IE opening in processes and playing music and news?

Question

chantalrdj 0 Newbie Poster

13 Years Ago

HELP!!!I am running Windows 7 using the latest IE. Somehow this morning I got a nasty virus of 'System Fix' I ended up having to use Rkill to disable it and malwarebytes' to take it off. I thought that my computer was back to normal afterwards, but no! Shortly after while I was on IE, I heard a radio show talking and music coinsiding with it. I closed out of everything, opened up task manager, where there were no applications running, but sure enough iexplore is running in processes! I end it hoping that it would work and it did until I returned to IE.
Can anyone help me out on how to get this to stop!

Here is what was in processes just a little bit ago, while I was not on anything.

atieclxx.exe 00 232 K
BingApp.exe *32 00 592 K Bing Client Application
BingBar.exe *32 00 7,208K Bing Client Extensions
CameraHelperShell.exe *32 00 1,256K Webcam Controller
CCC.exe 00 4,344K Catalyst Control Centre: Host application
COCIManger.exe *32 00 596L Camera Control Interface
conhost.exe 01 1,180K
csrss.exe 00 1,376K
dwm.exe 00 18,380K Desktop Window Manager
explorer.exe 01 18,504K Windows Explorer
GoogleToolbarUser_32.exe*32 00 1,044K Google Toolbar Broker
HPAdvisor.exe*32 00 1,428K HP Advisor
HPAdvisorDock 00 5,104K HP Advisor Dock
hpsysdrv.exe*32 00 252K hpsysdrv
hpwuschd2.exe*32 00 252K hpwuschd Application
iexplore.exe*32 05 459,760K Internet Explorer
iTunesHelper.exe*32 00 1,056K iTunesHelper
jusched.exe*32 00 152K Java(TM) Update Scheduler
LWS.exe*32 00 524K Logitech Webcam Software
mbam.exe*32 04 38,076K Malwarebytes' Anti-Malware
mcagent.exe 00 2,392K McAfee Security Center
MOM.exe 00 1,532K Catalyst Control Center:Monitoring program
Monitor.exe*32 00 424K Monitor Application
netsession_win.exe*32 00 260K Akamai Netsession Client
netsession_win.exe*32 01 2,084K Akami NetSession Client
PCANUser.exe 01
realsched.exe*32 00 408K RealNetworks Scheduler
rundll32.exe 00 176K
rundll32.exe 00 176K
sidebar.exe 00 4,424K Windows Desktop Gadgets
SmartMenu.exe*32 00 476K SmartMenu
soffice.exe*32 00 1.260K OpenOffice.org 3.2
soffice.bin*32 00 132K OpenOffice 3.2
StikyNot.exe 00 1,784K Sticky Notes
taskhost.exe 00 1,000K Host Process for Windows Tasks
taskmgr.exe 01 2,408K Windows Task Manager
winlogon.exe 00 672K
WN111v2.exe*32 00 2,880K Netgear

virus-malware windows-virus

Edited 13 Years Ago by chantalrdj because: n/a

2 Contributors
35 Replies
531 Views
3 Days Discussion Span
Latest Post 13 Years Ago Latest Post by jholland1964

jholland1964 650 Posting Expert

13 Years Ago

So skip step five and go onto the rest. We honestly can't even begin to offer assistance until we see the logs from the other programs.
Though it should have run, it is a Microsoft Tool and the download is from Microsoft and it definitely is not incompatible with Windows 7. But don't worry about it.

Edited 13 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

13 Years Ago

And the Attach.txt log from DDS? Please copy/paste it also.

jholland1964 650 Posting Expert

13 Years Ago

If System Fix is truly what was on your computer then this infection is known to be bundled with the TDSS rootkit infection.
It would have helped if you had posted the MBA-M log from when this infection was removed so we could be sure.

You should also run the following program and post back with the log.

TDSKiller:
http://www.bleepingcomputer.com/download/anti-virus/tdsskiller
download the EXE file and save it to the desktop. Close all other running programs.
you should rename the TDSKiller by right clicking and choosing Rename and then rename it to iexplore.exe
Once the file is renamed, you should double-click on it to launch it.If you get a security warning about running an unknown program just click Run button to allow TDSSKiller to run. If you did not receive this warning, then TDSSKiller should have started.
TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If the infection was found click on the Continue button and TDSSKiller will attempt to clean the infection. If it does not say Cure, leave it at the default action of Skip and press the Continue button. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

When it has finished cleaning the infection you will see a report stating whether or not it was successful
Then update MBA-M and run another Full Scan with it and have it remove everything found and reboot. Post back here with the logs

If nothing was found by the TDSKiller than another MBA-M scan will not be required, post back here with that information.
By the way, for the Microsoft Malicious Softwave Removal Program since you have a 64bit system the x64 (64-bit) version would have been the one you should have installed. But don't worry about that now.

jholland1964 650 Posting Expert

13 Years Ago

You are using a 64bit system. You must run TDSKiller as Administrator. To do this you must Right Click and choose Run as Administrator.
Also rename it, did you? Delete it entirely and download a new copy from here:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Save it to the desktop. Rename it 123abc.com

Try first to run it in Normal Mode, if it will not run in normal mode then reboot to Safe Mode and try again.

jholland1964 650 Posting Expert

13 Years Ago

Ok, try this zip file:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);

Run the TDSSKiller.exe file;

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

chantalrdj 0 Newbie Poster · Answer 1 · 2011-11-30T06:21:27+00:00

Also, if you're wondering about the "do this before posting" It would not allow me to do step 5. It said that it was not compatable.

chantalrdj 0 Newbie Poster · Answer 2 · 2011-12-02T02:16:09+00:00

Step 5 would not work - It popped up saying "Microsoft Malicious Softwave Removal Program-This version of Malicious Software Removal Tool is not compatable with the version of Windows you are running. Check your computer's system information to see wheather you need a x86 (32-bit) or a x64 (64-bit) version of the program, and then contact the software publisher"

Step 7- GMER did not start a quick scan, therefore there is no log 1.

