Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect virus on all search engines [Solved]


  • This topic is locked This topic is locked

#1
whaaatif

whaaatif

    Member

  • Member
  • PipPip
  • 26 posts
I recently got the redirect virus where I click on a search engine result and it redirects me to another site. The address bar briefly shows the link "webplains.net/search.php?..." immediately before redirecting me. I've scanned my computer with McAfee, MBAM, Spybot Search & Destroy, TDSSKiller, Hitman Pro, and GMER, all to no avail. I tried installing Microsoft Security Essentials but it won't let me open it after install (the MSE screen flashes briefly and then is gone). I also can't install microsoft updates and the windows security center is off and cannot be started.

OTL log:

OTL logfile created on: 10/28/2011 11:00:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 42.15% Memory free
3.74 Gb Paging File | 2.14 Gb Available in Paging File | 57.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.95 Gb Total Space | 138.82 Gb Free Space | 62.55% Space Free | Partition Type: NTFS
Drive G: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.81 Gb Total Space | 2.09 Gb Free Space | 54.93% Space Free | Partition Type: FAT32
Drive Q: | 9.77 Gb Total Space | 2.19 Gb Free Space | 22.45% Space Free | Partition Type: NTFS

Computer Name: CHRISTINELAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 22:59:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2011/10/01 20:07:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/25 11:51:30 | 000,525,752 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2011/07/25 11:51:18 | 001,105,848 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/04/01 06:37:24 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\jucheck.exe
PRC - [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/09/30 18:47:28 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/09/30 18:47:26 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/09/30 18:14:46 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/09/28 03:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/25 01:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/19 20:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/07 08:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 08:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/05 04:23:28 | 000,052,600 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/03/05 03:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/28 13:48:29 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/01 20:07:00 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/02/14 08:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2005/08/22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/22 20:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/09/21 19:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 19:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/08/18 08:05:18 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/06/29 16:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2011/07/25 11:51:18 | 001,105,848 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/10 14:11:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/10/22 20:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/10/22 20:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/09/30 18:47:28 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/09/30 18:47:26 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/09/25 01:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/08/07 08:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/01 06:42:42 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/12/10 14:11:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/11/25 03:37:12 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/22 20:07:00 | 000,469,144 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/10/22 20:07:00 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/10/22 20:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2009/10/22 20:07:00 | 000,083,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2009/10/22 20:07:00 | 000,077,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/15 15:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/08/18 08:04:56 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/08/18 02:06:50 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{184E4FA0-DE8C26D4-06000000}_0)
DRV:64bit: - [2009/08/18 02:06:50 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06000000}_0)
DRV:64bit: - [2009/08/13 01:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 17:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/06/29 16:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/06/29 16:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/06/18 13:21:58 | 000,161,024 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 09:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/18 01:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/12 05:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.c...l.uoguelph.ca/"
FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:3.0.8
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56667
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 20:07:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/21 18:05:19 | 000,000,000 | ---D | M]

[2010/04/10 13:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/08/27 23:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\n1u892dr.default\extensions
[2011/08/27 23:55:51 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\n1u892dr.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/06/21 18:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1U892DR.DEFAULT\EXTENSIONS\{B0E1B4A6-2C6F-4E99-94F2-8E625D7AE255}.XPI
[2011/10/01 20:07:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/10/22 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[1999/12/31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/08/20 13:19:47 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/08/20 13:19:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/20 13:19:47 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/08/20 13:19:47 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/08/20 13:19:47 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FA0D65D-DAAD-491F-B010-B3DEA455C3A4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{615F9B43-C54E-4507-9255-88EDB2A2C487}: DhcpNameServer = 60.2.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: SQLDMOBackupDevice - {7e8ae79a-4f7b-42d8-8ffd-489d5bd7c840} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/12 15:53:42 | 000,000,277 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/07/15 12:33:04 | 000,000,016 | -H-- | M] () - H:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{09443633-3d77-11df-9f4c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{09443633-3d77-11df-9f4c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{7184b9c3-4f03-11df-94dd-c80aa9300d48}\Shell - "" = AutoRun
O33 - MountPoints2\{7184b9c3-4f03-11df-94dd-c80aa9300d48}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/02/12 21:33:37 | 001,110,016 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 22:30:59 | 000,000,000 | ---D | C] -- C:\40f01742357177fa85
[2011/10/28 22:02:20 | 000,000,000 | ---D | C] -- C:\c661319dc84951fd4d4a7d371f0f9b
[2011/10/28 20:42:08 | 000,000,000 | ---D | C] -- C:\bb0a557c17ee8726e827a6b2
[2011/10/28 18:54:49 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/10/28 18:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/10/28 18:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/10/28 18:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/10/28 18:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/10/28 14:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/27 18:35:51 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/10/21 23:17:33 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2011/10/07 15:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011/10/07 15:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco

========== Files - Modified Within 30 Days ==========

[2011/10/28 23:07:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1260653325-904668753-183114689-500UA.job
[2011/10/28 23:00:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 23:00:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 22:33:11 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/28 22:33:05 | 000,665,620 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/28 22:33:05 | 000,124,754 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/28 22:31:38 | 000,804,918 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/28 18:53:34 | 001,852,250 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/10/28 18:50:12 | 000,512,992 | ---- | M] () -- C:\Users\Administrator\Desktop\sdsetup.exe
[2011/10/28 17:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/28 14:09:26 | 000,000,320 | -HS- | M] () -- C:\Windows\tasks\Eezuahs.job
[2011/10/28 14:09:13 | 1504,333,824 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 13:52:36 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/10/28 00:35:11 | 000,801,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/28 00:02:41 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/27 21:37:54 | 000,010,963 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled[2].pdf
[2011/10/27 20:44:17 | 000,010,967 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled[1].pdf
[2011/10/27 18:35:51 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/10/27 14:34:33 | 000,071,168 | RHS- | M] () -- C:\Windows\SysWow64\WMVXENCD7.dll
[2011/10/25 17:08:31 | 000,010,963 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled.pdf
[2011/10/24 21:08:38 | 000,144,475 | ---- | M] () -- C:\Users\Administrator\Documents\Christine Tam CV.pdf
[2011/10/24 09:15:22 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1260653325-904668753-183114689-500Core.job
[2011/10/21 23:19:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2011/10/14 14:35:32 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/07 15:38:54 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2011/10/05 21:00:20 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2011/10/28 18:52:36 | 001,852,250 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/10/28 18:50:27 | 000,512,992 | ---- | C] () -- C:\Users\Administrator\Desktop\sdsetup.exe
[2011/10/27 21:37:52 | 000,010,963 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled[2].pdf
[2011/10/27 20:43:58 | 000,010,967 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled[1].pdf
[2011/10/27 14:34:33 | 000,071,168 | RHS- | C] () -- C:\Windows\SysWow64\WMVXENCD7.dll
[2011/10/27 14:34:33 | 000,000,320 | -HS- | C] () -- C:\Windows\tasks\Eezuahs.job
[2011/10/25 17:08:27 | 000,010,963 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled.pdf
[2011/10/24 21:08:37 | 000,144,475 | ---- | C] () -- C:\Users\Administrator\Documents\Christine Tam CV.pdf
[2011/10/21 23:19:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2011/10/21 23:18:11 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011/10/07 15:38:54 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2011/08/05 22:23:39 | 000,017,392 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\E5FC.028
[2011/01/18 20:02:17 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf504
[2010/11/12 02:57:34 | 000,000,090 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/08/02 22:06:18 | 000,007,601 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2010/06/30 16:06:36 | 000,000,002 | ---- | C] () -- C:\Windows\pvcam.ini
[2010/04/15 14:41:19 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2010/04/10 13:58:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/01 07:01:09 | 000,804,918 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/10 03:34:15 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/09/10 03:34:13 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/09/10 03:34:13 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/09/10 03:34:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/12/26 14:17:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2010/08/11 20:08:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Audacity
[2010/09/21 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bio-Rad
[2010/05/14 16:59:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canon
[2010/07/05 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CiscoCAA
[2011/03/19 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2010/09/23 13:16:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Elluminate
[2011/01/18 20:02:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GraphPad Software
[2011/06/14 22:19:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2011/08/30 14:30:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tracker Software
[2011/10/28 14:45:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/10/28 14:09:26 | 000,000,320 | -HS- | M] () -- C:\Windows\Tasks\Eezuahs.job
[2011/10/05 21:00:20 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/14 14:35:35 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/28 00:02:41 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi on completion of this run can you try MSE again please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 56667
    FF - prefs.js..network.proxy.type: 4
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    [2011/10/28 14:09:26 | 000,000,320 | -HS- | M] () -- C:\Windows\tasks\Eezuahs.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
whaaatif

