I use firefox and haven't used IE since I got my computer and downloaded Firefox on to it. Lately IE has been randomly opening multiple windows with multiple tabs in them. I've run Malwarebytes twice and it hasn't come up with anything and I even put my computer in safe mode and ran it and still nothing. Also, an error message keeps popping up that says something about the host process not working, but I don't know if that has anything to do with the issue.
jrobbins93 0 Newbie Poster
jholland1964 650 Posting Expert Team Colleague Featured Poster
Please follow all the steps given in our Read Me First sticky and post back here with all of the requested logs.
Please Copy/Paste ALL of the logs Do Not Attach them as we will not open attached logs.
jrobbins93 0 Newbie Poster
Here are all of the logs:
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Jeremy at 0:01:57 on 2011-10-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2040 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={2C9F9BE4-111E-4919-BA77-5997DE24AA12}&mid=078d7c97ff2c47d1a761fd6e912a7cf4-c2fa9141a15626de9a251ee3604ee3e6b55d2bc9&lang=en&ds=tg025&pr=sa&d=2011-08-17 17:13:59&v=8.0.0.33&sap=hp
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=C:\Users\Jeremy\AppData\Local\ab9fc346\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.28\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.28\AVG Secure Search_toolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Facebook Update] "C:\Users\Jeremy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 132.235.64.1 132.235.64.2
TCP: Interfaces\{11E63E54-0CA4-48A8-8678-B4760E0E411E} : DhcpNameServer = 132.235.64.1 132.235.64.2
TCP: Interfaces\{11E63E54-0CA4-48A8-8678-B4760E0E411E}\2375942554235303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{11E63E54-0CA4-48A8-8678-B4760E0E411E}\25F6262696E637 : DhcpNameServer = 216.220.3.204 8.8.8.8
TCP: Interfaces\{11E63E54-0CA4-48A8-8678-B4760E0E411E}\34F6D656F4E694E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{11E63E54-0CA4-48A8-8678-B4760E0E411E}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B5244800-ED64-43A4-B572-B89B52EF9156} : DhcpNameServer = 132.235.64.1 132.235.64.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.28\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.28\AVG Secure Search_toolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\bznh391t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B67aaefd3-49ce-491a-b297-b71600f89b48%7D&mid=078d7c97ff2c47d1a761fd6e912a7cf4-c2fa9141a15626de9a251ee3604ee3e6b55d2bc9&ds=tg025&v=8.0.0.33&lang=en&pr=sa&d=2011-08-17%2017%3A13%3A59&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jeremy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-10 98208]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-10 2320920]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.0\ToolbarUpdater.exe [2011-8-18 237384]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-10-26 14:24:08 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 14:24:08 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-16 16:43:58 -------- d-----w- C:\Windows\System32\SPReview
2011-10-16 16:42:41 -------- d-----w- C:\Windows\System32\EventProviders
2011-10-14 22:37:44 5632 --sha-w- C:\Users\Jeremy\wevtapi.dll
2011-10-14 22:37:44 257024 ----a-w- C:\Users\Jeremy\taskmgr.exe
2011-10-14 22:37:43 -------- d-sh--w- C:\Users\Jeremy\AppData\Local\ab9fc346
2011-10-12 16:05:12 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-05 02:48:42 -------- d-----w- C:\Users\Jeremy\AppData\Local\{49AC2F9F-655E-484E-A615-5ECAE0D0C5FC}
.
==================== Find3M ====================
.
2011-10-29 18:21:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-16 16:52:26 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-16 16:52:26 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-01 00:08:50 167704 ----a-w- C:\Windows\System32\igfxtray.exe
2011-09-01 00:08:48 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe
2011-09-01 00:08:44 416024 ----a-w- C:\Windows\System32\igfxpers.exe
2011-09-01 00:08:42 239896 ----a-w- C:\Windows\System32\igfxext.exe
2011-09-01 00:08:34 392472 ----a-w- C:\Windows\System32\hkcmd.exe
2011-09-01 00:08:24 4378392 ----a-w- C:\Windows\System32\GfxUI.exe
2011-09-01 00:08:22 179992 ----a-w- C:\Windows\System32\difx64.exe
2011-08-31 23:58:50 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2509.dll
2011-08-31 23:53:22 12306848 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2011-08-31 23:53:20 8312320 ----a-w- C:\Windows\System32\igdumd64.dll
2011-08-31 23:51:16 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin
2011-08-31 23:51:16 867020 ----a-w- C:\Windows\System32\igkrng575.bin
2011-08-31 23:51:16 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin
2011-08-31 23:51:16 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin
2011-08-31 23:51:16 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin
2011-08-31 23:51:16 105608 ----a-w- C:\Windows\System32\igfcg575m.bin
2011-08-31 23:47:42 6322688 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2011-08-31 23:45:02 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2011-08-31 23:42:42 14598656 ----a-w- C:\Windows\System32\igd10umd64.dll
2011-08-31 23:37:18 12340224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2011-08-31 23:31:14 18641408 ----a-w- C:\Windows\System32\ig4icd64.dll
2011-08-31 23:26:20 13903872 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2011-08-31 23:21:50 375808 ----a-w- C:\Windows\System32\igfxpph.dll
2011-08-31 23:21:46 378368 ----a-w- C:\Windows\System32\igfxTMM.dll
2011-08-31 23:21:40 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2011-08-31 23:21:26 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll
2011-08-31 23:20:58 110080 ----a-w- C:\Windows\System32\hccutils.dll
2011-08-31 23:20:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2011-08-31 23:20:50 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll
2011-08-31 23:20:48 390144 ----a-w- C:\Windows\System32\igfxdev.dll
2011-08-31 23:20:14 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc
2011-08-31 23:20:08 9014784 ----a-w- C:\Windows\System32\igfxress.dll
2011-08-31 23:20:08 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2011-08-31 23:16:32 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2011-08-31 23:15:46 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2011-08-31 23:13:52 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2011-08-31 23:13:52 98304 ----a-w- C:\Windows\System32\iglhcp64.dll
2011-08-31 23:13:52 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll
2011-08-31 23:13:52 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2011-08-31 23:13:52 376832 ----a-w- C:\Windows\System32\iglhsip64.dll
2011-08-31 23:13:52 162816 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2011-08-31 23:13:52 140288 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/2/2011 9:53:26 PM
System Uptime: 10/29/2011 2:06:16 PM (34 hours ago)
.
