Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

google redirect plus other problems

Started by agwatkins , Feb 02 2012 09:24 PM

Please log in to reply

#1
agwatkins

Posted 02 February 2012 - 09:24 PM

New Member

Member
2 posts

Running Vista Ultimate. Google has been redirecting me for the past week or more. Also, when I try to open task manager I get a black screen with the error message "login process has failed to create the security options dialog." I also get a black screen when restarting and when switching users. Programs sometimes take several minutes to open. I have run AVG and malwarebytes scans but they found nothing.

Any help would be appreciated!

OTL logfile created on: 2/2/2012 10:28:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\Ashley\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.34 Gb Available Physical Memory | 16.98% Memory free
4.23 Gb Paging File | 2.41 Gb Available in Paging File | 57.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 10.34 Gb Free Space | 9.25% Space Free | Partition Type: NTFS

Computer Name: ASHLEY-PC | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/29 22:40:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\Ashley\Downloads\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/23 12:30:18 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/08/06 20:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0415Mon.exe

========== Modules (No Company Name) ==========

MOD - [2011/05/21 14:27:07 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/04/14 11:25:47 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/03/21 13:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/24 02:12:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/08/13 20:00:00 | 000,282,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0415Vid.sys -- (V0415Vid)
DRV - [2008/08/12 14:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/01/19 00:49:30 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/18 23:25:05 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/01/15 16:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000001f3c54e4dc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://mail.google....23gu2mhq4mr/?&"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...5:33&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/30 21:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/30 21:14:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/02 16:38:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/05 19:28:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 19:28:29 | 000,000,000 | ---D | M]

[2011/05/21 14:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions
[2011/10/16 19:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\05fqtpvb.default\extensions
[2011/10/16 19:36:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\05fqtpvb.default\extensions\[email protected]
[2011/06/08 21:57:30 | 000,002,264 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\05fqtpvb.default\searchplugins\bing-zugo.xml
[2011/09/12 21:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/12 21:50:21 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/07/22 14:52:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/02/02 16:38:40 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\ASHLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\05FQTPVB.DEFAULT\EXTENSIONS\[email protected]
[2011/05/24 02:11:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/22 14:51:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/16 15:11:01 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/16 19:36:20 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2012/01/30 13:54:59 | 000,000,882 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 94.63.147.14 www.google.com
O1 - Hosts: 94.63.147.15 www.bing.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [C:\Windows\system32\V0415Ext.ax] C:\Windows\System32\V0415Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Live! Central] C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [V0415Mon.exe] C:\Windows\V0415Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MediaGet2] C:\Users\Ashley\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D530AC6-DB11-4B30-9C6D-0278D525B016}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 16:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/31 17:26:46 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Malwarebytes
[2012/01/31 17:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/31 17:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/31 17:25:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/31 17:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/24 23:32:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2012/02/02 22:01:49 | 000,000,680 | ---- | M] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[2012/02/02 22:00:18 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 22:00:17 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 21:59:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/02 21:59:37 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/02 20:30:51 | 000,594,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/02 20:30:51 | 000,100,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/02 16:45:17 | 057,083,541 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/02 16:38:40 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/02/01 21:43:02 | 000,049,466 | ---- | M] () -- C:\Users\Ashley\Desktop\Resume.pdf
[2012/02/01 15:51:54 | 000,000,880 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/31 21:00:01 | 000,002,633 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/01/31 17:26:07 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 21:40:14 | 000,018,944 | ---- | M] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/12 08:27:26 | 181,379,963 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/12 03:10:36 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI

========== Files Created - No Company Name ==========

[2012/02/02 16:38:40 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/02/01 21:43:02 | 000,049,466 | ---- | C] () -- C:\Users\Ashley\Desktop\Resume.pdf
[2012/02/01 15:51:54 | 000,000,880 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/31 17:26:07 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 03:10:36 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/12/31 20:22:09 | 000,011,280 | -HS- | C] () -- C:\ProgramData\mkq17cp23vm1erhrebnm558272f2cos671b07quqfh6
[2011/12/25 09:29:10 | 000,001,324 | -HS- | C] () -- C:\Users\Ashley\AppData\Local\343256y3b825s702v020d5gbw1m7
[2011/12/25 09:29:10 | 000,001,324 | -HS- | C] () -- C:\ProgramData\343256y3b825s702v020d5gbw1m7
[2011/07/01 14:17:28 | 000,000,552 | ---- | C] () -- C:\Users\Ashley\AppData\Local\d3d8caps.dat
[2011/05/25 11:12:29 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/25 11:12:06 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/25 11:11:47 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2011/05/21 19:55:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/21 19:40:49 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2011/05/21 14:50:14 | 000,018,944 | ---- | C] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/21 14:46:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/21 14:09:35 | 000,000,680 | ---- | C] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,240,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,594,936 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,100,972 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2011/10/18 21:23:11 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Audacity
[2011/09/28 15:43:13 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\AVG2012
[2011/10/16 19:36:19 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Babylon
[2011/09/01 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Barnes & Noble
[2012/02/02 21:56:47 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Free Download Manager
[2011/06/24 19:26:30 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\LegalsoundsDownloadManager
[2012/02/02 16:58:22 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Edited by agwatkins, 02 February 2012 - 09:35 PM.

#2
RKinner

Posted 02 February 2012 - 10:07 PM

Malware Expert

Expert
24,625 posts

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
[2011/10/16 19:36:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\05fqtpvb.default\extensions\[email protected]
[2011/10/16 19:36:20 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O1 - Hosts: 94.63.147.14 www.google.com
O1 - Hosts: 94.63.147.15 www.bing.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [MediaGet2] C:\Users\Ashley\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
[2011/12/31 20:22:09 | 000,011,280 | -HS- | C] () -- C:\ProgramData\mkq17cp23vm1erhrebnm558272f2cos671b07quqfh6
[2011/12/25 09:29:10 | 000,001,324 | -HS- | C] () -- C:\Users\Ashley\AppData\Local\343256y3b825s702v020d5gbw1m7
[2011/12/25 09:29:10 | 000,001,324 | -HS- | C] () -- C:\ProgramData\343256y3b825s702v020d5gbw1m7
[2011/10/16 19:36:19 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Babylon

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Ron

#3
agwatkins

Posted 03 February 2012 - 09:53 PM

New Member

Topic Starter
Member
2 posts

I can't find the combofix log, but here are the others:

22:02:26.0459 3320 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
22:02:26.0989 3320 ============================================================
22:02:26.0989 3320 Current date / time: 2012/02/03 22:02:26.0989
22:02:26.0989 3320 SystemInfo:
22:02:26.0989 3320
22:02:26.0989 3320 OS Version: 6.0.6001 ServicePack: 1.0
22:02:26.0989 3320 Product type: Workstation
22:02:26.0989 3320 ComputerName: ASHLEY-PC
22:02:26.0989 3320 UserName: Ashley
22:02:26.0989 3320 Windows directory: C:\Windows
22:02:26.0989 3320 System windows directory: C:\Windows
22:02:26.0989 3320 Processor architecture: Intel x86
22:02:26.0989 3320 Number of processors: 2
22:02:26.0989 3320 Page size: 0x1000
22:02:26.0989 3320 Boot type: Normal boot
22:02:26.0989 3320 ============================================================
22:02:30.0125 3320 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:02:30.0156 3320 \Device\Harddisk0\DR0:
22:02:30.0171 3320 MBR used
22:02:30.0171 3320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
22:02:30.0218 3320 Initialize success
22:02:30.0218 3320 ============================================================
22:02:36.0302 4224 ============================================================
22:02:36.0302 4224 Scan started
22:02:36.0302 4224 Mode: Manual; SigCheck; TDLFS;
22:02:36.0302 4224 ============================================================
22:02:37.0893 4224 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
22:02:38.0237 4224 ACPI - ok
22:02:38.0533 4224 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:02:38.0627 4224 adp94xx - ok
22:02:38.0939 4224 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:02:39.0001 4224 adpahci - ok
22:02:39.0157 4224 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:02:39.0219 4224 adpu160m - ok
22:02:39.0485 4224 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:02:39.0531 4224 adpu320 - ok
22:02:39.0828 4224 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
22:02:39.0937 4224 AFD - ok
22:02:40.0265 4224 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:02:40.0327 4224 agp440 - ok
22:02:40.0389 4224 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:02:40.0436 4224 aic78xx - ok
22:02:40.0686 4224 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
22:02:40.0733 4224 aliide - ok
22:02:40.0998 4224 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:02:41.0060 4224 amdagp - ok
22:02:41.0263 4224 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
22:02:41.0325 4224 amdide - ok
22:02:41.0575 4224 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:02:41.0903 4224 AmdK7 - ok
22:02:42.0168 4224 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:02:42.0293 4224 AmdK8 - ok
22:02:42.0480 4224 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:02:42.0511 4224 arc - ok
22:02:42.0792 4224 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:02:42.0839 4224 arcsas - ok
22:02:42.0979 4224 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:02:43.0229 4224 AsyncMac - ok
22:02:43.0509 4224 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
22:02:43.0556 4224 atapi - ok
22:02:43.0868 4224 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:02:44.0040 4224 AVGIDSDriver - ok
22:02:44.0227 4224 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:02:44.0274 4224 AVGIDSEH - ok
22:02:44.0523 4224 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:02:44.0570 4224 AVGIDSFilter - ok
22:02:44.0820 4224 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
22:02:44.0851 4224 AVGIDSShim - ok
22:02:45.0054 4224 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
22:02:45.0101 4224 Avgldx86 - ok
22:02:45.0444 4224 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:02:45.0491 4224 Avgmfx86 - ok
22:02:45.0662 4224 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:02:45.0693 4224 Avgrkx86 - ok
22:02:45.0990 4224 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
22:02:46.0037 4224 Avgtdix - ok
22:02:46.0271 4224 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:02:46.0411 4224 b57nd60x - ok
22:02:46.0598 4224 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:02:46.0723 4224 Beep - ok
22:02:46.0895 4224 blbdrive - ok
22:02:46.0988 4224 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
22:02:47.0097 4224 bowser - ok
22:02:47.0285 4224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:02:47.0472 4224 BrFiltLo - ok
22:02:47.0628 4224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:02:47.0721 4224 BrFiltUp - ok
22:02:47.0940 4224 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:02:48.0174 4224 Brserid - ok
22:02:48.0408 4224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:02:48.0579 4224 BrSerWdm - ok
22:02:48.0860 4224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:02:49.0001 4224 BrUsbMdm - ok
22:02:49.0297 4224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:02:49.0453 4224 BrUsbSer - ok
22:02:49.0734 4224 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:02:49.0874 4224 BTHMODEM - ok
22:02:50.0171 4224 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:02:50.0280 4224 cdfs - ok
22:02:50.0561 4224 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
22:02:50.0670 4224 cdrom - ok
22:02:50.0966 4224 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:02:51.0122 4224 circlass - ok
22:02:51.0325 4224 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
22:02:51.0387 4224 CLFS - ok
22:02:51.0606 4224 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:02:51.0715 4224 CmBatt - ok
