USBSTOR - ok
22:36:57.0389 3980 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:36:57.0389 3980 usbuhci - ok
22:36:57.0439 3980 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:36:57.0439 3980 vga - ok
22:36:57.0464 3980 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:36:57.0464 3980 VgaSave - ok
22:36:57.0489 3980 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:36:57.0494 3980 viaagp - ok
22:36:57.0509 3980 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:36:57.0514 3980 ViaC7 - ok
22:36:57.0539 3980 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:36:57.0539 3980 viaide - ok
22:36:57.0559 3980 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:36:57.0559 3980 volmgr - ok
22:36:57.0644 3980 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:36:57.0649 3980 volmgrx - ok
22:36:57.0744 3980 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:36:57.0749 3980 volsnap - ok
22:36:57.0779 3980 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:36:57.0784 3980 vsmraid - ok
22:36:57.0824 3980 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:36:57.0829 3980 WacomPen - ok
22:36:57.0849 3980 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:36:57.0849 3980 Wanarp - ok
22:36:57.0859 3980 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:36:57.0859 3980 Wanarpv6 - ok
22:36:57.0899 3980 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:36:57.0899 3980 Wd - ok
22:36:57.0929 3980 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:36:57.0949 3980 Wdf01000 - ok
22:36:58.0214 3980 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:36:58.0219 3980 WmiAcpi - ok
22:36:58.0379 3980 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:36:58.0384 3980 WpdUsb - ok
22:36:58.0429 3980 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:36:58.0429 3980 ws2ifsl - ok
22:36:58.0469 3980 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:36:58.0474 3980 WUDFRd - ok
22:36:58.0509 3980 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
22:37:01.0014 3980 \Device\Harddisk0\DR0 - ok
22:37:01.0034 3980 Boot (0x1200) (8afecffca47d38ad053a14ba3a9e8a94) \Device\Harddisk0\DR0\Partition0
22:37:01.0039 3980 \Device\Harddisk0\DR0\Partition0 - ok
22:37:01.0064 3980 Boot (0x1200) (d7f883ba45b3b31019674e988a03f09e) \Device\Harddisk0\DR0\Partition1
22:37:01.0064 3980 \Device\Harddisk0\DR0\Partition1 - ok
22:37:01.0064 3980 ============================================================
22:37:01.0064 3980 Scan finished
22:37:01.0064 3980 ============================================================
22:37:01.0089 3208 Detected object count: 0
22:37:01.0089 3208 Actual detected object count: 0
ken545
2012-01-21, 02:16
Looks like its gone, how are things running now ?
spikyspud
2012-01-24, 11:14
It seems to running ok now :eek:

No re-direct search results.

Thanks so much for all of your help

:thanks: :thanks: :thanks: :thanks:
ken545
2012-01-24, 11:25
Good Morning,

There could be more lurking, lets do this

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
spikyspud
2012-01-24, 11:53
Morning,

Ran the scan and there was nothing found by it. Here is the log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Sandra :: SANDRA-PC [administrator]

24/01/2012 09:45:54
mbam-log-2012-01-24 (09-45-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175435
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
ken545
2012-01-24, 14:09
Great, lets do a free online virus scanner and if no threats are found you will be good to go



ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
spikyspud
2012-01-24, 17:42
Hi,

I ran the scan and it has found 1 issue. The log is below:

C:\_OTL\MovedFiles\12032011_000537\C_Windows\csauie1.ocx probably a variant of Win32/Agent.EBBYIBO trojan

Thanks
ken545
2012-01-24, 19:04
Thats just a file that OTL removed, its harmless where it is

You can go into here and delete it all
C:\_OTL\MovedFiles

How is your computer behaving now ?
spikyspud
2012-01-24, 20:45
Hi ,

I deleted the directory.

The computer seems to running fine, no re-directs. Also it does seem to be running quicker, but that be all in my mind!

Thanks
ken545
2012-01-24, 20:53
Run this quick scan and post the log and we will use it to clean you up a bit more.

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
spikyspud
2012-01-25, 19:09
Hi,

So I have run OTL as requested, it only opened up the OTL.txt log. I did a search on all drives for the extras.txt file (inlcuding all non-indexed, hidden and system files) but couldn't find it??!

The OTL log is below.

Thanks.