Motherboard: Hewlett-Packard | | 1425
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 1055/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 254.009 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.767 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP48: 10/16/2011 12:43:51 PM - Windows 7 Service Pack 1
RP49: 10/18/2011 8:18:34 AM - Windows Update
RP50: 10/22/2011 2:19:50 PM - Installed Java(TM) 6 Update 29
RP51: 10/22/2011 2:33:19 PM - Windows Update
RP53: 10/27/2011 8:13:10 AM - Windows Modules Installer
RP54: 10/27/2011 8:13:46 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 9.3.3 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
AVG Security Toolbar
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
BitTorrent
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.0.0.8714
Farm Frenzy
FATE
Final Drive Nitro
Heroes of Hellas 2 - Olympia
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 29
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes' Anti-Malware
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Online Backup
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PxMergeModule
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Sideload Wonder Machine
Skype Toolbars
Skype™ 5.3
Steam
Times Reader
Total War: SHOGUN 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Outlook Social Connector (KB2583935)
Virtual Families
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.10
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/29/2011 4:20:01 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
10/29/2011 12:32:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2011 12:32:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/29/2011 12:32:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/29/2011 12:32:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/29/2011 12:32:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/29/2011 12:32:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/29/2011 12:32:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/29/2011 12:32:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
10/29/2011 12:32:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2011 12:32:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2011 12:32:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2011 12:32:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2011 12:32:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2011 12:32:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2011 12:32:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2011 12:32:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2011 12:32:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2011 12:32:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 7430
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514
10/29/2011 1:22:21 PM
mbam-log-2011-10-29 (13-22-21).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 363707
Time elapsed: 49 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-31 00:50:40
Windows 6.1.7601 Service Pack 1
Running: kxqq55lx.exe
---- Files - GMER 1.0.15 ----
File C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Cookies\T55F3KEP.txt 526 bytes
File C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Cookies\EV7QZIKX.txt 0 bytes
File C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Cookies\KVE6M33E.txt 0 bytes
File C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Cookies\AQPTYC3L.txt 0 bytes
File C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Cookies\19E5WQNS.txt 0 bytes
File C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Cookies\U22WTABU.txt 0 bytes
File C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Cookies\XYAGHILT.txt 0 bytes
File C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Cookies\Y5DJNL4P.txt 96 bytes
File C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Cookies\6ARCLJWC.txt 0 bytes
---- EOF - GMER 1.0.15 ----
jholland1964 650 Posting Expert Team Colleague Featured Poster
I see some very glaring problems in the logs.
1. This is obviously essentially a brand new computer but you don't even have the very basic security programs installed on the computer. No anti-virus program, no firewall at all. With the exception of a minor listing for an AVG Security Toolbar, which is essentially worthless, your computer is totally unprotected.
2. Your Malwarebytes'Anti-Malware program, MBA-M, is grossly out of date and therefore it was definitely not updated prior to the scan so when the program scanned it did not scan for the any infections discovered in the last 18 months. Your log shows version 1.46 which was released in April 2010, so you are 18 months and 4 program versions behind . The most current Version is 1.51.2 was released September 12, 2011. The definition database shown in your log is 7430 and the most recent database is 8050. MBA-M releases definition updates multiple times a day and this is why the instructions for its use include the instruction
"Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version."
This should be done before each and every scan done with MBA-M, even those run one right after the other.
3. The very first instruction given in our Read Me First Sticky is this one:
"1A – Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this: P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored."
Your log shows that you have BitTorrent installed and running automatically with every start of the computer. It needs to be Uninstalled using Add/Remove.
Even though the computer is essentially brand new, the "C" drive is more than 1/2 full so anything you may have downloaded using P2P should be considered to be very suspect. I am talking movies, games, music,etc. and likely should also be removed.
After you have Uninstalled BitTorrent please Update MBA-M to the latest version and the latest database and do a Full Scan with it. Have it Remove Everything found and Reboot the Computer. This is vitally important and the cleaning process often must be completed early in the boot process.