22:02:51.0949 4224 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
22:02:52.0027 4224 cmdide - ok
22:02:52.0277 4224 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:02:52.0323 4224 Compbatt - ok
22:02:52.0557 4224 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:02:52.0589 4224 crcdisk - ok
22:02:52.0916 4224 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:02:53.0041 4224 Crusoe - ok
22:02:53.0322 4224 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
22:02:53.0400 4224 CSC - ok
22:02:53.0634 4224 CtClsFlt (a029cde0a50aee7eeffd70dd3821953d) C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:02:53.0743 4224 CtClsFlt - ok
22:02:54.0055 4224 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
22:02:54.0133 4224 DfsC - ok
22:02:54.0367 4224 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
22:02:54.0414 4224 disk - ok
22:02:54.0726 4224 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:02:54.0835 4224 drmkaud - ok
22:02:55.0085 4224 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
22:02:55.0209 4224 DXGKrnl - ok
22:02:55.0459 4224 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:02:55.0631 4224 E1G60 - ok
22:02:55.0989 4224 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
22:02:56.0036 4224 Ecache - ok
22:02:56.0411 4224 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:02:56.0489 4224 elxstor - ok
22:02:56.0894 4224 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
22:02:57.0019 4224 exfat - ok
22:02:57.0269 4224 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
22:02:57.0378 4224 fastfat - ok
22:02:57.0768 4224 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:02:57.0908 4224 fdc - ok
22:02:58.0095 4224 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:02:58.0142 4224 FileInfo - ok
22:02:58.0220 4224 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:02:58.0329 4224 Filetrace - ok
22:02:58.0641 4224 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:02:58.0813 4224 flpydisk - ok
22:02:59.0078 4224 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
22:02:59.0125 4224 FltMgr - ok
22:02:59.0437 4224 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:02:59.0531 4224 Fs_Rec - ok
22:02:59.0765 4224 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
22:02:59.0811 4224 fvevol - ok
22:03:00.0108 4224 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:03:00.0155 4224 gagp30kx - ok
22:03:00.0451 4224 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:03:00.0482 4224 GEARAspiWDM - ok
22:03:00.0701 4224 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:03:00.0903 4224 HdAudAddService - ok
22:03:01.0169 4224 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:03:01.0293 4224 HDAudBus - ok
22:03:01.0465 4224 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:03:01.0621 4224 HidBth - ok
22:03:01.0808 4224 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:03:01.0980 4224 HidIr - ok
22:03:02.0261 4224 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
22:03:02.0370 4224 HidUsb - ok
22:03:02.0619 4224 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:03:02.0666 4224 HpCISSs - ok
22:03:02.0838 4224 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:03:02.0947 4224 HSFHWAZL - ok
22:03:03.0353 4224 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:03:03.0524 4224 HSF_DPV - ok
22:03:03.0789 4224 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
22:03:03.0883 4224 HTTP - ok
22:03:04.0148 4224 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:03:04.0195 4224 i2omp - ok
22:03:04.0445 4224 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:03:04.0554 4224 i8042prt - ok
22:03:04.0850 4224 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:03:04.0913 4224 iaStorV - ok
22:03:05.0209 4224 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:03:05.0256 4224 iirsp - ok
22:03:05.0505 4224 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:03:05.0537 4224 intelide - ok
22:03:05.0786 4224 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:03:05.0864 4224 intelppm - ok
22:03:06.0129 4224 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:03:06.0223 4224 IpFilterDriver - ok
22:03:06.0363 4224 IpInIp - ok
22:03:06.0551 4224 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:03:06.0722 4224 IPMIDRV - ok
22:03:07.0003 4224 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:03:07.0112 4224 IPNAT - ok
22:03:07.0393 4224 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:03:07.0502 4224 IRENUM - ok
22:03:07.0783 4224 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:03:07.0830 4224 isapnp - ok
22:03:08.0001 4224 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
22:03:08.0064 4224 iScsiPrt - ok
22:03:08.0360 4224 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:03:08.0423 4224 iteatapi - ok
22:03:08.0610 4224 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:03:08.0672 4224 iteraid - ok
22:03:08.0937 4224 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:03:08.0984 4224 kbdclass - ok
22:03:09.0312 4224 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
22:03:09.0468 4224 kbdhid - ok
22:03:09.0717 4224 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
22:03:09.0780 4224 KSecDD - ok
22:03:10.0045 4224 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:03:10.0139 4224 lltdio - ok
22:03:10.0388 4224 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:03:10.0451 4224 LSI_FC - ok