whaaatif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi, thanks for the quick reply. Last night I ran MSE in safe mode (before your reply) and it detected and deleted the following:
Exploit:Java/Blacole.Y
Exploit:Java/Blacole.Z
Exploit:Java/Blacole.W
Exploit:Java/Blacole.X
TrojanDownloader:Win32/Ponmocup.A

The redirect problem was still present after the scan though.

Today, I did what you said...

OTL log:

OTL logfile created on: 10/30/2011 3:43:43 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 51.50% Memory free
3.74 Gb Paging File | 2.69 Gb Available in Paging File | 72.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.95 Gb Total Space | 138.46 Gb Free Space | 62.38% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.19 Gb Free Space | 22.46% Space Free | Partition Type: NTFS

Computer Name: CHRISTINELAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 22:59:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2011/07/25 11:51:30 | 000,525,752 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2011/07/25 11:51:18 | 001,105,848 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/04/01 06:37:24 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\jucheck.exe
PRC - [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/09/30 18:47:28 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/09/30 18:47:26 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/09/30 18:14:46 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/09/28 03:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/19 20:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/07 08:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 08:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/05 04:23:28 | 000,052,600 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/03/05 03:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2005/08/22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/22 20:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/09/21 19:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 19:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/08/18 08:05:18 | 000,045,856 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/06/29 16:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2011/07/25 11:51:18 | 001,105,848 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/10 14:11:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/10/22 20:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/10/22 20:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/09/30 18:47:28 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/09/30 18:47:26 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/09/25 01:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Start_Pending] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/08/07 08:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/01 06:42:42 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/12/10 14:11:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/11/25 03:37:12 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/22 20:07:00 | 000,469,144 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/10/22 20:07:00 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/10/22 20:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2009/10/22 20:07:00 | 000,083,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2009/10/22 20:07:00 | 000,077,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/15 15:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/08/18 08:04:56 | 000,030,760 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/08/18 02:06:50 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{184E4FA0-DE8C26D4-06000000}_0)
DRV:64bit: - [2009/08/18 02:06:50 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06000000}_0)
DRV:64bit: - [2009/08/13 01:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 17:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/06/29 16:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/06/29 16:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/06/18 13:21:58 | 000,161,024 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 09:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/18 01:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/12 05:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.c...l.uoguelph.ca/"
FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:3.0.8
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 20:07:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/21 18:05:19 | 000,000,000 | ---D | M]

[2010/04/10 13:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/08/27 23:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\n1u892dr.default\extensions
[2011/08/27 23:55:51 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\n1u892dr.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/06/21 18:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1U892DR.DEFAULT\EXTENSIONS\{B0E1B4A6-2C6F-4E99-94F2-8E625D7AE255}.XPI
[2011/10/01 20:07:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/10/22 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[1999/12/31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/08/20 13:19:47 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/08/20 13:19:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/20 13:19:47 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/08/20 13:19:47 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/08/20 13:19:47 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/30 03:39:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FA0D65D-DAAD-491F-B010-B3DEA455C3A4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{615F9B43-C54E-4507-9255-88EDB2A2C487}: DhcpNameServer = 60.2.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: SQLDMOBackupDevice - {7e8ae79a-4f7b-42d8-8ffd-489d5bd7c840} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{09443633-3d77-11df-9f4c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{09443633-3d77-11df-9f4c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 03:39:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/29 10:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/10/29 10:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/28 23:59:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/28 18:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/10/28 18:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/10/28 14:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/27 18:35:51 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/10/21 23:17:33 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2011/10/07 15:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011/10/07 15:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco

========== Files - Modified Within 30 Days ==========

[2011/10/30 03:49:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 03:49:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 03:41:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/30 03:41:11 | 1504,333,824 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/30 03:39:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/10/30 03:34:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/30 03:33:47 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1260653325-904668753-183114689-500UA.job
[2011/10/29 14:32:23 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[2011/10/29 10:30:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/29 10:30:19 | 000,804,918 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/29 10:30:19 | 000,667,720 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/29 10:30:19 | 000,125,754 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/28 23:58:49 | 419,302,207 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/28 18:53:34 | 001,852,250 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/10/28 18:50:12 | 000,512,992 | ---- | M] () -- C:\Users\Administrator\Desktop\sdsetup.exe
[2011/10/28 13:52:36 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/10/28 00:35:11 | 000,801,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/27 21:37:54 | 000,010,963 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled[2].pdf
[2011/10/27 20:44:17 | 000,010,967 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled[1].pdf
[2011/10/27 18:35:51 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/10/27 14:34:33 | 000,071,168 | RHS- | M] () -- C:\Windows\SysWow64\WMVXENCD7.dll
[2011/10/25 17:08:31 | 000,010,963 | ---- | M] () -- C:\Users\Administrator\Documents\Untitled.pdf
[2011/10/24 21:08:38 | 000,144,475 | ---- | M] () -- C:\Users\Administrator\Documents\Christine Tam CV.pdf
[2011/10/24 09:15:22 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1260653325-904668753-183114689-500Core.job
[2011/10/21 23:19:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2011/10/14 14:35:32 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/07 15:38:54 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2011/10/05 21:00:20 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2011/10/29 14:32:23 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2011/10/29 10:30:02 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/28 23:58:49 | 419,302,207 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/28 18:52:36 | 001,852,250 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/10/28 18:50:27 | 000,512,992 | ---- | C] () -- C:\Users\Administrator\Desktop\sdsetup.exe
[2011/10/27 21:37:52 | 000,010,963 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled[2].pdf
[2011/10/27 20:43:58 | 000,010,967 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled[1].pdf
[2011/10/27 14:34:33 | 000,071,168 | RHS- | C] () -- C:\Windows\SysWow64\WMVXENCD7.dll
[2011/10/25 17:08:27 | 000,010,963 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled.pdf
[2011/10/24 21:08:37 | 000,144,475 | ---- | C] () -- C:\Users\Administrator\Documents\Christine Tam CV.pdf
[2011/10/21 23:19:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2011/10/21 23:18:11 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011/10/07 15:38:54 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Cisco NAC Agent.lnk
[2011/08/05 22:23:39 | 000,017,392 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\E5FC.028
[2011/01/18 20:02:17 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf504
[2010/11/12 02:57:34 | 000,000,090 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/08/02 22:06:18 | 000,007,601 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2010/06/30 16:06:36 | 000,000,002 | ---- | C] () -- C:\Windows\pvcam.ini
[2010/04/15 14:41:19 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2010/04/10 13:58:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/01 07:01:09 | 000,804,918 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/10 03:34:15 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/09/10 03:34:13 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/09/10 03:34:13 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/09/10 03:34:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/12/26 14:17:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2010/08/11 20:08:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Audacity
[2010/09/21 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bio-Rad
[2010/05/14 16:59:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canon
[2010/07/05 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CiscoCAA
[2011/03/19 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2010/09/23 13:16:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Elluminate
[2011/01/18 20:02:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GraphPad Software
[2011/06/14 22:19:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2011/08/30 14:30:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tracker Software
[2011/10/28 14:45:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/10/05 21:00:20 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/14 14:35:35 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/30 03:34:04 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >




aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-30 03:59:50
-----------------------------
03:59:50.038 OS Version: Windows x64 6.1.7600
03:59:50.038 Number of processors: 2 586 0x170A
03:59:50.040 ComputerName: CHRISTINELAPTOP UserName: Administrator
03:59:51.485 Initialize success
04:01:01.653 AVAST engine defs: 11102901
04:01:52.952 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:01:52.954 Disk 0 Vendor: WDC_WD25 14.0 Size: 238475MB BusType: 3
04:01:52.976 Disk 0 MBR read successfully
04:01:52.980 Disk 0 MBR scan
04:01:52.990 Disk 0 unknown MBR code
04:01:52.994 Service scanning
04:01:55.075 Modules scanning
04:01:55.080 Disk 0 trace - called modules:
04:01:55.085
04:01:56.119 AVAST engine scan C:\Windows
04:01:58.568 AVAST engine scan C:\Windows\system32
04:04:22.164 AVAST engine scan C:\Windows\system32\drivers
04:04:40.738 AVAST engine scan C:\Users\Administrator
04:10:52.887 AVAST engine scan C:\ProgramData
04:12:40.939 Scan finished successfully
04:14:28.200 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
04:14:28.211 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"


I tried running MSE again, but it still would not run (MSE screen flashes and disappears).
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we have removed the proxy settings so lets now check the drivers out

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
whaaatif

whaaatif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi, I disabled my antivirus program (McAfee) before running ComboFix but it gave me a warning that it was still active. I even killed all the McAfee-related processes in task manager except for mfevtps.exe (McAfee Process Validation Service), which would not end for some reason. I'm not sure if this affected the ComboFix run...

Here is the ComboFix log:

ComboFix 11-10-30.03 - Administrator 30/10/2011 19:47:30.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.1913.1043 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\jucheck.exe
c:\windows\SysWow64\jusched.exe
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 00:00 . 2011-10-31 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 07:39 . 2011-10-30 07:39 -------- d-----w- C:\_OTL
2011-10-29 14:43 . 2011-10-04 21:22 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65BBB5F4-74F1-4BF8-A3AC-16060D1BE4BF}\gapaengine.dll
2011-10-29 14:43 . 2011-10-18 06:27 8570192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A861F3B-FF86-4FB1-BD9F-01BFE0003621}\mpengine.dll
2011-10-29 14:30 . 2011-10-29 14:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-29 14:29 . 2011-10-29 14:30 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-28 22:50 . 2011-10-29 02:00 -------- d-----w- c:\programdata\PC Tools
2011-10-28 18:35 . 2011-10-29 00:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-10-27 22:35 . 2011-10-27 22:35 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-10-27 18:34 . 2011-10-27 18:34 71168 --sha-r- c:\windows\SysWow64\WMVXENCD7.dll
2011-10-26 22:14 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 22:14 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-22 03:17 . 2011-10-22 03:21 -------- d-----w- c:\windows\WindowsMobile
2011-10-14 01:37 . 2011-09-06 03:07 3134976 ----a-w- c:\windows\system32\win32k.sys
2011-10-14 01:35 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-14 01:35 . 2011-08-17 04:22 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-14 01:35 . 2011-08-17 04:22 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-14 01:35 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 01:35 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-14 01:35 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 01:35 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-07 19:38 . 2011-10-07 19:38 -------- d-----w- c:\program files (x86)\Common Files\Cisco
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 17:52 . 2011-08-06 17:06 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-28 17:48 . 2011-09-22 19:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 21:00 . 2011-05-14 21:21 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2009-08-18 23536]
R3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0;PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [2009-08-18 23536]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-07-25 1105848]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1260653325-904668753-183114689-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 23:10]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1260653325-904668753-183114689-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 23:10]
.
2011-10-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
2011-10-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF24622.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\n1u892dr.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Den%26tab%3Dwm%26ui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2&hl=en|https://mail.uoguelph.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SSODL-SQLDMOBackupDevice-{7e8ae79a-4f7b-42d8-8ffd-489d5bd7c840} - (no file)
SafeBoot-83385744.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{184E4FA0-DE8C26D4-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1260653325-904668753-183114689-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,26,e4,bb,35,32,8c,47,be,d4,13,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,5d,23,91,38,65,50,46,8a,d6,f7,\
.
[HKEY_USERS\S-1-5-21-1260653325-904668753-183114689-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CCCP.MPC.AVI.1"
.
[HKEY_USERS\S-1-5-21-1260653325-904668753-183114689-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1260653325-904668753-183114689-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1260653325-904668753-183114689-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CCCP.MPC.Matroska.1"
.
[HKEY_USERS\S-1-5-21-1260653325-904668753-183114689-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1260653325-904668753-183114689-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1260653325-904668753-183114689-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1260653325-904668753-183114689-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="xmlfile"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2011-10-30 20:34:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-31 00:34
.
Pre-Run: 148,431,990,784 bytes free
Post-Run: 148,676,079,616 bytes free
.
- - End Of File - - 02745BBD089BFBEEA0419AA62CBCD5D8


My computer is still running the same: redirect is still present and I cannot start MSE in normal mode. The blue screen of death came up a couple times yesterday as well.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets double check the MBR now... Are any other computers using the router experiencing redirects ?

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#7
whaaatif

whaaatif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi, my roommate hasn't been having redirect problems, and my other roommate isn't in right now. I'll ask her when I see her next.