Next, do the following:
Please run the ESET Online Scanner
http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Post back here with the new MBA-M log and the ESET Scanner log.
Edited by jholland1964 because: n/a
jrobbins93 0 Newbie Poster
Sorry about that, it was late and I was skimming through the directions. But Malwarebytes is updated and BitTorrent is removed. Here are the new scans:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8050
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
10/31/2011 12:23:02 PM
mbam-log-2011-10-31 (12-23-02).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 354981
Time elapsed: 40 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Jeremy\AppData\Local\ab9fc346\X (Rootkit.Agent) -> Quarantined and deleted successfully.
I scanned using ESET Online scanner and it found 14 infected files but I can't find how to get a log.
jrobbins93 0 Newbie Poster
Found it:
# api_version=3.0.2
# EOSSerial=b739d1b9c5a03f44950564d87063e54c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-31 07:34:14
# local_time=2011-10-31 03:34:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 372579 71621993 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=199588
# found=12
# cleaned=12
# scan_time=11111
C:\$Recycle.Bin\S-1-5-21-1141223480-1790290479-553959680-1000\$R90FTFQ.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\wevtapi.dll Win64/Agent.AC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\AppData\Local\Temp\ICReinstall\cnet_Win7LogonBackgroundChanger_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\AppData\Local\Temp\is1598539481\zgInstaller.exe a variant of Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\5820d180-394fae72 Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7f01d3cb-25432825 a variant of Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7f01d3cb-37c94902 a variant of Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7f01d3cb-48afd4b2 a variant of Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7f01d3cb-5493f4e7 a variant of Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7f01d3cb-60427f77 a variant of Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7f01d3cb-77d5c26e a variant of Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeremy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\263e1ac4-38e3c6b7 Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
jholland1964 650 Posting Expert Team Colleague Featured Poster
Run this tool next and post back with the log.
Please read carefully and follow these steps.
* Download TDSSKiller and save it to your Desktop.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
* Extract its contents to your desktop.
* Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
* If an infected file is detected, the default action will be Cure, click on Continue.
* If a suspicious file is detected, the default action will be Skip, click on Continue.
* It may ask you to reboot the computer to complete the process. Click on Reboot Now.
* If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
jrobbins93 0 Newbie Poster
Okay here's that:
23:35:52.0315 1320 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
23:35:53.0661 1320 ============================================================
23:35:53.0661 1320 Current date / time: 2011/10/31 23:35:53.0661
23:35:53.0661 1320 SystemInfo:
23:35:53.0661 1320
23:35:53.0661 1320 OS Version: 6.1.7601 ServicePack: 1.0
23:35:53.0661 1320 Product type: Workstation
23:35:53.0661 1320 ComputerName: MEGATRON
23:35:53.0661 1320 UserName: Jeremy
23:35:53.0661 1320 Windows directory: C:\Windows
23:35:53.0661 1320 System windows directory: C:\Windows
23:35:53.0662 1320 Running under WOW64
23:35:53.0662 1320 Processor architecture: Intel x64
23:35:53.0662 1320 Number of processors: 4
23:35:53.0662 1320 Page size: 0x1000
23:35:53.0662 1320 Boot type: Normal boot
23:35:53.0662 1320 ============================================================
23:35:54.0161 1320 Initialize success
23:35:56.0716 4528 ============================================================
23:35:56.0716 4528 Scan started
23:35:56.0716 4528 Mode: Manual;
23:35:56.0716 4528 ============================================================
23:35:57.0410 4528 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:35:57.0414 4528 1394ohci - ok
23:35:57.0416 4528 Scan interrupted by user!
23:35:57.0416 4528 Scan interrupted by user!
23:35:57.0416 4528 Scan interrupted by user!
23:35:57.0416 4528 ============================================================
23:35:57.0416 4528 Scan finished
23:35:57.0416 4528 ============================================================
23:35:57.0434 4080 Detected object count: 0
23:35:57.0434 4080 Actual detected object count: 0
23:36:50.0037 3304 ============================================================
23:36:50.0037 3304 Scan started
23:36:50.0037 3304 Mode: Manual;
23:36:50.0037 3304 ============================================================
23:36:50.0190 3304 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:36:50.0194 3304 1394ohci - ok
23:36:50.0498 3304 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:36:50.0503 3304 ACPI - ok
23:36:50.0537 3304 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:36:50.0538 3304 AcpiPmi - ok
23:36:50.0629 3304 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:36:50.0639 3304 adp94xx - ok
23:36:50.0736 3304 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:36:50.0742 3304 adpahci - ok
23:36:50.0785 3304 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:36:50.0789 3304 adpu320 - ok
23:36:50.0924 3304 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:36:50.0933 3304 AFD - ok
23:36:50.0976 3304 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:36:50.0978 3304 agp440 - ok
23:36:51.0097 3304 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:36:51.0098 3304 aliide - ok
23:36:51.0110 3304 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:36:51.0112 3304 amdide - ok
23:36:51.0155 3304 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:36:51.0156 3304 AmdK8 - ok
23:36:51.0181 3304 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:36:51.0182 3304 AmdPPM - ok
23:36:51.0270 3304 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:36:51.0273 3304 amdsata - ok
23:36:51.0320 3304 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:36:51.0323 3304 amdsbs - ok
23:36:51.0343 3304 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:36:51.0344 3304 amdxata - ok
23:36:51.0441 3304 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:36:51.0443 3304 AppID - ok
23:36:51.0538 3304 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:36:51.0540 3304 arc - ok
23:36:51.0625 3304 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:36:51.0627 3304 arcsas - ok
23:36:51.0659 3304 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:36:51.0661 3304 AsyncMac - ok
23:36:51.0698 3304 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:36:51.0698 3304 atapi - ok
23:36:51.0816 3304 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:36:51.0825 3304 b06bdrv - ok
23:36:51.0928 3304 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:36:51.0933 3304 b57nd60a - ok
23:36:51.0980 3304 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:36:51.0981 3304 Beep - ok
23:36:52.0090 3304 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:36:52.0091 3304 blbdrive - ok
23:36:52.0140 3304 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:36:52.0142 3304 bowser - ok
23:36:52.0224 3304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:36:52.0225 3304 BrFiltLo - ok
23:36:52.0258 3304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:36:52.0259 3304 BrFiltUp - ok
23:36:52.0312 3304 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:36:52.0318 3304 Brserid - ok
23:36:52.0343 3304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:36:52.0345 3304 BrSerWdm - ok
23:36:52.0428 3304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:36:52.0429 3304 BrUsbMdm - ok
23:36:52.0453 3304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:36:52.0455 3304 BrUsbSer - ok
23:36:52.0504 3304 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:36:52.0506 3304 BTHMODEM - ok
23:36:52.0616 3304 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:36:52.0618 3304 cdfs - ok
23:36:52.0672 3304 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:36:52.0674 3304 cdrom - ok
23:36:52.0774 3304 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:36:52.0775 3304 circlass - ok
23:36:52.0831 3304 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:36:52.0837 3304 CLFS - ok
23:36:52.0971 3304 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
23:36:52.0971 3304 clwvd - ok
23:36:53.0011 3304 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:36:53.0011 3304 CmBatt - ok
23:36:53.0063 3304 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:36:53.0064 3304 cmdide - ok
23:36:53.0169 3304 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:36:53.0177 3304 CNG - ok
23:36:53.0234 3304 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:36:53.0235 3304 Compbatt - ok
23:36:53.0336 3304 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:36:53.0337 3304 CompositeBus - ok
23:36:53.0375 3304 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:36:53.0376 3304 crcdisk - ok
23:36:53.0498 3304 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:36:53.0500 3304 DfsC - ok
23:36:53.0539 3304 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:36:53.0540 3304 discache - ok
23:36:53.0591 3304 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:36:53.0593 3304 Disk - ok
23:36:53.0674 3304 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:36:53.0675 3304 drmkaud - ok
23:36:53.0755 3304 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:36:53.0769 3304 DXGKrnl - ok
23:36:53.0927 3304 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:36:53.0987 3304 ebdrv - ok
23:36:54.0121 3304 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:36:54.0130 3304 elxstor - ok
23:36:54.0167 3304 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:36:54.0168 3304 ErrDev - ok
23:36:54.0284 3304 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:36:54.0288 3304 exfat - ok
23:36:54.0319 3304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:36:54.0322 3304 fastfat - ok
23:36:54.0349 3304 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:36:54.0351 3304 fdc - ok
23:36:54.0428 3304 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:36:54.0429 3304 FileInfo - ok
23:36:54.0462 3304 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:36:54.0464 3304 Filetrace - ok
23:36:54.0489 3304 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:36:54.0490 3304 flpydisk - ok
23:36:54.0539 3304 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:36:54.0544 3304 FltMgr - ok
23:36:54.0646 3304 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:36:54.0648 3304 FsDepends - ok
23:36:54.0701 3304 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:36:54.0701 3304 Fs_Rec - ok
23:36:54.0749 3304 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:36:54.0753 3304 fvevol - ok
23:36:54.0848 3304 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:36:54.0850 3304 gagp30kx - ok