22:03:10.0622 4224 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:03:10.0669 4224 LSI_SAS - ok
22:03:10.0887 4224 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:03:10.0934 4224 LSI_SCSI - ok
22:03:11.0168 4224 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:03:11.0277 4224 luafv - ok
22:03:11.0511 4224 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
22:03:11.0589 4224 MBAMSwissArmy - ok
22:03:11.0823 4224 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:03:11.0886 4224 megasas - ok
22:03:12.0182 4224 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:03:12.0276 4224 Modem - ok
22:03:12.0525 4224 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
22:03:12.0666 4224 monitor - ok
22:03:13.0025 4224 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:03:13.0071 4224 mouclass - ok
22:03:13.0337 4224 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:03:13.0430 4224 mouhid - ok
22:03:13.0695 4224 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:03:13.0742 4224 MountMgr - ok
22:03:13.0914 4224 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:03:13.0961 4224 mpio - ok
22:03:14.0195 4224 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:03:14.0304 4224 mpsdrv - ok
22:03:14.0787 4224 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:03:14.0850 4224 Mraid35x - ok
22:03:15.0115 4224 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
22:03:15.0271 4224 MRxDAV - ok
22:03:15.0552 4224 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:03:15.0645 4224 mrxsmb - ok
22:03:15.0911 4224 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:03:15.0973 4224 mrxsmb10 - ok
22:03:16.0223 4224 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:03:16.0301 4224 mrxsmb20 - ok
22:03:16.0535 4224 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
22:03:16.0597 4224 msahci - ok
22:03:16.0847 4224 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:03:16.0909 4224 msdsm - ok
22:03:17.0237 4224 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:03:17.0330 4224 Msfs - ok
22:03:17.0580 4224 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:03:17.0627 4224 msisadrv - ok
22:03:17.0939 4224 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:03:18.0063 4224 MSKSSRV - ok
22:03:18.0375 4224 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:03:18.0485 4224 MSPCLOCK - ok
22:03:18.0828 4224 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:03:18.0968 4224 MSPQM - ok
22:03:19.0296 4224 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
22:03:19.0436 4224 MsRPC - ok
22:03:19.0842 4224 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:03:19.0889 4224 mssmbios - ok
22:03:20.0169 4224 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:03:20.0279 4224 MSTEE - ok
22:03:20.0622 4224 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
22:03:20.0669 4224 Mup - ok
22:03:21.0090 4224 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
22:03:21.0230 4224 NativeWifiP - ok
22:03:21.0901 4224 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
22:03:21.0963 4224 NDIS - ok
22:03:22.0275 4224 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:03:22.0385 4224 NdisTapi - ok
22:03:22.0759 4224 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:03:22.0868 4224 Ndisuio - ok
22:03:23.0321 4224 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
22:03:23.0445 4224 NdisWan - ok
22:03:23.0867 4224 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:03:23.0960 4224 NDProxy - ok
22:03:24.0459 4224 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:03:24.0584 4224 NetBIOS - ok
22:03:25.0146 4224 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
22:03:25.0255 4224 netbt - ok
22:03:26.0300 4224 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
22:03:27.0174 4224 NETw3v32 - ok
22:03:27.0611 4224 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:03:27.0673 4224 nfrd960 - ok
22:03:27.0829 4224 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
22:03:27.0907 4224 Npfs - ok
22:03:28.0141 4224 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:03:28.0235 4224 nsiproxy - ok
22:03:28.0687 4224 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
22:03:28.0812 4224 Ntfs - ok
22:03:29.0155 4224 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:03:29.0295 4224 ntrigdigi - ok
22:03:29.0685 4224 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:03:29.0795 4224 Null - ok
22:03:30.0075 4224 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
22:03:30.0169 4224 nvraid - ok
22:03:30.0481 4224 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
22:03:30.0590 4224 nvstor - ok
22:03:30.0809 4224 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:03:30.0855 4224 nv_agp - ok
22:03:31.0136 4224 NwlnkFlt - ok
22:03:31.0183 4224 NwlnkFwd - ok
22:03:31.0386 4224 OADevice (43d99d58cbadbedebb95069caf6189ca) C:\Windows\system32\drivers\OADriver.sys
22:03:31.0433 4224 OADevice - ok
22:03:31.0729 4224 oahlpXX (f030e19809a764cae883050d2de42805) C:\Windows\system32\drivers\oahlp32.sys
22:03:31.0776 4224 oahlpXX - ok
22:03:32.0041 4224 OAmon (8e2a8fe08e0c5aacf59c8ec08f639b46) C:\Windows\system32\drivers\OAmon.sys
22:03:32.0088 4224 OAmon - ok
22:03:32.0462 4224 OAnet (caad419a9b9c1c1896071da1f1613e7e) C:\Windows\system32\DRIVERS\oanet.sys
22:03:32.0509 4224 OAnet - ok
22:03:32.0868 4224 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
22:03:33.0008 4224 ohci1394 - ok
22:03:33.0913 4224 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:03:34.0131 4224 Parport - ok