Here's the MBRCheck log, it found an infection:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 2874CTO
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 193):
0x02E4F000 \SystemRoot\system32\ntoskrnl.exe
0x02E06000 \SystemRoot\system32\hal.dll
0x00BC4000 \SystemRoot\system32\kdcom.dll
0x00CEE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D32000 \SystemRoot\system32\PSHED.dll
0x00D46000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E7E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F22000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F31000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F88000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F91000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F9B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FA8000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FDB000 \SystemRoot\System32\drivers\partmgr.sys
0x00FF0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E0C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E21000 \SystemRoot\System32\drivers\volmgrx.sys
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x01077000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01193000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0119C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011C6000 \SystemRoot\system32\DRIVERS\msahci.sys
0x011D1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x011E1000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01219000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01468000 \SystemRoot\System32\Drivers\msrpc.sys
0x014C6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014E0000 \SystemRoot\System32\Drivers\cng.sys
0x01553000 \SystemRoot\System32\drivers\pcw.sys
0x01564000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016B3000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x017A5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0156E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017EF000 \SystemRoot\System32\DRIVERS\ApsHM64.sys
0x0168B000 \SystemRoot\System32\Drivers\spldr.sys
0x015BA000 \SystemRoot\System32\drivers\rdyboost.sys
0x01400000 \SystemRoot\System32\DRIVERS\Apsx64.sys
0x01693000 \SystemRoot\System32\Drivers\mup.sys
0x01A57000 \SystemRoot\system32\drivers\mfehidk.sys
0x01AC8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01AD1000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B0B000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B21000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02FD2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02E00000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02E31000 \SystemRoot\System32\Drivers\Null.SYS
0x02E3A000 \SystemRoot\System32\Drivers\Beep.SYS
0x02E41000 \SystemRoot\System32\drivers\vga.sys
0x02E4F000 \SystemRoot\system32\ntoskrnl.exe
0x02E74000 \SystemRoot\System32\drivers\watchdog.sys
0x02E84000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02E8D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02E96000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01B5F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01B6A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01B7B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01B99000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01BA6000 \SystemRoot\system32\drivers\mfetdik.sys
0x01BB9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03E2D000 \SystemRoot\system32\drivers\afd.sys
0x03EB6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03EBF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03EE5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03EFB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F0A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03F25000 \SystemRoot\System32\drivers\Tppwr64v.sys
0x03F2B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03F3F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03F90000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F9C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03FA7000 \SystemRoot\system32\DRIVERS\smiifx64.sys
0x03FAE000 \SystemRoot\System32\drivers\discache.sys
0x03FBD000 \SystemRoot\System32\Drivers\dfsc.sys
0x03FDB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04098000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04A5D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B51000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04B97000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04BA4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04A00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04A11000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04A35000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x047A0000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x04CD0000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x0537D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0538A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x053C3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x053E1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04C00000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04C4F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04C51000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04C60000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x04C6B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04C78000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04C8E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04C93000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04C9C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04CAC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x047CF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04CC2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0402F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0404A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0406B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x053F0000 \SystemRoot\system32\DRIVERS\psadd.sys
0x053FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01A00000 \SystemRoot\system32\DRIVERS\ks.sys
0x04085000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00DA4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x01425000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0543F000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05400000 \SystemRoot\system32\drivers\portcls.sys
0x0143A000 \SystemRoot\system32\drivers\drmk.sys
0x04BFA000 \SystemRoot\system32\drivers\ksthunk.sys
0x013BB000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x03FEC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02E9F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x02FBB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x013E2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05E86000 \SystemRoot\system32\DRIVERS\5U877.sys
0x05EAE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x00080000 \SystemRoot\System32\win32k.sys
0x05EBF000 \SystemRoot\System32\drivers\Dxapi.sys
0x05ECB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x007B0000 \SystemRoot\System32\cdd.dll
0x05ED9000 \SystemRoot\system32\drivers\luafv.sys
0x05EFC000 \SystemRoot\system32\drivers\WudfPf.sys
0x05F1D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05F32000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05F85000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05F98000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02A58000 \SystemRoot\system32\drivers\HTTP.sys
0x02B20000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02B3E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02B56000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02B83000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02BD1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0624F000 \SystemRoot\system32\drivers\peauth.sys
0x062F5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06300000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0632D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0633F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0767F000 \SystemRoot\System32\DRIVERS\srv.sys
0x07714000 \SystemRoot\system32\drivers\mfeavfk.sys
0x778C0000 \Windows\System32\ntdll.dll
0x47E60000 \Windows\System32\smss.exe
0xFFBE0000 \Windows\System32\apisetschema.dll
0xFFB50000 \Windows\System32\autochk.exe
0x777C0000 \Windows\System32\user32.dll
0xFFAC0000 \Windows\System32\msctf.dll
0xFFAB0000 \Windows\System32\lpk.dll
0xFF850000 \Windows\System32\iertutil.dll
0xFF670000 \Windows\System32\setupapi.dll
0xFF540000 \Windows\System32\rpcrt4.dll
0xFF4A0000 \Windows\System32\clbcatq.dll
0xFF400000 \Windows\System32\comdlg32.dll
0xFF3F0000 \Windows\System32\nsi.dll
0xFF310000 \Windows\System32\oleaut32.dll
0xFF100000 \Windows\System32\ole32.dll
0xFF090000 \Windows\System32\gdi32.dll
0xFF060000 \Windows\System32\imm32.dll
0x776A0000 \Windows\System32\kernel32.dll
0x77A90000 \Windows\System32\normaliz.dll
0xFEFC0000 \Windows\System32\msvcrt.dll
0xFEE90000 \Windows\System32\wininet.dll
0xFED10000 \Windows\System32\urlmon.dll
0xFECF0000 \Windows\System32\imagehlp.dll
0xFEC70000 \Windows\System32\shlwapi.dll
0xFEBF0000 \Windows\System32\difxapi.dll
0xFEB20000 \Windows\System32\usp10.dll
0xFEA40000 \Windows\System32\advapi32.dll
0xFEA20000 \Windows\System32\sechost.dll
0xFE9D0000 \Windows\System32\ws2_32.dll
0x77A80000 \Windows\System32\psapi.dll
0xFDC40000 \Windows\System32\shell32.dll
0xFDBF0000 \Windows\System32\Wldap32.dll
0xFDBB0000 \Windows\System32\cfgmgr32.dll
0xFDB10000 \Windows\System32\comctl32.dll
0xFD9A0000 \Windows\System32\crypt32.dll
0xFD960000 \Windows\System32\wintrust.dll
0xFD940000 \Windows\System32\devobj.dll
0xFD8D0000 \Windows\System32\KernelBase.dll
0xFD8C0000 \Windows\System32\msasn1.dll
0x773B0000 \Windows\SysWOW64\normaliz.dll

Processes (total 91):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
480 csrss.exe
524 C:\Windows\System32\wininit.exe
544 csrss.exe
580 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\winlogon.exe
744 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\ibmpmsvc.exe
864 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
328 C:\Windows\System32\svchost.exe
496 C:\Windows\System32\audiodg.exe
548 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\wlanext.exe
1156 C:\Windows\System32\conhost.exe
1348 C:\Windows\System32\spoolsv.exe
1356 C:\Windows\System32\taskeng.exe
1392 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\rundll32.exe
1480 C:\Windows\SysWOW64\rundll32.exe
1548 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
1576 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
1592 C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
1648 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1684 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1744 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1776 C:\Windows\System32\svchost.exe
1820 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1964 C:\Program Files\Lenovo\HOTKEY\micmute.exe
1988 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
2008 C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
1264 C:\Windows\System32\taskhost.exe
2016 C:\Windows\System32\dwm.exe
2056 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
2068 C:\Windows\explorer.exe
2376 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2392 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
2400 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
2408 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2424 C:\Windows\System32\TpShocks.exe
2448 C:\Windows\System32\hkcmd.exe
2460 C:\Windows\System32\igfxpers.exe
2500 C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
2552 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
2600 C:\Windows\System32\igfxsrvc.exe
2616 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2624 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
2860 C:\Windows\System32\mfevtps.exe
2932 naPrdMgr.exe
3004 C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
3044 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2316 C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
2320 C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
2644 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1252 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1084 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2560 C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
2244 C:\Windows\System32\svchost.exe
2880 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
3092 mfeann.exe
3100 C:\Windows\System32\conhost.exe
3140 C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
3208 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3460 unsecapp.exe
3596 WmiPrvSE.exe
3924 C:\Windows\System32\SearchIndexer.exe
3968 C:\Windows\System32\svchost.exe
4300 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4488 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4776 C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
5116 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4132 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4120 C:\Users\Administrator\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
3868 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1100 C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
4468 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
3852 C:\Windows\System32\svchost.exe
4444 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
4632 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
4324 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
3508 C:\Windows\servicing\TrustedInstaller.exe
3864 C:\Windows\System32\wuauclt.exe
3768 taskhost.exe
892 C:\Users\Administrator\Desktop\MBRCheck.exe
1232 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000037`c7a00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-08VAT2, Rev: 14.01A14

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 467A9E1D21D1EF4384E1EFA08823DF9E8982FB58


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is the make of your computer ? I.e. Dell, HP etc

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#9
whaaatif

whaaatif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
My computer is a Lenovo SL410. It's relatively new, I bought it a year and a half ago.