OTL logfile created on: 25/01/2012 16:59:16 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 45.61% Memory free
3.74 Gb Paging File | 2.83 Gb Available in Paging File | 75.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 84.62 Gb Free Space | 58.64% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbkcoms.exe ( )


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (GemCCID) -- C:\Windows\System32\drivers\GemCCID.sys (Gemalto)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.comhttp://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2010/11/23 15:18:28 | 000,002,037 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb2.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sandra\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sandra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/30 18:31:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-565932158-212264510-2539292498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01EE2DA1-0284-42E8-9A1B-19EC6FB8E46F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 16:58:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2012/01/24 13:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/24 09:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/24 09:45:03 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/24 09:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/20 17:11:38 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/01/13 14:38:27 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/01/13 14:38:27 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/01/13 14:38:24 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/13 14:38:22 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/01/13 14:38:14 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/13 14:38:12 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/13 14:38:05 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/01/13 14:38:04 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/01/13 14:38:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/13 14:38:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/13 14:38:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/01/13 14:37:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/01/13 14:37:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/01/13 14:37:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/01/13 14:37:51 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/01/13 14:37:51 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/13 14:37:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/13 14:37:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/13 14:37:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/13 14:37:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/01/13 14:37:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/13 14:37:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/13 14:37:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/13 14:37:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/13 14:37:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/13 14:37:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/13 14:37:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/01/13 14:37:49 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/13 14:37:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/01/13 14:05:10 | 000,651,264 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys
[2012/01/13 14:05:10 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2012/01/13 14:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/01/13 14:04:50 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\InstallShield
[2008/08/31 16:23:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2008/08/31 16:23:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2008/08/31 16:23:20 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2008/08/31 16:23:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2008/08/31 16:23:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2008/08/31 16:23:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2008/08/31 16:23:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2008/08/31 16:23:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2008/08/31 16:23:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2008/08/31 16:23:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2008/08/31 16:23:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2008/08/31 16:23:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2008/08/31 16:23:18 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2008/08/31 16:23:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2008/08/31 16:23:18 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

========== Files - Modified Within 30 Days ==========

[2012/01/25 17:01:51 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job
[2012/01/25 16:58:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 16:58:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 16:58:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2012/01/25 16:57:20 | 000,618,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/25 16:57:20 | 000,114,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/25 08:58:52 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/01/25 08:58:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 09:45:08 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 09:36:14 | 000,403,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/20 17:05:43 | 256,055,132 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/01/24 09:45:08 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/13 14:05:10 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/11/29 15:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/29 15:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/29 15:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/29 15:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/29 15:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/25 18:32:49 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/11/25 18:32:28 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/11/25 18:16:27 | 000,000,036 | ---- | C] () -- C:\Users\Sandra\AppData\Local\housecall.guid.cache
[2011/02/10 12:00:07 | 000,008,885 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/06 00:15:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/29 19:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Sandra\AppData\Local\d3d9caps.dat
[2009/10/22 16:12:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 16:12:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 10:06:15 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/09/23 10:06:06 | 000,000,392 | ---- | C] () -- C:\Windows\videoimp.ini
[2009/04/10 17:19:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/12/16 20:55:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/11 08:38:24 | 000,000,031 | ---- | C] () -- C:\Windows\UKCpInfo.sys
[2008/09/02 13:16:08 | 000,019,220 | ---- | C] () -- C:\Windows\wwdslcfg.ini
[2008/09/01 10:11:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/31 16:26:29 | 000,000,359 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/08/31 16:23:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2008/08/31 16:23:19 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2008/08/31 12:54:02 | 000,036,864 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 03:14:01 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008/08/29 19:50:48 | 000,001,770 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/28 11:32:14 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/05/28 11:32:14 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/05/28 11:30:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008/05/28 11:29:13 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/03/16 20:42:41 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/16 20:10:10 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/16 19:16:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/03/16 19:03:42 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008/03/16 19:03:42 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/02/08 01:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 16:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,403,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,618,260 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,114,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/05 20:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005/09/14 00:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2001/12/26 22:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 05:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 22:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 04:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008/03/16 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Acer GameZone Console
[2010/10/08 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Doctor Who
[2008/09/02 14:59:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\eSobi
[2011/11/25 18:32:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Loyfz
[2011/02/09 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Umno
[2012/01/24 18:46:18 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/25 17:01:51 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{077FCF45-234B-4E35-9958-7D72FB3A0C64}.job

========== Purity Check ==========



< End of report >


And here id the Extras log:
ken545
2012-01-25, 19:33
Looks pretty healthy

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces


Let me know how everything is running now ???
spikyspud
2012-01-28, 18:53
Hi,

I ran OTL with the code given, the log is at the bottom of the post.

Everything seems to be running fine now. No re-directs and the computer does seem quicker.

Here is the log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sandra\Desktop\cmd.bat deleted successfully.
C:\Users\Sandra\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sandra
->Temp folder emptied: 8206780 bytes
->Temporary Internet Files folder emptied: 63558477 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 5020 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9156228 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 76055792 bytes

Total Files Cleaned = 151.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01282012_164529

Files\Folders moved on Reboot...
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1QUM7KD\showthread[3].htm moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
ken545
2012-01-28, 19:43
:bigthumb:

Glad all is ok


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken
spikyspud
2012-01-29, 11:57
Awesome, thanks for all of your help.

:thanks: :thanks: :thanks:
ken545
2012-01-29, 12:21
Your very welcome,

Take Care,

Ken :)
ken545
2012-02-05, 11:45
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.