22:03:34.0615 4224 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
22:03:34.0662 4224 partmgr - ok
22:03:35.0567 4224 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:03:35.0769 4224 Parvdm - ok
22:03:36.0503 4224 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
22:03:36.0549 4224 pci - ok
22:03:37.0251 4224 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
22:03:37.0298 4224 pciide - ok
22:03:37.0735 4224 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
22:03:37.0782 4224 pcmcia - ok
22:03:38.0281 4224 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:03:38.0593 4224 PEAUTH - ok
22:03:38.0921 4224 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:03:38.0999 4224 PptpMiniport - ok
22:03:39.0217 4224 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:03:39.0373 4224 Processor - ok
22:03:39.0654 4224 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
22:03:39.0732 4224 PSched - ok
22:03:40.0153 4224 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:03:40.0262 4224 ql2300 - ok
22:03:40.0621 4224 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:03:40.0668 4224 ql40xx - ok
22:03:40.0871 4224 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:03:40.0949 4224 QWAVEdrv - ok
22:03:41.0214 4224 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:03:41.0307 4224 RasAcd - ok
22:03:41.0666 4224 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:03:41.0760 4224 Rasl2tp - ok
22:03:41.0978 4224 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
22:03:42.0103 4224 RasPppoe - ok
22:03:42.0290 4224 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
22:03:42.0368 4224 RasSstp - ok
22:03:42.0602 4224 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
22:03:42.0696 4224 rdbss - ok
22:03:42.0992 4224 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:03:43.0086 4224 RDPCDD - ok
22:03:43.0413 4224 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
22:03:43.0554 4224 rdpdr - ok
22:03:43.0757 4224 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:03:43.0835 4224 RDPENCDD - ok
22:03:43.0991 4224 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
22:03:44.0084 4224 RDPWD - ok
22:03:44.0412 4224 RLDesignVirtualAudioCableWdm (f5cd7457fa2f0d1078992ccb77a546c4) C:\Windows\system32\DRIVERS\livecamv.sys
22:03:44.0490 4224 RLDesignVirtualAudioCableWdm - ok
22:03:44.0864 4224 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:03:44.0958 4224 rspndr - ok
22:03:45.0223 4224 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:03:45.0285 4224 sbp2port - ok
22:03:45.0644 4224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:03:45.0769 4224 secdrv - ok
22:03:46.0050 4224 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
22:03:46.0143 4224 Serenum - ok
22:03:46.0206 4224 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
22:03:46.0284 4224 Serial - ok
22:03:46.0549 4224 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:03:46.0643 4224 sermouse - ok
22:03:47.0033 4224 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:03:47.0173 4224 sffdisk - ok
22:03:47.0516 4224 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:03:47.0672 4224 sffp_mmc - ok
22:03:48.0000 4224 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:03:48.0125 4224 sffp_sd - ok
22:03:48.0390 4224 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:03:48.0530 4224 sfloppy - ok
22:03:48.0842 4224 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:03:48.0889 4224 sisagp - ok
22:03:48.0983 4224 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:03:49.0029 4224 SiSRaid2 - ok
22:03:49.0092 4224 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:03:49.0139 4224 SiSRaid4 - ok
22:03:49.0404 4224 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
22:03:49.0497 4224 Smb - ok
22:03:49.0809 4224 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:03:49.0856 4224 spldr - ok
22:03:50.0075 4224 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
22:03:50.0153 4224 srv - ok
22:03:50.0418 4224 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
22:03:50.0496 4224 srv2 - ok
22:03:50.0839 4224 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
22:03:50.0917 4224 srvnet - ok
22:03:51.0182 4224 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:03:51.0229 4224 swenum - ok
22:03:51.0603 4224 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:03:51.0666 4224 Symc8xx - ok
22:03:51.0822 4224 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:03:51.0884 4224 Sym_hi - ok
22:03:52.0056 4224 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:03:52.0103 4224 Sym_u3 - ok
22:03:52.0461 4224 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
22:03:52.0539 4224 Tcpip - ok
22:03:53.0039 4224 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
22:03:53.0132 4224 Tcpip6 - ok
22:03:53.0444 4224 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
22:03:53.0553 4224 tcpipreg - ok
22:03:53.0881 4224 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:03:53.0990 4224 TDPIPE - ok
22:03:54.0146 4224 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:03:54.0240 4224 TDTCP - ok
22:03:54.0505 4224 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
22:03:54.0583 4224 tdx - ok
22:03:54.0926 4224 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
22:03:54.0973 4224 TermDD - ok
22:03:55.0176 4224 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:03:55.0254 4224 tssecsrv - ok