I ran TDSSkiller and it didn't find any threats. How come MBRCheck found an infection but nothing else has been able to detect it? What did MBRCheck identify the infection to be?

Here's the TDSS log:

19:41:33.0304 4624 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
19:41:33.0601 4624 ============================================================
19:41:33.0601 4624 Current date / time: 2011/11/01 19:41:33.0601
19:41:33.0601 4624 SystemInfo:
19:41:33.0601 4624
19:41:33.0601 4624 OS Version: 6.1.7600 ServicePack: 0.0
19:41:33.0601 4624 Product type: Workstation
19:41:33.0601 4624 ComputerName: CHRISTINELAPTOP
19:41:33.0602 4624 UserName: Administrator
19:41:33.0602 4624 Windows directory: C:\Windows
19:41:33.0602 4624 System windows directory: C:\Windows
19:41:33.0602 4624 Running under WOW64
19:41:33.0602 4624 Processor architecture: Intel x64
19:41:33.0602 4624 Number of processors: 2
19:41:33.0602 4624 Page size: 0x1000
19:41:33.0602 4624 Boot type: Normal boot
19:41:33.0602 4624 ============================================================
19:41:33.0997 4624 Initialize success
19:41:48.0095 5860 ============================================================
19:41:48.0095 5860 Scan started
19:41:48.0095 5860 Mode: Manual; SigCheck; TDLFS;
19:41:48.0095 5860 ============================================================
19:41:48.0406 5860 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:41:48.0473 5860 1394ohci - ok
19:41:48.0606 5860 5U877 (7d497701bda1267ad5f86350925d2f10) C:\Windows\system32\DRIVERS\5U877.sys
19:41:48.0624 5860 5U877 - ok
19:41:48.0748 5860 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:41:48.0769 5860 ACPI - ok
19:41:48.0838 5860 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:41:48.0860 5860 AcpiPmi - ok
19:41:49.0022 5860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:41:49.0044 5860 adp94xx - ok
19:41:49.0124 5860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:41:49.0143 5860 adpahci - ok
19:41:49.0249 5860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:41:49.0266 5860 adpu320 - ok
19:41:49.0406 5860 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
19:41:49.0429 5860 AFD - ok
19:41:49.0513 5860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:41:49.0527 5860 agp440 - ok
19:41:49.0630 5860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:41:49.0644 5860 aliide - ok
19:41:49.0674 5860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:41:49.0688 5860 amdide - ok
19:41:49.0759 5860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:41:49.0777 5860 AmdK8 - ok
19:41:49.0791 5860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:41:49.0811 5860 AmdPPM - ok
19:41:49.0895 5860 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:41:49.0910 5860 amdsata - ok
19:41:49.0972 5860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:41:49.0989 5860 amdsbs - ok
19:41:50.0037 5860 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:41:50.0051 5860 amdxata - ok
19:41:50.0103 5860 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:41:50.0127 5860 AppID - ok
19:41:50.0188 5860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:41:50.0219 5860 arc - ok
19:41:50.0234 5860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:41:50.0249 5860 arcsas - ok
19:41:50.0297 5860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:41:50.0340 5860 AsyncMac - ok
19:41:50.0412 5860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:41:50.0445 5860 atapi - ok
19:41:50.0582 5860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:41:50.0605 5860 b06bdrv - ok
19:41:50.0686 5860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:41:50.0707 5860 b57nd60a - ok
19:41:50.0777 5860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:41:50.0820 5860 Beep - ok
19:41:50.0889 5860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:41:50.0907 5860 blbdrive - ok
19:41:50.0956 5860 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:41:50.0974 5860 bowser - ok
19:41:51.0024 5860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:41:51.0044 5860 BrFiltLo - ok
19:41:51.0056 5860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:41:51.0077 5860 BrFiltUp - ok
19:41:51.0104 5860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:41:51.0126 5860 Brserid - ok
19:41:51.0138 5860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:41:51.0159 5860 BrSerWdm - ok
19:41:51.0173 5860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:41:51.0194 5860 BrUsbMdm - ok
19:41:51.0207 5860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:41:51.0225 5860 BrUsbSer - ok
19:41:51.0284 5860 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:41:51.0302 5860 BthEnum - ok
19:41:51.0328 5860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:41:51.0349 5860 BTHMODEM - ok
19:41:51.0365 5860 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:41:51.0387 5860 BthPan - ok
19:41:51.0447 5860 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
19:41:51.0470 5860 BTHPORT - ok
19:41:51.0541 5860 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
19:41:51.0558 5860 BTHUSB - ok
19:41:51.0562 5860 catchme - ok
19:41:51.0627 5860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:41:51.0672 5860 cdfs - ok
19:41:51.0731 5860 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:41:51.0749 5860 cdrom - ok
19:41:51.0812 5860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:41:51.0832 5860 circlass - ok
19:41:51.0869 5860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:41:51.0888 5860 CLFS - ok
19:41:51.0967 5860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:41:51.0984 5860 CmBatt - ok
19:41:51.0996 5860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:41:52.0010 5860 cmdide - ok
19:41:52.0042 5860 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:41:52.0069 5860 CNG - ok
19:41:52.0114 5860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:41:52.0128 5860 Compbatt - ok
19:41:52.0204 5860 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:41:52.0225 5860 CompositeBus - ok
19:41:52.0279 5860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:41:52.0292 5860 crcdisk - ok
19:41:52.0375 5860 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:41:52.0392 5860 DfsC - ok
19:41:52.0418 5860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:41:52.0462 5860 discache - ok
19:41:52.0521 5860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:41:52.0536 5860 Disk - ok
19:41:52.0601 5860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:41:52.0623 5860 drmkaud - ok
19:41:52.0684 5860 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:41:52.0714 5860 DXGKrnl - ok
19:41:52.0823 5860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:41:52.0881 5860 ebdrv - ok
19:41:52.0973 5860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:41:52.0996 5860 elxstor - ok
19:41:53.0010 5860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:41:53.0028 5860 ErrDev - ok
19:41:53.0096 5860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:41:53.0146 5860 exfat - ok
19:41:53.0170 5860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:41:53.0217 5860 fastfat - ok
19:41:53.0249 5860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:41:53.0267 5860 fdc - ok
19:41:53.0315 5860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:41:53.0329 5860 FileInfo - ok
19:41:53.0360 5860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:41:53.0405 5860 Filetrace - ok
19:41:53.0418 5860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:41:53.0436 5860 flpydisk - ok
19:41:53.0495 5860 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:41:53.0512 5860 FltMgr - ok
19:41:53.0544 5860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:41:53.0558 5860 FsDepends - ok
19:41:53.0587 5860 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:41:53.0601 5860 Fs_Rec - ok
19:41:53.0675 5860 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:41:53.0694 5860 fvevol - ok
19:41:53.0746 5860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:41:53.0760 5860 gagp30kx - ok
19:41:53.0829 5860 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:41:53.0840 5860 GEARAspiWDM - ok
19:41:53.0865 5860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:41:53.0884 5860 hcw85cir - ok
19:41:53.0947 5860 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:41:53.0971 5860 HdAudAddService - ok
19:41:54.0022 5860 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:41:54.0043 5860 HDAudBus - ok
19:41:54.0069 5860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:41:54.0087 5860 HidBatt - ok
19:41:54.0101 5860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:41:54.0124 5860 HidBth - ok
19:41:54.0137 5860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:41:54.0158 5860 HidIr - ok
19:41:54.0212 5860 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:41:54.0231 5860 HidUsb - ok
19:41:54.0256 5860 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:41:54.0272 5860 HpSAMD - ok
19:41:54.0344 5860 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:41:54.0397 5860 HTTP - ok
19:41:54.0424 5860 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:41:54.0438 5860 hwpolicy - ok
19:41:54.0496 5860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:41:54.0514 5860 i8042prt - ok
19:41:54.0566 5860 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
19:41:54.0622 5860 iaStor - ok
19:41:54.0699 5860 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:41:54.0720 5860 iaStorV - ok
19:41:54.0787 5860 IBMPMDRV (b8e7ca64fff8b71636dea3a845cc23e5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
19:41:54.0798 5860 IBMPMDRV - ok
19:41:55.0054 5860 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:41:55.0163 5860 igfx - ok
19:41:55.0256 5860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:41:55.0271 5860 iirsp - ok
19:41:55.0387 5860 IntcAzAudAddService (3111a658416dc464ba1e48e3b2169952) C:\Windows\system32\drivers\RTKVHD64.sys
19:41:55.0429 5860 IntcAzAudAddService - ok