23:36:54.0899 3304 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:36:54.0899 3304 GEARAspiWDM - ok
23:36:54.0944 3304 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:36:54.0945 3304 hcw85cir - ok
23:36:55.0029 3304 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:36:55.0035 3304 HdAudAddService - ok
23:36:55.0088 3304 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:36:55.0090 3304 HDAudBus - ok
23:36:55.0168 3304 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:36:55.0170 3304 HECIx64 - ok
23:36:55.0200 3304 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:36:55.0202 3304 HidBatt - ok
23:36:55.0230 3304 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:36:55.0232 3304 HidBth - ok
23:36:55.0251 3304 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:36:55.0252 3304 HidIr - ok
23:36:55.0339 3304 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:36:55.0340 3304 HidUsb - ok
23:36:55.0505 3304 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:36:55.0507 3304 HpSAMD - ok
23:36:55.0592 3304 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:36:55.0607 3304 HTTP - ok
23:36:55.0710 3304 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:36:55.0711 3304 hwpolicy - ok
23:36:55.0743 3304 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:36:55.0745 3304 i8042prt - ok
23:36:55.0795 3304 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
23:36:55.0803 3304 iaStor - ok
23:36:55.0907 3304 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:36:55.0914 3304 iaStorV - ok
23:36:56.0286 3304 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:36:56.0682 3304 igfx - ok
23:36:56.0775 3304 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:36:56.0776 3304 iirsp - ok
23:36:56.0812 3304 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
23:36:56.0815 3304 Impcd - ok
23:36:56.0909 3304 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
23:36:56.0944 3304 IntcAzAudAddService - ok
23:36:57.0041 3304 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:36:57.0046 3304 IntcDAud - ok
23:36:57.0081 3304 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:36:57.0082 3304 intelide - ok
23:36:57.0125 3304 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:36:57.0126 3304 intelppm - ok
23:36:57.0238 3304 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:36:57.0241 3304 IpFilterDriver - ok
23:36:57.0278 3304 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:36:57.0280 3304 IPMIDRV - ok
23:36:57.0311 3304 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:36:57.0313 3304 IPNAT - ok
23:36:57.0406 3304 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:36:57.0407 3304 IRENUM - ok
23:36:57.0450 3304 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:36:57.0451 3304 isapnp - ok
23:36:57.0487 3304 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:36:57.0493 3304 iScsiPrt - ok
23:36:57.0590 3304 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:36:57.0591 3304 kbdclass - ok
23:36:57.0637 3304 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:36:57.0638 3304 kbdhid - ok
23:36:57.0753 3304 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:36:57.0755 3304 KSecDD - ok
23:36:57.0799 3304 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:36:57.0801 3304 KSecPkg - ok
23:36:57.0831 3304 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:36:57.0832 3304 ksthunk - ok
23:36:57.0949 3304 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:36:57.0950 3304 lltdio - ok
23:36:58.0074 3304 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:36:58.0077 3304 LSI_FC - ok
23:36:58.0102 3304 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:36:58.0105 3304 LSI_SAS - ok
23:36:58.0141 3304 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:36:58.0142 3304 LSI_SAS2 - ok
23:36:58.0162 3304 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:36:58.0165 3304 LSI_SCSI - ok
23:36:58.0185 3304 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:36:58.0187 3304 luafv - ok
23:36:58.0267 3304 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:36:58.0268 3304 megasas - ok
23:36:58.0311 3304 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:36:58.0316 3304 MegaSR - ok
23:36:58.0370 3304 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:36:58.0372 3304 Modem - ok
23:36:58.0447 3304 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:36:58.0448 3304 monitor - ok
23:36:58.0503 3304 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:36:58.0504 3304 mouclass - ok
23:36:58.0534 3304 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:36:58.0535 3304 mouhid - ok
23:36:58.0632 3304 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:36:58.0634 3304 mountmgr - ok
23:36:58.0682 3304 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:36:58.0686 3304 mpio - ok
23:36:58.0723 3304 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:36:58.0725 3304 mpsdrv - ok
23:36:58.0830 3304 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:36:58.0834 3304 MRxDAV - ok
23:36:58.0885 3304 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:36:58.0888 3304 mrxsmb - ok
23:36:58.0924 3304 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:36:58.0929 3304 mrxsmb10 - ok
23:36:58.0974 3304 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:36:58.0976 3304 mrxsmb20 - ok
23:36:59.0060 3304 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:36:59.0061 3304 msahci - ok
23:36:59.0089 3304 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:36:59.0092 3304 msdsm - ok
23:36:59.0130 3304 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:36:59.0131 3304 Msfs - ok
23:36:59.0207 3304 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:36:59.0208 3304 mshidkmdf - ok
23:36:59.0231 3304 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:36:59.0232 3304 msisadrv - ok
23:36:59.0278 3304 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:36:59.0279 3304 MSKSSRV - ok
23:36:59.0332 3304 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:36:59.0333 3304 MSPCLOCK - ok
23:36:59.0360 3304 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:36:59.0361 3304 MSPQM - ok
23:36:59.0422 3304 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:36:59.0429 3304 MsRPC - ok
23:36:59.0473 3304 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:36:59.0473 3304 mssmbios - ok
23:36:59.0567 3304 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:36:59.0568 3304 MSTEE - ok
23:36:59.0592 3304 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:36:59.0593 3304 MTConfig - ok
23:36:59.0618 3304 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:36:59.0620 3304 Mup - ok
23:36:59.0663 3304 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:36:59.0669 3304 NativeWifiP - ok
23:36:59.0793 3304 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:36:59.0811 3304 NDIS - ok
23:36:59.0897 3304 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:36:59.0898 3304 NdisCap - ok
23:36:59.0925 3304 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:36:59.0927 3304 NdisTapi - ok
23:36:59.0982 3304 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:36:59.0984 3304 Ndisuio - ok
23:37:00.0075 3304 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:37:00.0079 3304 NdisWan - ok
23:37:00.0138 3304 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:37:00.0139 3304 NDProxy - ok
23:37:00.0232 3304 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:37:00.0233 3304 NetBIOS - ok
23:37:00.0292 3304 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:37:00.0297 3304 NetBT - ok
23:37:00.0421 3304 netr28x (aa1d8f9de032be4e8303af33368fdfc8) C:\Windows\system32\DRIVERS\netr28x.sys
23:37:00.0433 3304 netr28x - ok
23:37:00.0656 3304 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
23:37:00.0798 3304 netw5v64 - ok
23:37:00.0890 3304 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:37:00.0892 3304 nfrd960 - ok
23:37:00.0935 3304 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:37:00.0935 3304 Npfs - ok
23:37:00.0957 3304 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:37:00.0957 3304 nsiproxy - ok
23:37:01.0075 3304 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:37:01.0103 3304 Ntfs - ok
23:37:01.0175 3304 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:37:01.0176 3304 Null - ok
23:37:01.0210 3304 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:37:01.0213 3304 nvraid - ok
23:37:01.0246 3304 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:37:01.0249 3304 nvstor - ok
23:37:01.0328 3304 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:37:01.0331 3304 nv_agp - ok
23:37:01.0346 3304 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:37:01.0349 3304 ohci1394 - ok
23:37:01.0431 3304 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:37:01.0433 3304 Parport - ok
23:37:01.0526 3304 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:37:01.0527 3304 partmgr - ok
23:37:01.0557 3304 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:37:01.0560 3304 pci - ok
23:37:01.0584 3304 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:37:01.0585 3304 pciide - ok
23:37:01.0613 3304 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:37:01.0618 3304 pcmcia - ok
23:37:01.0702 3304 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:37:01.0703 3304 pcw - ok
23:37:01.0739 3304 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:37:01.0752 3304 PEAUTH - ok
23:37:01.0842 3304 pfc - ok
23:37:01.0926 3304 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:37:01.0928 3304 PptpMiniport - ok
23:37:01.0955 3304 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:37:01.0956 3304 Processor - ok
23:37:02.0064 3304 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:37:02.0066 3304 Psched - ok
23:37:02.0102 3304 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:37:02.0103 3304 PxHlpa64 - ok
23:37:02.0173 3304 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:37:02.0201 3304 ql2300 - ok
23:37:02.0277 3304 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:37:02.0280 3304 ql40xx - ok
23:37:02.0314 3304 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:37:02.0315 3304 QWAVEdrv - ok
23:37:02.0342 3304 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:37:02.0344 3304 RasAcd - ok
23:37:02.0435 3304 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:37:02.0437 3304 RasAgileVpn - ok
23:37:02.0489 3304 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:37:02.0491 3304 Rasl2tp - ok
23:37:02.0517 3304 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:37:02.0519 3304 RasPppoe - ok
23:37:02.0602 3304 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:37:02.0604 3304 RasSstp - ok
23:37:02.0644 3304 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:37:02.0649 3304 rdbss - ok
23:37:02.0679 3304 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:37:02.0680 3304 rdpbus - ok
23:37:02.0708 3304 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:37:02.0708 3304 RDPCDD - ok
23:37:02.0785 3304 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:37:02.0785 3304 RDPENCDD - ok
23:37:02.0806 3304 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:37:02.0807 3304 RDPREFMP - ok
23:37:02.0852 3304 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:37:02.0856 3304 RDPWD - ok
23:37:02.0976 3304 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:37:02.0979 3304 rdyboost - ok
23:37:03.0056 3304 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:37:03.0058 3304 rspndr - ok
23:37:03.0173 3304 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
23:37:03.0176 3304 RSUSBSTOR - ok
23:37:03.0251 3304 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:37:03.0259 3304 RTL8167 - ok
23:37:03.0351 3304 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:37:03.0354 3304 sbp2port - ok
23:37:03.0397 3304 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:37:03.0398 3304 scfilter - ok
23:37:03.0446 3304 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:37:03.0449 3304 sdbus - ok
23:37:03.0551 3304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:37:03.0553 3304 secdrv - ok
23:37:03.0591 3304 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:37:03.0592 3304 Serenum - ok
23:37:03.0618 3304 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:37:03.0620 3304 Serial - ok
23:37:03.0669 3304 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:37:03.0671 3304 sermouse - ok
23:37:03.0764 3304 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:37:03.0766 3304 sffdisk - ok
23:37:03.0783 3304 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:37:03.0785 3304 sffp_mmc - ok
23:37:03.0795 3304 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:37:03.0797 3304 sffp_sd - ok
23:37:03.0830 3304 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:37:03.0831 3304 sfloppy - ok
23:37:03.0883 3304 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:37:03.0884 3304 SiSRaid2 - ok
23:37:03.0967 3304 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:37:03.0969 3304 SiSRaid4 - ok
23:37:04.0002 3304 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:37:04.0005 3304 Smb - ok
23:37:04.0043 3304 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:37:04.0044 3304 spldr - ok
23:37:04.0149 3304 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:37:04.0157 3304 srv - ok
23:37:04.0216 3304 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:37:04.0223 3304 srv2 - ok
23:37:04.0315 3304 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:37:04.0320 3304 SrvHsfHDA - ok