22:03:55.0457 4224 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:03:55.0550 4224 tunmp - ok
22:03:55.0909 4224 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
22:03:56.0018 4224 tunnel - ok
22:03:56.0221 4224 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:03:56.0283 4224 uagp35 - ok
22:03:56.0611 4224 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
22:03:56.0736 4224 udfs - ok
22:03:57.0126 4224 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:03:57.0173 4224 uliagpkx - ok
22:03:57.0547 4224 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:03:57.0594 4224 uliahci - ok
22:03:57.0875 4224 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:03:57.0937 4224 UlSata - ok
22:03:58.0249 4224 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:03:58.0311 4224 ulsata2 - ok
22:03:58.0639 4224 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:03:58.0748 4224 umbus - ok
22:03:59.0154 4224 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
22:03:59.0263 4224 USBAAPL - ok
22:03:59.0622 4224 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
22:03:59.0715 4224 usbaudio - ok
22:04:00.0121 4224 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:04:00.0215 4224 usbccgp - ok
22:04:00.0605 4224 USBCCID (e0b8489aeda9ea33361037be6a8cf1ca) C:\Windows\system32\DRIVERS\usbccid.sys
22:04:00.0714 4224 USBCCID - ok
22:04:01.0104 4224 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:04:01.0260 4224 usbcir - ok
22:04:01.0587 4224 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
22:04:01.0681 4224 usbehci - ok
22:04:02.0133 4224 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
22:04:02.0243 4224 usbhub - ok
22:04:02.0523 4224 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:04:02.0679 4224 usbohci - ok
22:04:03.0023 4224 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:04:03.0163 4224 usbprint - ok
22:04:03.0506 4224 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:04:03.0631 4224 USBSTOR - ok
22:04:03.0974 4224 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:04:04.0068 4224 usbuhci - ok
22:04:04.0442 4224 V0415Vid (d1f704a02aceec96f4e2252ba120fc68) C:\Windows\system32\DRIVERS\V0415Vid.sys
22:04:04.0598 4224 V0415Vid - ok
22:04:05.0019 4224 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:04:05.0129 4224 vga - ok
22:04:05.0331 4224 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:04:05.0409 4224 VgaSave - ok
22:04:05.0628 4224 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:04:05.0675 4224 viaagp - ok
22:04:06.0065 4224 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:04:06.0221 4224 ViaC7 - ok
22:04:06.0408 4224 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
22:04:06.0470 4224 viaide - ok
22:04:06.0657 4224 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:04:06.0689 4224 volmgr - ok
22:04:07.0141 4224 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
22:04:07.0188 4224 volmgrx - ok
22:04:07.0422 4224 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
22:04:07.0469 4224 volsnap - ok
22:04:07.0749 4224 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:04:07.0812 4224 vsmraid - ok
22:04:08.0233 4224 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:04:08.0405 4224 WacomPen - ok
22:04:08.0763 4224 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:08.0841 4224 Wanarp - ok
22:04:08.0888 4224 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:08.0951 4224 Wanarpv6 - ok
22:04:09.0356 4224 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:04:09.0419 4224 Wd - ok
22:04:09.0762 4224 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:04:09.0824 4224 Wdf01000 - ok
22:04:10.0339 4224 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:04:10.0479 4224 winachsf - ok
22:04:10.0994 4224 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:04:11.0072 4224 WmiAcpi - ok
22:04:11.0462 4224 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:04:11.0556 4224 ws2ifsl - ok
22:04:11.0821 4224 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:11.0915 4224 WUDFRd - ok
22:04:12.0055 4224 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:04:12.0414 4224 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:04:12.0414 4224 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:04:12.0429 4224 Boot (0x1200) (92ed831f2c3c05f175793ea54feca891) \Device\Harddisk0\DR0\Partition0
22:04:12.0445 4224 \Device\Harddisk0\DR0\Partition0 - ok
22:04:12.0445 4224 ============================================================
22:04:12.0445 4224 Scan finished
22:04:12.0445 4224 ============================================================
22:04:12.0476 4216 Detected object count: 1
22:04:12.0476 4216 Actual detected object count: 1
22:04:21.0041 4216 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:04:21.0056 4216 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:04:21.0072 4216 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:04:21.0399 4216 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:04:21.0493 4216 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:04:21.0602 4216 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:04:21.0618 4216 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:04:21.0633 4216 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:04:21.0665 4216 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:04:21.0680 4216 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:04:21.0789 4216 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
22:04:29.0309 3704 Deinitialize success

*******The Fix button was NOT enabled after the aswMBR scan

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-03 22:08:49
-----------------------------
22:08:49.508 OS Version: Windows 6.0.6001 Service Pack 1
22:08:49.509 Number of processors: 2 586 0xF0B
22:08:49.510 ComputerName: ASHLEY-PC UserName: Ashley
22:08:50.463 Initialize success
22:08:55.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
22:08:55.277 Disk 0 Vendor: ST9120823ASG 3.ADD Size: 114473MB BusType: 3
22:08:55.329 Disk 0 MBR read successfully
22:08:55.337 Disk 0 MBR scan
22:08:55.344 Disk 0 Windows VISTA default MBR code
22:08:55.395 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048
22:08:55.406 Disk 0 scanning sectors +234438656
22:08:55.481 Disk 0 scanning C:\Windows\system32\drivers
22:09:03.757 Service scanning
22:09:05.524 Modules scanning
22:09:10.935 Scan finished successfully
22:09:22.907 Disk 0 MBR has been saved successfully to "C:\Users\Ashley\Desktop\MBR.dat"
22:09:22.908 The log file has been saved successfully to "C:\Users\Ashley\Desktop\aswMBR.txt"

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Ashley :: ASHLEY-PC [administrator]

2/3/2012 10:10:12 PM
mbam-log-2012-02-03 (22-10-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185204
Time elapsed: 19 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Temp\installer_nod32_4_2_42_0_English.exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.
C:\Users\Ashley\Downloads\sistersisters02e14dvdripxvid.exe (PUP.BundleInstaller.MG) -> Quarantined and deleted successfully.

(end)

#4
RKinner

Posted 03 February 2012 - 10:08 PM

Malware Expert

Expert
24,625 posts

Run TDSSKiller again and let's make sure that the stuff it found didn't come back.

Run Combofix again and try and save the log that it gives you somewhere you can find it. If not then

See if you can find

C:\Qoobox\ComboFix-quarantined-files.txt
C:\Qoobox\ComboFix2.txt

Let's check for damages:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Are you still getting redirected?

Ron