19:41:55.0505 5860 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
19:41:55.0521 5860 IntcHdmiAddService - ok
19:41:55.0557 5860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:41:55.0570 5860 intelide - ok
19:41:55.0617 5860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:41:55.0635 5860 intelppm - ok
19:41:55.0653 5860 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:41:55.0699 5860 IpFilterDriver - ok
19:41:55.0716 5860 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:41:55.0736 5860 IPMIDRV - ok
19:41:55.0751 5860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:41:55.0796 5860 IPNAT - ok
19:41:55.0855 5860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:41:55.0877 5860 IRENUM - ok
19:41:55.0902 5860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:41:55.0915 5860 isapnp - ok
19:41:55.0936 5860 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:41:55.0953 5860 iScsiPrt - ok
19:41:56.0013 5860 JMCR (80a1de467adf200390134d63e359937a) C:\Windows\system32\DRIVERS\jmcr.sys
19:41:56.0036 5860 JMCR - ok
19:41:56.0091 5860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:41:56.0105 5860 kbdclass - ok
19:41:56.0162 5860 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:41:56.0179 5860 kbdhid - ok
19:41:56.0203 5860 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
19:41:56.0218 5860 KSecDD - ok
19:41:56.0264 5860 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
19:41:56.0280 5860 KSecPkg - ok
19:41:56.0302 5860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:41:56.0356 5860 ksthunk - ok
19:41:56.0448 5860 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
19:41:56.0459 5860 lenovo.smi - ok
19:41:56.0522 5860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:41:56.0567 5860 lltdio - ok
19:41:56.0626 5860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:41:56.0641 5860 LSI_FC - ok
19:41:56.0658 5860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:41:56.0673 5860 LSI_SAS - ok
19:41:56.0687 5860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:41:56.0702 5860 LSI_SAS2 - ok
19:41:56.0725 5860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:41:56.0740 5860 LSI_SCSI - ok
19:41:56.0795 5860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:41:56.0839 5860 luafv - ok
19:41:56.0903 5860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:41:56.0917 5860 megasas - ok
19:41:56.0951 5860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:41:56.0977 5860 MegaSR - ok
19:41:57.0008 5860 mfeapfk (e2d642a38a8dc4722f859092f731b6a3) C:\Windows\system32\drivers\mfeapfk.sys
19:41:57.0020 5860 mfeapfk - ok
19:41:57.0046 5860 mfeavfk (ae23ed41216e160f54e5ef1a5ee325f7) C:\Windows\system32\drivers\mfeavfk.sys
19:41:57.0058 5860 mfeavfk - ok
19:41:57.0112 5860 mfehidk (bc76bc7129b2206098ac220b656f15b7) C:\Windows\system32\drivers\mfehidk.sys
19:41:57.0130 5860 mfehidk - ok
19:41:57.0156 5860 mferkdet (c7c15d125aa697be97087d197c9fad08) C:\Windows\system32\drivers\mferkdet.sys
19:41:57.0167 5860 mferkdet - ok
19:41:57.0194 5860 mfetdik (41ca4c4292004486d004d357b9c19718) C:\Windows\system32\drivers\mfetdik.sys
19:41:57.0205 5860 mfetdik - ok
19:41:57.0295 5860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:41:57.0339 5860 Modem - ok
19:41:57.0404 5860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:41:57.0424 5860 monitor - ok
19:41:57.0479 5860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:41:57.0493 5860 mouclass - ok
19:41:57.0531 5860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:41:57.0550 5860 mouhid - ok
19:41:57.0584 5860 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:41:57.0599 5860 mountmgr - ok
19:41:57.0653 5860 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
19:41:57.0669 5860 MpFilter - ok
19:41:57.0697 5860 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:41:57.0712 5860 mpio - ok
19:41:57.0733 5860 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:41:57.0744 5860 MpNWMon - ok
19:41:57.0770 5860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:41:57.0815 5860 mpsdrv - ok
19:41:57.0834 5860 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:41:57.0858 5860 MRxDAV - ok
19:41:57.0898 5860 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:41:57.0916 5860 mrxsmb - ok
19:41:57.0959 5860 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:41:57.0979 5860 mrxsmb10 - ok
19:41:58.0000 5860 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:41:58.0018 5860 mrxsmb20 - ok
19:41:58.0046 5860 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:41:58.0059 5860 msahci - ok
19:41:58.0086 5860 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:41:58.0101 5860 msdsm - ok
19:41:58.0160 5860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:41:58.0205 5860 Msfs - ok
19:41:58.0258 5860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:41:58.0301 5860 mshidkmdf - ok
19:41:58.0325 5860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:41:58.0338 5860 msisadrv - ok
19:41:58.0377 5860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:41:58.0422 5860 MSKSSRV - ok
19:41:58.0464 5860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:41:58.0508 5860 MSPCLOCK - ok
19:41:58.0527 5860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:41:58.0571 5860 MSPQM - ok
19:41:58.0608 5860 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:41:58.0628 5860 MsRPC - ok
19:41:58.0655 5860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:41:58.0669 5860 mssmbios - ok
19:41:58.0741 5860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:41:58.0784 5860 MSTEE - ok
19:41:58.0797 5860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:41:58.0816 5860 MTConfig - ok
19:41:58.0875 5860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:41:58.0890 5860 Mup - ok
19:41:58.0985 5860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:41:59.0010 5860 NativeWifiP - ok
19:41:59.0074 5860 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:41:59.0104 5860 NDIS - ok
19:41:59.0126 5860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:41:59.0172 5860 NdisCap - ok
19:41:59.0218 5860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:41:59.0262 5860 NdisTapi - ok
19:41:59.0313 5860 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:41:59.0357 5860 Ndisuio - ok
19:41:59.0383 5860 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:41:59.0429 5860 NdisWan - ok
19:41:59.0451 5860 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:41:59.0495 5860 NDProxy - ok
19:41:59.0517 5860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:41:59.0562 5860 NetBIOS - ok
19:41:59.0592 5860 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:41:59.0639 5860 NetBT - ok
19:41:59.0874 5860 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
19:41:59.0977 5860 NETw5s64 - ok
19:42:00.0236 5860 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
19:42:00.0325 5860 netw5v64 - ok
19:42:00.0417 5860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:42:00.0431 5860 nfrd960 - ok
19:42:00.0479 5860 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:42:00.0490 5860 NisDrv - ok
19:42:00.0539 5860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:42:00.0583 5860 Npfs - ok
19:42:00.0608 5860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:42:00.0652 5860 nsiproxy - ok
19:42:00.0734 5860 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:42:00.0776 5860 Ntfs - ok
19:42:00.0795 5860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:42:00.0839 5860 Null - ok
19:42:00.0882 5860 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:42:00.0898 5860 nvraid - ok
19:42:00.0937 5860 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:42:00.0952 5860 nvstor - ok
19:42:00.0986 5860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:42:01.0001 5860 nv_agp - ok
19:42:01.0031 5860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:42:01.0051 5860 ohci1394 - ok
19:42:01.0111 5860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:42:01.0129 5860 Parport - ok
19:42:01.0155 5860 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:42:01.0170 5860 partmgr - ok
19:42:01.0336 5860 PCDSRVC{127174DC-C366ED8B-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor\pcdsrvc_x64.pkms
19:42:01.0349 5860 PCDSRVC{127174DC-C366ED8B-06000000}_0 - ok
19:42:01.0421 5860 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms
19:42:01.0434 5860 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - ok
19:42:01.0542 5860 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:42:01.0558 5860 pci - ok
19:42:01.0598 5860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:42:01.0613 5860 pciide - ok
19:42:01.0664 5860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:42:01.0680 5860 pcmcia - ok
19:42:01.0708 5860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:42:01.0722 5860 pcw - ok
19:42:01.0750 5860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:42:01.0802 5860 PEAUTH - ok
19:42:01.0906 5860 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:42:01.0951 5860 PptpMiniport - ok
19:42:01.0972 5860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:42:01.0990 5860 Processor - ok
19:42:02.0074 5860 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
19:42:02.0086 5860 psadd - ok
19:42:02.0131 5860 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:42:02.0176 5860 Psched - ok
19:42:02.0239 5860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:42:02.0279 5860 ql2300 - ok
19:42:02.0295 5860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:42:02.0311 5860 ql40xx - ok
19:42:02.0342 5860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:42:02.0366 5860 QWAVEdrv - ok
19:42:02.0422 5860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:42:02.0469 5860 RasAcd - ok
19:42:02.0525 5860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:42:02.0569 5860 RasAgileVpn - ok
19:42:02.0597 5860 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:42:02.0644 5860 Rasl2tp - ok
19:42:02.0684 5860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:42:02.0728 5860 RasPppoe - ok