GMER LOG 2:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-01 10:48:59
Windows 6.1.7601 Service Pack 1
Running: w89xojor.exe

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Romanski\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1

---- Files - GMER 1.0.15 ----

File C:\Users\Romanski\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZZQKXZK\ErrorPageTemplate[1] 2168 bytes

---- EOF - GMER 1.0.15 ----

MALWAREBYTES LOG (I rescanned with MB last night and cleared 2 infections, this is after showing no infections)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8271

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/1/2011 12:42:09 PM
mbam-log-2011-12-01 (12-42-09).txt

Scan type: Full scan (C:\|)
Objects scanned: 439181
Time elapsed: 1 hour(s), 51 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS LOG:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17
Run by Romanski at 12:53:19 on 2011-12-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4863.3496 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Users\Romanski\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Users\Romanski\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111110012211.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Romanski\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Spotify] "C:\Users\Romanski\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Akamai NetSession Interface] C:\Users\Romanski\AppData\Local\Akamai\netsession_win.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Romanski\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7E75BA83-B5D1-4483-9D2C-407BEBB0EF1D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7E75BA83-B5D1-4483-9D2C-407BEBB0EF1D}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 69.145.232.4 69.144.49.30 69.146.17.3
TCP: Interfaces\{7E75BA83-B5D1-4483-9D2C-407BEBB0EF1D}\2656C6B696E6E253567346 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FADF828B-86ED-4CF3-B2FF-3AE25C0FE63D} : DhcpNameServer = 192.168.2.1 69.145.232.4 69.144.49.30 69.146.17.3
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111110012211.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2011-10-5 102608]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-6 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-6 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-11 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-11 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-29 366152]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-6 249936]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-2-29 942080]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgx64gps.sys --> C:\Windows\system32\DRIVERS\lgx64gps.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WN111v2x.sys --> C:\Windows\system32\DRIVERS\WN111v2x.sys [?]
.
=============== Created Last 30 ================
.
2011-11-30 21:52:15 388096 ----a-r- C:\Users\Romanski\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-30 21:52:14 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-29 18:22:56 -------- d-----w- C:\Users\Romanski\AppData\Roaming\Malwarebytes
2011-11-29 18:22:44 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-29 18:22:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-29 17:29:09 -------- d-----w- C:\ProgramData\PC Tools
2011-11-24 05:14:25 -------- d-----w- C:\Users\Romanski\AppData\Local\{FDC0600F-DE3B-46CD-8D8D-B46230862A7D}
2011-11-24 05:14:14 -------- d-----w- C:\Users\Romanski\AppData\Local\{9F8CF1B8-DBDC-47A3-A127-1A63FCFB7CB5}
2011-11-16 16:53:26 -------- d-----w- C:\Users\Romanski\AppData\Local\{2E16A0DD-591B-4C46-AC73-F97E7486BF75}
2011-11-16 16:53:15 -------- d-----w- C:\Users\Romanski\AppData\Local\{5A0E857C-9B38-4107-8D27-006DF495DFC7}
2011-11-15 01:14:01 -------- d-----w- C:\Windows\9013B37099D4404B9DB9779B51CEB5FF.TMP
2011-11-15 01:12:48 -------- d-----w- C:\Windows\4BC83065F98B4DB1B4AEAA2F1FA9BA2B.TMP
2011-11-14 04:33:49 -------- d-----w- C:\Users\Romanski\AppData\Local\{010E8199-6F43-4BE8-82AD-69778A99AF8C}
2011-11-14 04:33:37 -------- d-----w- C:\Users\Romanski\AppData\Local\{55949662-8CC3-4E13-834B-E637610D2FF3}
2011-11-10 00:58:24 -------- d-----w- C:\Users\Romanski\AppData\Local\Akamai
2011-11-09 14:19:13 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 14:19:12 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 14:19:10 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 14:19:09 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-04 16:42:02 -------- d-----w- C:\Windows\6541F55944704C0BA1BBB857ACAC4CE8.TMP
2011-11-04 16:37:33 -------- d-----w- C:\ProgramData\Leapfrog
2011-11-04 16:37:33 -------- d-----w- C:\Program Files (x86)\LeapFrog
.
==================== Find3M ====================
.
2011-11-04 16:43:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-28 21:06:15 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-10-28 21:06:15 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-10-18 21:32:28 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2011-10-15 20:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 20:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-10-15 20:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 20:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 20:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 20:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 20:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 20:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 20:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
.
============= FINISH: 13:04:43.30 ===============

chantalrdj 0 Newbie Poster · Answer 3 · 2011-12-02T04:46:46+00:00

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2010 11:51:08 PM
System Uptime: 12/1/2011 12:50:28 PM (1 hours ago)
.
Motherboard: FOXCONN | | 2AA9
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 585 GiB total, 510.921 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.385 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP142: 11/11/2011 3:00:32 AM - Windows Update
RP143: 11/12/2011 1:20:53 AM - HPSF Restore Point
RP144: 11/19/2011 8:51:09 AM - Scheduled Checkpoint
RP145: 11/28/2011 12:19:20 AM - Scheduled Checkpoint
RP146: 11/28/2011 11:05:50 AM - Windows Update
RP147: 11/30/2011 2:51:28 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Build-a-lot 2
Cake Mania
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Click to Call with Skype
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
erLT
Escape Rosecliff Island
Facebook Video Calling 1.0.0.8953
Faerie Solitaire
FATE
Feedback Tool
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 2050 J510 series Help
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPDiagnosticAlert
J2SE Runtime Environment 5.0 Update 17
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 26
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LeapFrog Connect
LeapFrog My Pals Plugin
LG USB Modem driver
LightScribe System Software
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee SecurityCenter
Messenger Companion
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
Norton Online Backup
OpenOffice.org 3.2
PDF Settings CS5
Penguins!
PhotoNow!
Picasa 3
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
RangeMax Wireless-N USB Adapter WN111v2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
Roxio CinemaNow 2.0
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype™ 5.5
swMSM
TextTwist 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WN111v2
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/1/2011 12:54:15 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
12/1/2011 12:54:15 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
12/1/2011 12:43:01 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2011 1:04:52 PM, Error: Service Control Manager [7000] - The DNISp50a64 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
11/30/2011 10:48:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
11/30/2011 10:44:04 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2011 10:44:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/30/2011 10:44:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/30/2011 10:43:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/30/2011 10:43:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/30/2011 10:43:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
.
==== End Of File ===========================

chantalrdj 0 Newbie Poster · Answer 4 · 2011-12-03T00:04:02+00:00

It will not let me open TDSS, I double-clicked, it popped up asking me to allow it about 5 different times and did not open it.
When I first found instructions to getting rid of the system fix virus it instructed me to also do TDSS Killer, but the same thing happened then.
Also, here is the firs Malwarebytes' log.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8271

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/29/2011 1:21:50 PM
mbam-log-2011-11-29 (13-21-50).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 442943
Time elapsed: 1 hour(s), 54 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 57
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GGyfLFDEWNT.exe (Trojan.FakeAlert) -> Value: GGyfLFDEWNT.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\ggyflfdewnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files (x86)\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files (x86)\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\programdata\j4h73apxvpdpx4.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\Romanski\AppData\LocalLow\funwebproducts\Installr\Cache\0006FB10.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

chantalrdj 0 Newbie Poster · Answer 5 · 2011-12-03T00:26:38+00:00

I did rename both and tried to run the first one as admin. and it still didn't work. This one does not give me the option to run as admin. and will not work. I am going to restart and try in safemode now.

chantalrdj 0 Newbie Poster · Answer 6 · 2011-12-03T00:37:40+00:00

chantalrdj 0 Newbie Poster

13 Years Ago

I am in safemode and it still will not open.

Edited 13 Years Ago by chantalrdj because: n/a

chantalrdj 0 Newbie Poster · Answer 7 · 2011-12-03T01:13:37+00:00

I put it in My Dcouments, extracted it and it still won't open.

It asks me if I want to run it, acts like it is going to open, but doesn't.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 8 · 2011-12-03T01:30:49+00:00

This is from safe mode also? Not safe mode with networking, safe mode only.

chantalrdj 0 Newbie Poster · Answer 9 · 2011-12-03T01:34:16+00:00

I only tried safemode w/ networking. I will try just safemode now then.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 10 · 2011-12-03T01:43:55+00:00

When safe mode is requested, unless otherwise directed, you should always use safe mode only not safe mode with networking. Many of these infections automatically start when a connection is present regardless of the boot mode, they need internet connection to bring in more infection and will certainly do so using safe mode with networking because there are no security programs active in safe mode with networking. Internet connection is not required for this to run. Only online scans would require internet connection.

chantalrdj 0 Newbie Poster · Answer 11 · 2011-12-03T01:46:06+00:00

It did the same thing in just safemode.
Also, I don't know if this pertains to anything, but everytime I log off, I get prompted with a pop up message over and over saying "PCAnuser.exe-Application error. Unable to start correctly (0xc0000142) Click OK to close application" this was never there until the virus problems.
When I restart, after my desktop has loaded, another pop up message says "Malwaybytes' Anti-Malware. [OpenEvent] Failed to perform desired action. Error Code: 2".

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 12 · 2011-12-03T02:10:26+00:00

You are getting the MBA-M error because its RealTime protection is set to auto start with Windows, that can't happen unless you have the paid version

I believe the other error has to do with your Netgear Wireless Adapter. You need to uninstall the software for that and then reinstall using the install disk that came with it.

Try this TDSKiller again, download a new copy. Also run Rkill BEFORE trying to run TDSKiller and see if that works. Of course run as Administrator, that is an absolute must.

chantalrdj 0 Newbie Poster · Answer 13 · 2011-12-03T06:20:05+00:00

Can you please link Rkill for me? Also, should I re-download TDSSKiller as exe or zip?

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 14 · 2011-12-03T06:23:13+00:00

Here is RKill
http://www.bleepingcomputer.com/download/anti-virus/rkill

If need be download all copies.

Yes, get a new copy of TDSKiller and either one is fine.

chantalrdj 0 Newbie Poster · Answer 15 · 2011-12-03T06:45:16+00:00

When I try to download and save rkill, a window pops up from McAfee saying Potentially dangerous Download. I click download anyway and it starts, then stop and a new window at the bottoms pops up from McAfee saying Trojan removed.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 16 · 2011-12-03T07:09:28+00:00

Go in and TOTALLY turn off McAfee. This may be the reason that none of these specialized tools are not running. Do you have a disk for McAfee or did you pay for and download it? If so do you have your license code? You may be better off uninstalling it entirely while attempting all of this.

These will show in task manager if it won't shut down. The entire program must be turned off

McSACore.exe
mcagent.exe
mcshield.exe
mfefire.exe
McSvHost.exe

chantalrdj 0 Newbie Poster · Answer 17 · 2011-12-03T08:58:36+00:00

I was able to run Rkill ( log below) and I re-downloaded TDSSKiller in both formats. I tried unning them both in normal made and safemode, but neither worked.
Also, I just logged back on, looked in my running processes and iexplore.exe was already on there before I even thought about getting on.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/02/2011 at 19:19:55.
Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

C:\Users\Romanski\AppData\Local\Akamai\netsession_win.exe
C:\Users\Romanski\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

Rkill completed on 12/02/2011 at 19:21:22.

chantalrdj 0 Newbie Poster · Answer 18 · 2011-12-03T09:07:50+00:00

I just checked and my searches aren't getting redirected right now.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 19 · 2011-12-03T09:26:03+00:00

I still don't like this. Please do the following,

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop If it is not run from the DESKTOP it will not run correctly.
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. McAfee Anti-Virus and Anti-Spyware and McAfee Firewall
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

The program can be run in safe mode if necessary but normal mode is preferred.
If you must use Rkill again in order to run Combofix then do so.

Post back with the Combofix log.

chantalrdj 0 Newbie Poster · Answer 20 · 2011-12-03T09:27:17+00:00

Okay, for some reason the TDSSKiller links that I was downloading weren't going on right. I'm not sure why, but they are there with a windows looking icon and does not give me the option to run as administrater, so I went ahead and tried the first iexplore.exe TDSSKiller the only one with the Kaspersky icon and it worked! It found one rootkit, said it cured it and had me restart. I am currently doing a malwarebytes' full scan and will post it when it has finished!

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 21 · 2011-12-03T09:32:21+00:00

I need to see the TDSKiller log. It will be located on your C drive. It will have a name similar to the example here. I need to see that.
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

chantalrdj 0 Newbie Poster · Answer 22 · 2011-12-03T09:45:21+00:00

TDSS KILLER LOG

20:13:24.0406 5064 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:13:24.0796 5064 ============================================================
20:13:24.0796 5064 Current date / time: 2011/12/02 20:13:24.0796
20:13:24.0796 5064 SystemInfo:
20:13:24.0796 5064
20:13:24.0796 5064 OS Version: 6.1.7601 ServicePack: 1.0
20:13:24.0796 5064 Product type: Workstation
20:13:24.0796 5064 ComputerName: ROMANSKI-HP
20:13:24.0796 5064 UserName: Romanski
20:13:24.0796 5064 Windows directory: C:\Windows
20:13:24.0796 5064 System windows directory: C:\Windows
20:13:24.0796 5064 Running under WOW64
20:13:24.0796 5064 Processor architecture: Intel x64
20:13:24.0796 5064 Number of processors: 2
20:13:24.0796 5064 Page size: 0x1000
20:13:24.0796 5064 Boot type: Normal boot
20:13:24.0796 5064 ============================================================
20:13:25.0622 5064 Initialize success
20:14:32.0182 2180 ============================================================
20:14:32.0182 2180 Scan started
20:14:32.0182 2180 Mode: Manual;
20:14:32.0182 2180 ============================================================
20:14:33.0320 2180 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:14:33.0320 2180 1394ohci - ok
20:14:33.0383 2180 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:14:33.0398 2180 ACPI - ok
20:14:33.0430 2180 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:14:33.0430 2180 AcpiPmi - ok
20:14:33.0492 2180 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:14:33.0523 2180 adp94xx - ok
20:14:33.0554 2180 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:14:33.0554 2180 adpahci - ok
20:14:33.0586 2180 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:14:33.0586 2180 adpu320 - ok
20:14:33.0664 2180 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:14:33.0679 2180 AFD - ok
20:14:33.0710 2180 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:14:33.0710 2180 agp440 - ok
20:14:33.0804 2180 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:14:33.0804 2180 aliide - ok
20:14:33.0820 2180 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:14:33.0820 2180 amdide - ok
20:14:33.0851 2180 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:14:33.0851 2180 AmdK8 - ok
20:14:34.0007 2180 amdkmdag (1147f8816d4ddc9fc43a40df52f40500) C:\Windows\system32\DRIVERS\atipmdag.sys
20:14:34.0147 2180 amdkmdag - ok
20:14:34.0163 2180 amdkmdap (ebc963d8f5b04c98f5ef597aae79cddd) C:\Windows\system32\DRIVERS\atikmpag.sys
20:14:34.0163 2180 amdkmdap - ok
20:14:34.0194 2180 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:14:34.0194 2180 AmdPPM - ok
20:14:34.0225 2180 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
20:14:34.0225 2180 amdsata - ok
20:14:34.0241 2180 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:14:34.0241 2180 amdsbs - ok
20:14:34.0256 2180 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
20:14:34.0256 2180 amdxata - ok
20:14:34.0303 2180 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:14:34.0303 2180 AppID - ok
20:14:34.0350 2180 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:14:34.0350 2180 arc - ok
20:14:34.0381 2180 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:14:34.0381 2180 arcsas - ok
20:14:34.0412 2180 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:14:34.0412 2180 AsyncMac - ok
20:14:34.0444 2180 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:14:34.0444 2180 atapi - ok
20:14:34.0475 2180 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
20:14:34.0475 2180 AtiPcie - ok
20:14:34.0537 2180 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:14:34.0537 2180 b06bdrv - ok
20:14:34.0568 2180 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:14:34.0568 2180 b57nd60a - ok
20:14:34.0600 2180 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:14:34.0600 2180 Beep - ok
20:14:34.0631 2180 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:14:34.0631 2180 blbdrive - ok
20:14:34.0693 2180 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:14:34.0693 2180 bowser - ok
20:14:34.0709 2180 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:14:34.0709 2180 BrFiltLo - ok
20:14:34.0724 2180 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:14:34.0724 2180 BrFiltUp - ok
20:14:34.0756 2180 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:14:34.0756 2180 Brserid - ok
20:14:34.0771 2180 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:14:34.0771 2180 BrSerWdm - ok
20:14:34.0787 2180 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:14:34.0787 2180 BrUsbMdm - ok
20:14:34.0802 2180 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:14:34.0802 2180 BrUsbSer - ok
20:14:34.0834 2180 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:14:34.0834 2180 BTHMODEM - ok
20:14:34.0880 2180 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:14:34.0880 2180 cdfs - ok
20:14:34.0927 2180 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:14:34.0927 2180 cdrom - ok
20:14:34.0974 2180 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:14:34.0974 2180 circlass - ok
20:14:35.0021 2180 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:14:35.0036 2180 CLFS - ok
20:14:35.0083 2180 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:14:35.0083 2180 CmBatt - ok
20:14:35.0114 2180 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:14:35.0114 2180 cmdide - ok
20:14:35.0161 2180 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:14:35.0161 2180 CNG - ok
20:14:35.0177 2180 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:14:35.0177 2180 Compbatt - ok
20:14:35.0224 2180 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:14:35.0224 2180 CompositeBus - ok
20:14:35.0239 2180 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:14:35.0255 2180 crcdisk - ok
20:14:35.0302 2180 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:14:35.0302 2180 DfsC - ok
20:14:35.0333 2180 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:14:35.0333 2180 discache - ok
20:14:35.0348 2180 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:14:35.0348 2180 Disk - ok
20:14:35.0348 2180 DNIMp50a64 - ok
20:14:35.0364 2180 DNISp50a64 - ok
20:14:35.0395 2180 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:14:35.0395 2180 drmkaud - ok
20:14:35.0442 2180 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:14:35.0458 2180 DXGKrnl - ok
20:14:35.0536 2180 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:14:35.0598 2180 ebdrv - ok
20:14:35.0645 2180 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:14:35.0676 2180 elxstor - ok
20:14:35.0738 2180 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:14:35.0738 2180 ErrDev - ok
20:14:35.0832 2180 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:14:35.0832 2180 exfat - ok
20:14:35.0848 2180 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:14:35.0863 2180 fastfat - ok
20:14:35.0894 2180 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:14:35.0894 2180 fdc - ok
20:14:35.0926 2180 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:14:35.0926 2180 FileInfo - ok
20:14:35.0941 2180 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:14:35.0941 2180 Filetrace - ok
20:14:35.0957 2180 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:14:35.0957 2180 flpydisk - ok
20:14:36.0004 2180 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:14:36.0004 2180 FltMgr - ok
20:14:36.0035 2180 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:14:36.0035 2180 FsDepends - ok
20:14:36.0082 2180 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
20:14:36.0082 2180 fssfltr - ok
20:14:36.0097 2180 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:14:36.0097 2180 Fs_Rec - ok
20:14:36.0144 2180 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:14:36.0144 2180 fvevol - ok
20:14:36.0160 2180 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:14:36.0160 2180 gagp30kx - ok
20:14:36.0191 2180 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:14:36.0191 2180 GEARAspiWDM - ok
20:14:36.0269 2180 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:14:36.0269 2180 hcw85cir - ok
20:14:36.0316 2180 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:14:36.0331 2180 HdAudAddService - ok
20:14:36.0378 2180 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:14:36.0378 2180 HDAudBus - ok
20:14:36.0394 2180 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:14:36.0409 2180 HidBatt - ok
20:14:36.0425 2180 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:14:36.0425 2180 HidBth - ok
20:14:36.0425 2180 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:14:36.0440 2180 HidIr - ok
20:14:36.0456 2180 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:14:36.0456 2180 HidUsb - ok
20:14:36.0550 2180 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:14:36.0550 2180 HpSAMD - ok
20:14:36.0596 2180 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:14:36.0612 2180 HTTP - ok
20:14:36.0643 2180 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:14:36.0643 2180 hwpolicy - ok
20:14:36.0674 2180 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:14:36.0674 2180 i8042prt - ok
20:14:36.0721 2180 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:14:36.0737 2180 iaStorV - ok
20:14:36.0768 2180 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:14:36.0768 2180 iirsp - ok
20:14:36.0830 2180 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
20:14:36.0846 2180 IntcAzAudAddService - ok
20:14:36.0862 2180 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:14:36.0862 2180 intelide - ok
20:14:36.0877 2180 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:14:36.0877 2180 intelppm - ok
20:14:36.0924 2180 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:14:36.0924 2180 IpFilterDriver - ok
20:14:36.0955 2180 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:14:36.0955 2180 IPMIDRV - ok
20:14:36.0986 2180 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:14:36.0986 2180 IPNAT - ok
20:14:37.0018 2180 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:14:37.0018 2180 IRENUM - ok
20:14:37.0049 2180 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:14:37.0049 2180 isapnp - ok
20:14:37.0080 2180 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:14:37.0096 2180 iScsiPrt - ok
20:14:37.0127 2180 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:14:37.0127 2180 kbdclass - ok
20:14:37.0158 2180 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:14:37.0158 2180 kbdhid - ok
20:14:37.0189 2180 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:14:37.0189 2180 KSecDD - ok
20:14:37.0220 2180 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:14:37.0220 2180 KSecPkg - ok
20:14:37.0236 2180 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:14:37.0236 2180 ksthunk - ok
20:14:37.0283 2180 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:14:37.0283 2180 lltdio - ok
20:14:37.0330 2180 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:14:37.0330 2180 LSI_FC - ok
20:14:37.0345 2180 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:14:37.0361 2180 LSI_SAS - ok
20:14:37.0376 2180 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:14:37.0376 2180 LSI_SAS2 - ok
20:14:37.0392 2180 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:14:37.0392 2180 LSI_SCSI - ok
20:14:37.0423 2180 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:14:37.0439 2180 luafv - ok
20:14:37.0470 2180 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
20:14:37.0470 2180 LVRS64 - ok
20:14:37.0501 2180 MBAMProtector - ok
20:14:37.0517 2180 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:14:37.0517 2180 megasas - ok
20:14:37.0548 2180 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:14:37.0548 2180 MegaSR - ok
20:14:37.0564 2180 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:14:37.0564 2180 Modem - ok
20:14:37.0595 2180 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:14:37.0595 2180 monitor - ok
20:14:37.0642 2180 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:14:37.0642 2180 mouclass - ok
20:14:37.0657 2180 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:14:37.0657 2180 mouhid - ok
20:14:37.0688 2180 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:14:37.0688 2180 mountmgr - ok
20:14:37.0720 2180 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:14:37.0720 2180 mpio - ok
20:14:37.0735 2180 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:14:37.0751 2180 mpsdrv - ok
20:14:37.0798 2180 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:14:37.0798 2180 MRxDAV - ok
20:14:37.0829 2180 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:14:37.0829 2180 mrxsmb - ok
20:14:37.0876 2180 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:14:37.0876 2180 mrxsmb10 - ok
20:14:37.0907 2180 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:14:37.0907 2180 mrxsmb20 - ok
20:14:37.0922 2180 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:14:37.0922 2180 msahci - ok
20:14:37.0969 2180 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:14:37.0969 2180 msdsm - ok
20:14:38.0016 2180 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:14:38.0016 2180 Msfs - ok
20:14:38.0016 2180 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:14:38.0016 2180 mshidkmdf - ok
20:14:38.0063 2180 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:14:38.0063 2180 msisadrv - ok
20:14:38.0094 2180 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:14:38.0094 2180 MSKSSRV - ok
20:14:38.0110 2180 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:14:38.0110 2180 MSPCLOCK - ok
20:14:38.0125 2180 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:14:38.0125 2180 MSPQM - ok
20:14:38.0156 2180 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:14:38.0156 2180 MsRPC - ok
20:14:38.0188 2180 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:14:38.0188 2180 mssmbios - ok
20:14:38.0203 2180 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:14:38.0203 2180 MSTEE - ok
20:14:38.0234 2180 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:14:38.0234 2180 MTConfig - ok
20:14:38.0266 2180 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:14:38.0266 2180 Mup - ok
20:14:38.0297 2180 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:14:38.0297 2180 NativeWifiP - ok
20:14:38.0359 2180 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:14:38.0375 2180 NDIS - ok
20:14:38.0406 2180 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:14:38.0406 2180 NdisCap - ok
20:14:38.0437 2180 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:14:38.0437 2180 NdisTapi - ok
20:14:38.0468 2180 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:14:38.0468 2180 Ndisuio - ok
20:14:38.0515 2180 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:14:38.0515 2180 NdisWan - ok
20:14:38.0546 2180 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:14:38.0546 2180 NDProxy - ok
20:14:38.0578 2180 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:14:38.0578 2180 NetBIOS - ok
20:14:38.0609 2180 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:14:38.0624 2180 NetBT - ok
20:14:38.0671 2180 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:14:38.0687 2180 nfrd960 - ok
20:14:38.0702 2180 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:14:38.0702 2180 Npfs - ok
20:14:38.0718 2180 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:14:38.0718 2180 nsiproxy - ok
20:14:38.0780 2180 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:14:38.0812 2180 Ntfs - ok
20:14:38.0827 2180 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:14:38.0827 2180 Null - ok
20:14:38.0874 2180 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:14:38.0874 2180 nvraid - ok
20:14:38.0921 2180 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:14:38.0921 2180 nvstor - ok
20:14:38.0952 2180 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:14:38.0952 2180 nv_agp - ok
20:14:38.0983 2180 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:14:38.0983 2180 ohci1394 - ok
20:14:39.0030 2180 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:14:39.0030 2180 Parport - ok
20:14:39.0061 2180 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:14:39.0061 2180 partmgr - ok
20:14:39.0092 2180 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:14:39.0092 2180 pci - ok
20:14:39.0108 2180 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:14:39.0108 2180 pciide - ok
20:14:39.0139 2180 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:14:39.0139 2180 pcmcia - ok
20:14:39.0155 2180 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:14:39.0170 2180 pcw - ok
20:14:39.0186 2180 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:14:39.0202 2180 PEAUTH - ok
20:14:39.0280 2180 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:14:39.0280 2180 PptpMiniport - ok
20:14:39.0295 2180 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:14:39.0311 2180 Processor - ok
20:14:39.0373 2180 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:14:39.0373 2180 Psched - ok
20:14:39.0436 2180 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:14:39.0467 2180 ql2300 - ok
20:14:39.0514 2180 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:14:39.0514 2180 ql40xx - ok
20:14:39.0529 2180 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:14:39.0529 2180 QWAVEdrv - ok
20:14:39.0545 2180 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:14:39.0545 2180 RasAcd - ok
20:14:39.0576 2180 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:14:39.0592 2180 RasAgileVpn - ok
20:14:39.0654 2180 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:14:39.0654 2180 Rasl2tp - ok
20:14:39.0701 2180 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:14:39.0701 2180 RasPppoe - ok
20:14:39.0732 2180 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:14:39.0748 2180 RasSstp - ok
20:14:39.0779 2180 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:14:39.0779 2180 rdbss - ok
20:14:39.0810 2180 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:14:39.0810 2180 rdpbus - ok
20:14:39.0826 2180 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:14:39.0841 2180 RDPCDD - ok
20:14:39.0857 2180 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:14:39.0857 2180 RDPENCDD - ok
20:14:39.0872 2180 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:14:39.0872 2180 RDPREFMP - ok
20:14:39.0935 2180 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:14:39.0935 2180 RDPWD - ok
20:14:39.0997 2180 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:14:39.0997 2180 rdyboost - ok
20:14:40.0075 2180 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:14:40.0075 2180 rspndr - ok
20:14:40.0200 2180 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:14:40.0216 2180 RTL8167 - ok
20:14:40.0325 2180 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:14:40.0325 2180 SASDIFSV - ok
20:14:40.0356 2180 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:14:40.0356 2180 SASKUTIL - ok
20:14:40.0387 2180 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:14:40.0403 2180 sbp2port - ok
20:14:40.0434 2180 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:14:40.0434 2180 scfilter - ok
20:14:40.0528 2180 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:14:40.0528 2180 secdrv - ok
20:14:40.0590 2180 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:14:40.0606 2180 Serenum - ok
20:14:40.0621 2180 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:14:40.0621 2180 Serial - ok
20:14:40.0652 2180 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:14:40.0652 2180 sermouse - ok
20:14:40.0699 2180 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:14:40.0699 2180 sffdisk - ok
20:14:40.0699 2180 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:14:40.0699 2180 sffp_mmc - ok
20:14:40.0715 2180 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:14:40.0715 2180 sffp_sd - ok
20:14:40.0746 2180 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:14:40.0746 2180 sfloppy - ok
20:14:40.0824 2180 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:14:40.0824 2180 SiSRaid2 - ok
20:14:40.0871 2180 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:14:40.0871 2180 SiSRaid4 - ok
20:14:40.0902 2180 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:14:40.0902 2180 Smb - ok
20:14:40.0933 2180 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:14:40.0933 2180 spldr - ok
20:14:40.0996 2180 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:14:40.0996 2180 srv - ok
20:14:41.0027 2180 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:14:41.0027 2180 srv2 - ok
20:14:41.0042 2180 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:14:41.0042 2180 srvnet - ok
20:14:41.0074 2180 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:14:41.0074 2180 stexstor - ok
20:14:41.0120 2180 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:14:41.0136 2180 swenum - ok
20:14:41.0230 2180 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:14:41.0261 2180 Tcpip - ok
20:14:41.0292 2180 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:14:41.0308 2180 TCPIP6 - ok
20:14:41.0339 2180 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:14:41.0339 2180 tcpipreg - ok
20:14:41.0370 2180 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:14:41.0370 2180 TDPIPE - ok
20:14:41.0386 2180 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:14:41.0386 2180 TDTCP - ok
20:14:41.0432 2180 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:14:41.0432 2180 tdx - ok
20:14:41.0448 2180 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:14:41.0448 2180 TermDD - ok
20:14:41.0526 2180 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:14:41.0526 2180 tssecsrv - ok
20:14:41.0588 2180 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:14:41.0588 2180 TsUsbFlt - ok
20:14:41.0635 2180 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:14:41.0651 2180 tunnel - ok
20:14:41.0682 2180 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:14:41.0682 2180 uagp35 - ok
20:14:41.0729 2180 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:14:41.0744 2180 udfs - ok
20:14:41.0791 2180 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:14:41.0791 2180 uliagpkx - ok
20:14:41.0822 2180 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:14:41.0822 2180 umbus - ok
20:14:41.0854 2180 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:14:41.0854 2180 UmPass - ok
20:14:41.0900 2180 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:14:41.0900 2180 USBAAPL64 - ok
20:14:41.0947 2180 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:14:41.0947 2180 usbaudio - ok
20:14:41.0994 2180 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
20:14:41.0994 2180 usbbus - ok
20:14:42.0010 2180 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:14:42.0010 2180 usbccgp - ok
20:14:42.0056 2180 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:14:42.0056 2180 usbcir - ok
20:14:42.0088 2180 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
20:14:42.0088 2180 UsbDiag - ok
20:14:42.0103 2180 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:14:42.0103 2180 usbehci - ok
20:14:42.0150 2180 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
20:14:42.0150 2180 usbfilter - ok
20:14:42.0181 2180 UsbGps (8e36e68c0b7fa174012a61a290351e49) C:\Windows\system32\DRIVERS\lgx64gps.sys
20:14:42.0181 2180 UsbGps - ok
20:14:42.0212 2180 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:14:42.0212 2180 usbhub - ok
20:14:42.0228 2180 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
20:14:42.0244 2180 USBModem - ok
20:14:42.0259 2180 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:14:42.0259 2180 usbohci - ok
20:14:42.0290 2180 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:14:42.0290 2180 usbprint - ok
20:14:42.0322 2180 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:14:42.0322 2180 usbscan - ok
20:14:42.0337 2180 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:14:42.0337 2180 USBSTOR - ok
20:14:42.0353 2180 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:14:42.0353 2180 usbuhci - ok
20:14:42.0384 2180 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:14:42.0384 2180 usbvideo - ok
20:14:42.0446 2180 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:14:42.0446 2180 vdrvroot - ok
20:14:42.0493 2180 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:14:42.0493 2180 vga - ok
20:14:42.0509 2180 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:14:42.0509 2180 VgaSave - ok
20:14:42.0556 2180 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:14:42.0556 2180 vhdmp - ok
20:14:42.0571 2180 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:14:42.0571 2180 viaide - ok
20:14:42.0618 2180 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:14:42.0618 2180 volmgr - ok
20:14:42.0649 2180 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:14:42.0649 2180 volmgrx - ok
20:14:42.0696 2180 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:14:42.0696 2180 volsnap - ok
20:14:42.0743 2180 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:14:42.0743 2180 vsmraid - ok
20:14:42.0774 2180 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:14:42.0774 2180 vwifibus - ok
20:14:42.0821 2180 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:14:42.0821 2180 WacomPen - ok
20:14:42.0852 2180 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:14:42.0852 2180 WANARP - ok
20:14:42.0868 2180 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:14:42.0868 2180 Wanarpv6 - ok
20:14:42.0914 2180 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:14:42.0914 2180 Wd - ok
20:14:42.0946 2180 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:14:42.0961 2180 Wdf01000 - ok
20:14:42.0977 2180 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:14:42.0977 2180 WfpLwf - ok
20:14:42.0992 2180 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:14:42.0992 2180 WIMMount - ok
20:14:43.0055 2180 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:14:43.0055 2180 WinUsb - ok
20:14:43.0102 2180 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:14:43.0102 2180 WmiAcpi - ok
20:14:43.0148 2180 WN111v2 (ae06d75f402de21c922bcecb30f8fb50) C:\Windows\system32\DRIVERS\WN111v2x.sys
20:14:43.0164 2180 WN111v2 - ok
20:14:43.0164 2180 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:14:43.0180 2180 ws2ifsl - ok
20:14:43.0226 2180 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:14:43.0226 2180 WudfPf - ok
20:14:43.0242 2180 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:14:43.0242 2180 WUDFRd - ok
20:14:43.0289 2180 MBR (0x1B8) (6368f736361bdc3dbbd1d1283eaa1f40) \Device\Harddisk0\DR0
20:14:43.0304 2180 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
20:14:43.0304 2180 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
20:14:43.0336 2180 Boot (0x1200) (3df8b526569910e6849c0847af67325e) \Device\Harddisk0\DR0\Partition0
20:14:43.0336 2180 \Device\Harddisk0\DR0\Partition0 - ok
20:14:43.0351 2180 Boot (0x1200) (a8b12b2a9bd52d6cfb1217cee134b588) \Device\Harddisk0\DR0\Partition1
20:14:43.0351 2180 \Device\Harddisk0\DR0\Partition1 - ok
20:14:43.0382 2180 Boot (0x1200) (1576dde41f2dd28c69208380c0a909fa) \Device\Harddisk0\DR0\Partition2
20:14:43.0382 2180 \Device\Harddisk0\DR0\Partition2 - ok
20:14:43.0382 2180 ============================================================
20:14:43.0382 2180 Scan finished
20:14:43.0382 2180 ============================================================
20:14:43.0382 4420 Detected object count: 1
20:14:43.0382 4420 Actual detected object count: 1
20:15:03.0756 4420 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
20:15:03.0756 4420 \Device\Harddisk0\DR0 - ok
20:15:03.0756 4420 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
20:15:44.0441 2144 Deinitialize success

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 23 · 2011-12-03T09:47:39+00:00

jholland1964 650 Posting Expert

13 Years Ago

Did you immediately reboot the computer I hope?

chantalrdj 0 Newbie Poster · Answer 24 · 2011-12-03T10:26:26+00:00

Yes, I most definitely did!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8271

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/2/2011 9:18:22 PM
mbam-log-2011-12-02 (21-18-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 417414
Time elapsed: 55 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)