23:37:04.0366 3304 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:37:04.0394 3304 SrvHsfV92 - ok
23:37:04.0491 3304 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:37:04.0504 3304 SrvHsfWinac - ok
23:37:04.0603 3304 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:37:04.0607 3304 srvnet - ok
23:37:04.0686 3304 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:37:04.0687 3304 stexstor - ok
23:37:04.0777 3304 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:37:04.0778 3304 swenum - ok
23:37:04.0872 3304 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
23:37:04.0891 3304 SynTP - ok
23:37:05.0023 3304 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
23:37:05.0058 3304 Tcpip - ok
23:37:05.0179 3304 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
23:37:05.0204 3304 TCPIP6 - ok
23:37:05.0299 3304 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:37:05.0300 3304 tcpipreg - ok
23:37:05.0350 3304 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:37:05.0351 3304 TDPIPE - ok
23:37:05.0367 3304 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:37:05.0369 3304 TDTCP - ok
23:37:05.0490 3304 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:37:05.0493 3304 tdx - ok
23:37:05.0522 3304 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:37:05.0523 3304 TermDD - ok
23:37:05.0609 3304 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:37:05.0611 3304 tssecsrv - ok
23:37:05.0707 3304 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:37:05.0709 3304 TsUsbFlt - ok
23:37:05.0783 3304 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:37:05.0785 3304 tunnel - ok
23:37:05.0823 3304 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:37:05.0825 3304 uagp35 - ok
23:37:05.0911 3304 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:37:05.0917 3304 udfs - ok
23:37:05.0970 3304 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:37:05.0972 3304 uliagpkx - ok
23:37:06.0016 3304 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:37:06.0018 3304 umbus - ok
23:37:06.0097 3304 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:37:06.0098 3304 UmPass - ok
23:37:06.0185 3304 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
23:37:06.0188 3304 USBAAPL64 - ok
23:37:06.0222 3304 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:37:06.0224 3304 usbccgp - ok
23:37:06.0312 3304 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:37:06.0315 3304 usbcir - ok
23:37:06.0339 3304 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:37:06.0341 3304 usbehci - ok
23:37:06.0381 3304 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:37:06.0388 3304 usbhub - ok
23:37:06.0407 3304 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:37:06.0409 3304 usbohci - ok
23:37:06.0493 3304 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:37:06.0494 3304 usbprint - ok
23:37:06.0534 3304 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:37:06.0535 3304 usbscan - ok
23:37:06.0568 3304 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
23:37:06.0571 3304 USBSTOR - ok
23:37:06.0640 3304 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:37:06.0641 3304 usbuhci - ok
23:37:06.0680 3304 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:37:06.0683 3304 usbvideo - ok
23:37:06.0748 3304 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:37:06.0749 3304 vdrvroot - ok
23:37:06.0799 3304 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:37:06.0800 3304 vga - ok
23:37:06.0859 3304 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:37:06.0861 3304 VgaSave - ok
23:37:06.0899 3304 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:37:06.0904 3304 vhdmp - ok
23:37:06.0932 3304 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:37:06.0933 3304 viaide - ok
23:37:06.0968 3304 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:37:06.0969 3304 volmgr - ok
23:37:07.0025 3304 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:37:07.0032 3304 volmgrx - ok
23:37:07.0112 3304 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:37:07.0118 3304 volsnap - ok
23:37:07.0166 3304 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:37:07.0169 3304 vsmraid - ok
23:37:07.0303 3304 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:37:07.0304 3304 vwifibus - ok
23:37:07.0335 3304 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:37:07.0337 3304 vwififlt - ok
23:37:07.0389 3304 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:37:07.0390 3304 WacomPen - ok
23:37:07.0496 3304 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:37:07.0498 3304 WANARP - ok
23:37:07.0504 3304 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:37:07.0506 3304 Wanarpv6 - ok
23:37:07.0553 3304 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:37:07.0555 3304 Wd - ok
23:37:07.0606 3304 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:37:07.0618 3304 Wdf01000 - ok
23:37:07.0739 3304 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:37:07.0740 3304 WfpLwf - ok
23:37:07.0769 3304 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:37:07.0771 3304 WIMMount - ok
23:37:07.0824 3304 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:37:07.0825 3304 WmiAcpi - ok
23:37:07.0868 3304 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:37:07.0870 3304 ws2ifsl - ok
23:37:07.0977 3304 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:37:07.0979 3304 WudfPf - ok
23:37:08.0013 3304 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:37:08.0016 3304 WUDFRd - ok
23:37:08.0085 3304 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:37:08.0092 3304 yukonw7 - ok
23:37:08.0127 3304 MBR (0x1B8) (660f6924f4c7ffde3efa7d5f18dc11c0) \Device\Harddisk0\DR0
23:37:08.0136 3304 \Device\Harddisk0\DR0 - ok
23:37:08.0148 3304 Boot (0x1200) (ff05024a79d15c5ac9c348e5c16749ed) \Device\Harddisk0\DR0\Partition0
23:37:08.0150 3304 \Device\Harddisk0\DR0\Partition0 - ok
23:37:08.0161 3304 Boot (0x1200) (1c93d4e1c58931abe6ebfe4935dd88fd) \Device\Harddisk0\DR0\Partition1
23:37:08.0162 3304 \Device\Harddisk0\DR0\Partition1 - ok
23:37:08.0197 3304 Boot (0x1200) (f6abe1b638eab2166b78b251c69d7b88) \Device\Harddisk0\DR0\Partition2
23:37:08.0198 3304 \Device\Harddisk0\DR0\Partition2 - ok
23:37:08.0221 3304 Boot (0x1200) (e8fccdf82d6c3af2be000423d5cdbb63) \Device\Harddisk0\DR0\Partition3
23:37:08.0222 3304 \Device\Harddisk0\DR0\Partition3 - ok
23:37:08.0223 3304 ============================================================
23:37:08.0223 3304 Scan finished
23:37:08.0223 3304 ============================================================
23:37:08.0237 4816 Detected object count: 0
23:37:08.0237 4816 Actual detected object count: 0
jholland1964 650 Posting Expert Team Colleague Featured Poster
Ok, good. Are you still getting the IE pages opening?
jrobbins93 0 Newbie Poster
Not anymore, and the host process error has stopped as well.
jholland1964 650 Posting Expert Team Colleague Featured Poster
Good. Now you absolutely, positively must get some good security programs on that computer, otherwise the next time you won't be so lucky. Without real time security programs on there you are guaranteed there WILL be a next time.
Keep MBA-M. It does NOT have real time protection but it is top of the line in removals. Use it at least once a week to do a Quick Scan. UPDATE first before each scan. If the Quick Scan finds something then have it remove whatever is found, reboot, update again and do a Full Scan immediately and of course have it remove anything found and reboot. If the Quick Scan finds nothing then you are done.
You can delete DDS Scanner and the TDSKiller, you don't need them anymore. Uninstall that AVG Security Toolbar via Add/Remove, it is worthless.
Next here are the security programs I use all are FREE and offer superb protection. You can use these or make your own choice but you are putting your computer at great risk without real time protection, as you have seen.
For an antivirus program I use Avire 2012 Free. Easily configured and it does a great job.
Follow these instructions for install and configuration:
Download the install package from here:
Click the GREEN Download Now Button to get the executable install package, save it wherever you can easily find it, I chose My Desktop.
Before you begin the install CLOSE all unnecessary programs, browsers, email, etc.
To begin, double click the executable file to start installation. Vista and Windows 7 users must run this executable as Admininistrator.
You will need to WATCH the full install as ALL of it REQUIRES User interaction. It will not proceed unless you continue to follow it and read the screens and then click the required buttons to go forward.
One of the first screens you will see is Attachment #1. Choose Installation Type choose CUSTOM INSTALL as shown then click Next.
One of the next screens you will see is Attachment #2.
The screen is titled Web Protection with Avira Search Free Tool Bar for your browser. You DO NOT want either of these. So DO NOT place any check marks in the boxes, just click the NEXT button.
Attachment #3 shows Install Components. Check marks are all ready in place as these are the Default choices. Just click Next.
Attachment #4 is Advanced Heuristic Analysis and Detection. Default is Medium. Just click Next. After that installation will proceed to the end, showing you various screens.
When complete the program should update to latest definitions and then do a short scan.
Next you will need to configure the program for daily updates and weekly scanning. Click Scheduler on the left side of the Avira Control Panel and basically follow the print screens for instructions.
You can choose any day and time for full scanning. Set up to update daily and be sure there is a check mark in the box that says to do the job if the time is missed.
Because this is a Free version you may see a large "nag" screen pop up when the program updates suggesting that you buy the paid version, just "X" out of that screen.
One more MUST program that offers superb protection and doesn't run in the background at all. It is SpywareBlaster, also FREE, blocks tracking cookies in both IE and Firefox and also has a Restricted Sites section that stops you from going to dangerous sites. Just download, install, click the Update button to download program updates, click Enable All Protection and then close the program, that's it. Just manually check for updates every couple weeks and follow same procedure if new updates are available. It is truly a MUST HAVE.
Here is where to get SpywareBlaster
http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html
Turn ON the Windows 7 Firewall. It is excellent.
Keep your temp files emptied. Configure your browsers to Accept 1st Party cookies and BLOCK 3rd party cookies.
If you have no other problems you can mark this one solved.
jrobbins93 0 Newbie Poster
Okay I've done all of that. Thank you very much for your help! Hopefully this won't happen again. Or if it does, I'll know how to fix it! Again, thank you!
jholland1964 650 Posting Expert Team Colleague Featured Poster
Happy to help. Safe Surfing!
mgriffith8888 0 Newbie Poster
I am having the same problem with IE and the host process starting two weeks ago when IE updated itself in spite of my telling it to not install updates without my specific approval. I will wade through the above solution and hope it helps. Thanks for all the info.
jholland1964 650 Posting Expert Team Colleague Featured Poster
I am having the same problem with IE and the host process starting two weeks ago when IE updated itself in spite of my telling it to not install updates without my specific approval. I will wade through the above solution and hope it helps. Thanks for all the info.
First of all this thread is marked SOLVED and should only be used by the original poster.
You need to begin your very own thread. We cannot and do not offer assistance to more than one person in a thread. Though it seems that your problem is identical, it may very well not be caused by the same type of infection and therefore the steps given to jrobbins93 may not work on your machine or even be able to attempt.
Follow all of the instructions given in our Read Me First sticky
Then create your very own thread, with a title that gives a brief synopsis of the problem. Be very specific in your first post about the symptoms and Copy/Paste ALL requested logs from the tools on the Read Me First sticky and we will be most happy to offer assistance.
Edited by jholland1964 because: n/a
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.