19:42:02.0747 5860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:42:02.0792 5860 RasSstp - ok
19:42:02.0825 5860 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:42:02.0873 5860 rdbss - ok
19:42:02.0903 5860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:42:02.0924 5860 rdpbus - ok
19:42:02.0949 5860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:42:02.0992 5860 RDPCDD - ok
19:42:03.0054 5860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:42:03.0097 5860 RDPENCDD - ok
19:42:03.0118 5860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:42:03.0162 5860 RDPREFMP - ok
19:42:03.0179 5860 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:42:03.0225 5860 RDPWD - ok
19:42:03.0287 5860 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:42:03.0304 5860 rdyboost - ok
19:42:03.0371 5860 regi - ok
19:42:03.0438 5860 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:42:03.0460 5860 RFCOMM - ok
19:42:03.0519 5860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:42:03.0563 5860 rspndr - ok
19:42:03.0626 5860 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:42:03.0646 5860 RTL8167 - ok
19:42:03.0682 5860 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:42:03.0697 5860 sbp2port - ok
19:42:03.0723 5860 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:42:03.0767 5860 scfilter - ok
19:42:03.0803 5860 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
19:42:03.0824 5860 sdbus - ok
19:42:03.0876 5860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:42:03.0921 5860 secdrv - ok
19:42:03.0958 5860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:42:03.0978 5860 Serenum - ok
19:42:04.0001 5860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:42:04.0020 5860 Serial - ok
19:42:04.0046 5860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:42:04.0064 5860 sermouse - ok
19:42:04.0092 5860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:42:04.0113 5860 sffdisk - ok
19:42:04.0126 5860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:42:04.0148 5860 sffp_mmc - ok
19:42:04.0161 5860 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:42:04.0184 5860 sffp_sd - ok
19:42:04.0198 5860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:42:04.0216 5860 sfloppy - ok
19:42:04.0268 5860 Shockprf (5a5346931ce61ea85f8338f7a03131f7) C:\Windows\system32\DRIVERS\Apsx64.sys
19:42:04.0281 5860 Shockprf - ok
19:42:04.0302 5860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:42:04.0316 5860 SiSRaid2 - ok
19:42:04.0330 5860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:42:04.0345 5860 SiSRaid4 - ok
19:42:04.0382 5860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:42:04.0428 5860 Smb - ok
19:42:04.0492 5860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:42:04.0505 5860 spldr - ok
19:42:04.0593 5860 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:42:04.0615 5860 srv - ok
19:42:04.0646 5860 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:42:04.0667 5860 srv2 - ok
19:42:04.0713 5860 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:42:04.0734 5860 SrvHsfHDA - ok
19:42:04.0781 5860 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:42:04.0817 5860 SrvHsfV92 - ok
19:42:04.0859 5860 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:42:04.0886 5860 SrvHsfWinac - ok
19:42:04.0925 5860 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:42:04.0944 5860 srvnet - ok
19:42:04.0994 5860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:42:05.0008 5860 stexstor - ok
19:42:05.0067 5860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:42:05.0080 5860 swenum - ok
19:42:05.0146 5860 SynTP (311012779af2704350adee3b4fe848ba) C:\Windows\system32\DRIVERS\SynTP.sys
19:42:05.0161 5860 SynTP - ok
19:42:05.0285 5860 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
19:42:05.0330 5860 Tcpip - ok
19:42:05.0434 5860 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
19:42:05.0479 5860 TCPIP6 - ok
19:42:05.0518 5860 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:42:05.0562 5860 tcpipreg - ok
19:42:05.0616 5860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:42:05.0661 5860 TDPIPE - ok
19:42:05.0674 5860 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:42:05.0721 5860 TDTCP - ok
19:42:05.0773 5860 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:42:05.0817 5860 tdx - ok
19:42:05.0837 5860 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:42:05.0852 5860 TermDD - ok
19:42:05.0937 5860 TPDIGIMN (7e25f9ae51daac0791df1eb949a58dbe) C:\Windows\system32\DRIVERS\ApsHM64.sys
19:42:05.0947 5860 TPDIGIMN - ok
19:42:06.0000 5860 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
19:42:06.0018 5860 TPM - ok
19:42:06.0085 5860 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
19:42:06.0096 5860 TPPWRIF - ok
19:42:06.0134 5860 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:42:06.0178 5860 tssecsrv - ok
19:42:06.0227 5860 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:42:06.0272 5860 tunnel - ok
19:42:06.0308 5860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:42:06.0322 5860 uagp35 - ok
19:42:06.0353 5860 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:42:06.0400 5860 udfs - ok
19:42:06.0443 5860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:42:06.0457 5860 uliagpkx - ok
19:42:06.0510 5860 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:42:06.0529 5860 umbus - ok
19:42:06.0542 5860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:42:06.0560 5860 UmPass - ok
19:42:06.0623 5860 USBAAPL64 (5cf1ead086176dd3348e920a40bed03d) C:\Windows\system32\Drivers\usbaapl64.sys
19:42:06.0638 5860 USBAAPL64 - ok
19:42:06.0685 5860 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:42:06.0704 5860 usbccgp - ok
19:42:06.0775 5860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:42:06.0797 5860 usbcir - ok
19:42:06.0849 5860 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:42:06.0866 5860 usbehci - ok
19:42:06.0953 5860 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:42:06.0974 5860 usbhub - ok
19:42:07.0031 5860 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:42:07.0047 5860 usbohci - ok
19:42:07.0107 5860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:42:07.0127 5860 usbprint - ok
19:42:07.0179 5860 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:42:07.0200 5860 usbscan - ok
19:42:07.0241 5860 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:42:07.0259 5860 USBSTOR - ok
19:42:07.0303 5860 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:42:07.0321 5860 usbuhci - ok
19:42:07.0396 5860 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:42:07.0414 5860 usbvideo - ok
19:42:07.0500 5860 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
19:42:07.0520 5860 usb_rndisx - ok
19:42:07.0612 5860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:42:07.0626 5860 vdrvroot - ok
19:42:07.0659 5860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:42:07.0680 5860 vga - ok
19:42:07.0706 5860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:42:07.0751 5860 VgaSave - ok
19:42:07.0768 5860 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:42:07.0785 5860 vhdmp - ok
19:42:07.0799 5860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:42:07.0813 5860 viaide - ok
19:42:07.0834 5860 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:42:07.0848 5860 volmgr - ok
19:42:07.0874 5860 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:42:07.0893 5860 volmgrx - ok
19:42:07.0923 5860 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:42:07.0941 5860 volsnap - ok
19:42:07.0998 5860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:42:08.0014 5860 vsmraid - ok
19:42:08.0043 5860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:42:08.0064 5860 vwifibus - ok
19:42:08.0118 5860 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:42:08.0140 5860 vwififlt - ok
19:42:08.0183 5860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:42:08.0200 5860 WacomPen - ok
19:42:08.0256 5860 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:42:08.0302 5860 WANARP - ok
19:42:08.0321 5860 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:42:08.0366 5860 Wanarpv6 - ok
19:42:08.0531 5860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:42:08.0544 5860 Wd - ok
19:42:08.0600 5860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:42:08.0624 5860 Wdf01000 - ok
19:42:08.0702 5860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:42:08.0747 5860 WfpLwf - ok
19:42:08.0775 5860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:42:08.0789 5860 WIMMount - ok
19:42:08.0872 5860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:42:08.0889 5860 WmiAcpi - ok
19:42:08.0964 5860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:42:09.0012 5860 ws2ifsl - ok
19:42:09.0056 5860 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:42:09.0102 5860 WudfPf - ok
19:42:09.0135 5860 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:42:09.0180 5860 WUDFRd - ok
19:42:09.0253 5860 MBR (0x1B8) (627df35f8cd43e1a194974dfa411547a) \Device\Harddisk0\DR0
19:42:09.0346 5860 \Device\Harddisk0\DR0 - ok
19:42:09.0379 5860 Boot (0x1200) (15e44bc409dc13c4bd5093449b586c2d) \Device\Harddisk0\DR0\Partition0
19:42:09.0380 5860 \Device\Harddisk0\DR0\Partition0 - ok
19:42:09.0390 5860 Boot (0x1200) (fb51fabf51bb998794f1e6fb133f88a0) \Device\Harddisk0\DR0\Partition1
19:42:09.0391 5860 \Device\Harddisk0\DR0\Partition1 - ok
19:42:09.0419 5860 Boot (0x1200) (02e4e97e89b164f3c6109a343b1fd627) \Device\Harddisk0\DR0\Partition2
19:42:09.0420 5860 \Device\Harddisk0\DR0\Partition2 - ok
19:42:09.0420 5860 ============================================================
19:42:09.0420 5860 Scan finished
19:42:09.0420 5860 ============================================================
19:42:09.0435 5244 Detected object count: 0
19:42:09.0436 5244 Actual detected object count: 0
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The unknown MBR may well be a factor of your computer as some manufacturers have a custom MBR

Do the redirects occur in Firefox, IE or both also what the is most common site that you get redirected to ?
  • 0

Advertisements


#11
whaaatif

whaaatif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
The redirects occur with both Firefox and Chrome, but less often with Chrome - sometimes I'll start up Chrome and it searches fine all night. Redirect happens with Firefox every time I use it. Firefox is my main browser. I don't have IE. Should I download IE and try searching with it?

When I click on a search link, the address that shows up immediately on the address bar is webplains.net. Then it redirects me to another website - sometimes ads or "free movies/tv shows" type websites. I've also gotten redirected to Bing a couple times. Here are some redirects that I've gotten more frequently:
http://greatstories....m/great-stories
http://greatstories....m/great-stories
Sometimes the link in the address bar will change twice before actually connecting, as if it's trying to decide what website to redirect me to...

I find that if I keep clicking on search links, eventually it stops redirecting me.

I hope you have some more tricks up your sleeve for me to try, this thing is driving me insane. I'm a poor student and can't afford to give my laptop away for a month for a "professional" to fix it :)
  • 0

#12
whaaatif

whaaatif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Oh I forgot to mention that right before the redirects started, the Java logo popped up on my screen. Not sure if that means anything...
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that does help narrow it down :) On completion of this can you check to see if they still occur

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear.

    Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

THEN


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

  • 0

#14
whaaatif

whaaatif

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Ok I ran GooredFix and JavaRa like you said, but I'm still getting redirects and MSE still does not run :)

Here's the GooredFix log:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:26 on 03/11/2011 (Administrator)
Firefox version 7.0.1 (en-GB)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:05 21/06/2011]

C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\n1u892dr.default\extensions\
{5384767E-00D9-40E9-B72F-9CC39D655D6F} [03:55 28/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-



Here's the JavaRa log:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Nov 03 21:33:13 2011

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin.160_16

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_16

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_16

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_16

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_16

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_16

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you download a fresh copy of MSE to your desktop
Uninstall MSE and reboot
Reinstall MSE and let me know if it runs

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab select advanced mode and click start
Posted Image

Select the items in the red surround (remove the ticks from the rest ) and tick restart system when finished
[attachment=53351:Capture.GIF]
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP