Solved Browser Hijacker NOT Fixed Even by Factory Reset!

D

drjlo1

Posts: 15   +0
It's unbelievable. I have a browser hijacker (both google and yahoo) that simply will not go away with any program. Tried unsuccessfully so far in and out of normal and safe mode: Malwarebytes, Spyware Doctor, AVG, Superantispyware, microsoft security essentials, etc, etc. In some cases, the browser will work correctly for one or two searches but goes right back to redirecting to another nonsense site. Tried system restore to factory reset, and it worked for a search or two but almost instantly went back to redirecting! Any help would certainly be appreciated.

[HJT log removed by Broni]
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7996

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/21/2011 6:36:39 PM
mbam-log-2011-10-21 (18-36-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 259490
Time elapsed: 19 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---------

GMER log

At the end, it just said "No system modifications were idenitifed" and blank log.

---------------

DDS.text

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Sera at 18:45:07 on 2011-10-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2366 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273610116545l0434z135t4542n41r
mStart Page = about:blank
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30D78CC0-0811-43D9-9132-E9C48892828E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{35C6CC6C-8F4E-4E1A-BC14-57D46E7F8C3E} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sera\AppData\Roaming\Mozilla\Firefox\Profiles\ts1a5owq.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-23 312400]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-20 866336]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-23 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-23 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-23 243232]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-22 01:17:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-22 01:16:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-21 23:14:49 -------- d-----w- C:\ProgramData\SecTaskMan
2011-10-21 23:14:46 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2011-10-21 21:37:04 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-21 21:35:49 -------- d-----w- C:\Windows\System32\WAT
2011-10-21 21:35:01 -------- d--h--w- C:\kleaner.tmp
2011-10-21 21:25:34 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-21 21:25:21 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4DC4B536-BE6F-4B65-8579-14F4BAF83506}\mpengine.dll
2011-10-21 21:09:23 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-10-21 21:09:23 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-10-21 20:55:13 -------- d-----w- C:\Program Files (x86)\ewido anti-malware
2011-10-21 20:48:16 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-10-21 20:48:16 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-10-21 20:48:16 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-10-21 20:48:15 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-10-21 20:48:15 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-10-21 20:48:15 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-10-21 20:48:15 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-10-21 20:48:15 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-10-21 20:48:15 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-10-21 20:48:14 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-10-21 20:46:40 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-21 20:41:24 -------- d-----w- C:\Users\Sera\AppData\Roaming\Malwarebytes
2011-10-21 20:41:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-21 02:40:13 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-10-21 02:10:45 388096 ----a-r- C:\Users\Sera\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-21 02:10:45 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-10-21 00:55:08 -------- d-----w- C:\Users\Sera\AppData\Local\Mozilla
2011-10-21 00:23:01 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-10-21 00:16:59 -------- d-----w- C:\Users\Sera\AppData\Roaming\AVG2012
2011-10-21 00:16:20 -------- d--h--w- C:\ProgramData\Common Files
2011-10-21 00:16:05 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-10-21 00:15:44 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-10-21 00:15:44 -------- d-----w- C:\ProgramData\AVG2012
2011-10-21 00:14:22 -------- d-----w- C:\Program Files (x86)\AVG
2011-10-21 00:10:41 -------- d-----w- C:\ProgramData\MFAData
2011-10-21 00:05:13 52224 ----a-w- C:\Windows\System32\rtutils.dll
2011-10-21 00:05:13 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2011-10-21 00:05:12 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-10-21 00:05:12 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-10-21 00:03:57 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-10-21 00:02:59 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2011-10-21 00:01:59 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2011-10-21 00:00:57 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-10-20 23:53:56 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-10-20 23:53:56 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-10-20 23:53:40 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-10-20 23:53:39 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-20 23:53:39 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-10-20 23:53:37 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-10-20 23:53:37 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-10-20 23:53:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-10-20 23:52:55 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-10-20 23:52:31 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-10-20 23:52:31 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-10-20 23:52:30 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-10-20 23:51:52 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3db06f951cc8f83\DSETUP.dll
2011-10-20 23:51:52 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3db06f951cc8f83\DXSETUP.exe
2011-10-20 23:51:52 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3db06f951cc8f83\dsetup32.dll
2011-10-20 23:51:14 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcA390.tmp
2011-10-20 23:50:58 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-10-20 23:49:58 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2011-10-20 23:48:50 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-10-20 23:48:50 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-10-20 23:48:50 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-10-20 23:48:32 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-10-20 23:46:54 9168 ----a-w- C:\Windows\Suyin.reg
2011-10-20 23:46:54 632056 ----a-w- C:\Windows\Image.dll
2011-10-20 23:46:54 49464 ----a-w- C:\Windows\AutosetFrequency.exe
2011-10-20 23:46:54 25848 ----a-w- C:\Windows\USB_VIDEO_REG.exe
2011-10-20 23:46:54 206208 ----a-w- C:\Windows\PLFSetI.exe
2011-10-20 23:46:53 1664248 ----a-w- C:\Windows\Acer Crystal Eye webcam.exe
2011-10-20 23:46:34 -------- d-----w- C:\Users\Sera\AppData\Local\Google
2011-10-20 23:44:54 -------- d-----w- C:\Program Files\Synaptics
2011-10-20 23:42:51 -------- d-----w- C:\Users\Sera\AppData\Local\Diagnostics
2011-10-20 23:41:43 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-10-20 23:40:59 -------- d-----w- C:\Users\Sera\AppData\Roaming\Intel Corporation
2011-10-20 23:40:42 -------- d---a-w- C:\book
2011-10-20 23:40:41 -------- d-----w- C:\Users\Sera\AppData\Local\EgisTec IPS
2011-10-20 23:39:51 -------- d-----w- C:\Users\Sera\AppData\Local\VirtualStore
2011-10-20 23:37:56 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2011-10-20 23:32:26 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-10-20 23:30:58 -------- d-----w- C:\Program Files\Common Files\Intel
2011-10-20 23:30:58 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
.
==================== Find3M ====================
.
2011-09-13 13:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-08-08 13:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 18:52:29.99 ===============



----------------------

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2011 4:35:32 PM
System Uptime: 10/21/2011 5:27:56 PM (1 hours ago)
.
Motherboard: Acer | | Aspire 5741
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU | 1586/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 252.798 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 10/20/2011 4:46:42 PM - Installed Acer Crystal Eye Webcam
RP2: 10/20/2011 4:47:13 PM - Installed Acer ePower Management
RP3: 10/20/2011 4:48:19 PM - Windows Update
RP4: 10/20/2011 4:48:23 PM - Installed PowerDVD
RP5: 10/20/2011 4:53:39 PM - Installed DirectX
RP6: 10/20/2011 5:14:07 PM - Installed AVG 2012
RP7: 10/20/2011 5:14:31 PM - Installed AVG 2012
RP8: 10/20/2011 5:30:53 PM - Removed Norton Online Backup
RP9: 10/20/2011 5:32:54 PM - Removed MyWinLocker Suite
RP10: 10/20/2011 5:44:49 PM - Removed eBay Worldwide
RP11: 10/20/2011 5:45:55 PM - Removed Microsoft Office Home and Student 2007
RP12: 10/20/2011 5:57:51 PM - Windows Modules Installer
RP13: 10/20/2011 7:10:26 PM - Installed HiJackThis
RP14: 10/20/2011 7:40:04 PM - Windows Update
RP15: 10/21/2011 1:33:41 PM - Windows Update
RP16: 10/21/2011 2:24:49 PM - Windows Update
RP17: 10/21/2011 4:15:35 PM - Move file to quarantine: {5C255C8A-E604-49b4-9D64-90988571CECB}
RP18: 10/21/2011 4:16:45 PM - Move file to quarantine: DefaultSettingEXE MFC Application
RP19: 10/21/2011 4:19:53 PM - Uninstall "Google Toolbar"
RP20: 10/21/2011 4:20:17 PM - Move file to quarantine: GoogleToolbarNotifier
RP21: 10/21/2011 4:50:35 PM - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Backup Manager Basic
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 9
eSobi v2
HiJackThis
Identity Card
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Task Manager 1.8d
Visual Studio 2008 x64 Redistributables
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
10/21/2011 4:38:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/21/2011 4:30:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/21/2011 4:24:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/21/2011 4:24:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/21/2011 4:24:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/21/2011 4:24:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/21/2011 4:24:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/21/2011 4:23:41 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
10/21/2011 4:23:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6
10/21/2011 2:44:18 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
10/21/2011 2:40:42 PM, Error: Service Control Manager [7023] -
10/21/2011 2:35:53 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
10/21/2011 1:59:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ewido security suite guard service.
10/21/2011 1:55:24 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\ewido anti-malware\guard.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/21/2011 1:55:18 PM, Error: Service Control Manager [7030] - The ewido security suite guard service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/21/2011 1:55:18 PM, Error: Service Control Manager [7030] - The ewido security suite control service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/21/2011 1:32:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2345886).
10/21/2011 1:32:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2564958).
10/21/2011 1:32:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2556532).
10/21/2011 1:32:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2511455).
10/21/2011 1:32:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2419640).
10/20/2011 4:29:37 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
.
==== End Of File ===========================
 
You posted DDS.txt twice.
I still need Attach.txt log.

I don't see anything malicious so far.

Let's try to reset your router....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
 
OK, I fixed the Attach.txt above.

I also went through the router reset as above. It threw me off a little since after the reset, the wireless network disappeared until I went in and re-named the SSID to what it used to be (different from what came with router).

Then I tested the browser, and it is still hijacked...
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-22 12:48:18
-----------------------------
12:48:18.035 OS Version: Windows x64 6.1.7600
12:48:18.035 Number of processors: 4 586 0x2502
12:48:18.035 ComputerName: SERA-PC UserName: Sera
12:48:20.812 Initialize success
12:49:23.923 AVAST engine defs: 11102201
12:49:32.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:49:32.737 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
12:49:32.784 Disk 0 MBR read successfully
12:49:32.784 Disk 0 MBR scan
12:49:32.784 Disk 0 MBR:Alureon-I [Rtk]
12:49:32.784 Disk 0 TDL4@MBR code has been found
12:49:32.784 Disk 0 Windows 7 default MBR code found via API
12:49:32.799 Disk 0 MBR hidden
12:49:32.799 Disk 0 MBR [TDL4] **ROOTKIT**
12:49:32.799 Disk 0 trace - called modules:
12:49:32.799 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006fd5254]<<
12:49:32.799 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005203060]
12:49:32.815 3 CLASSPNP.SYS[fffff88001a6543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f87050]
12:49:32.815 \Driver\iaStor[0xfffffa8004f51cb0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006fd5254
12:49:58.196 AVAST engine scan C:\Windows
12:50:31.346 Disk 0 MBR has been saved successfully to "C:\Users\Sera\Desktop\MBR.dat"
12:50:31.362 The log file has been saved successfully to "C:\Users\Sera\Desktop\aswMBR.txt"
12:50:42.007 AVAST engine scan C:\Windows\system32
12:52:32.533 AVAST engine scan C:\Windows\system32\drivers
12:52:42.564 AVAST engine scan C:\Users\Sera
12:54:12.217 AVAST engine scan C:\ProgramData
12:54:44.541 Scan finished successfully
12:55:37.456 Disk 0 MBR has been saved successfully to "C:\Users\Sera\Desktop\MBR.dat"
12:55:37.456 The log file has been saved successfully to "C:\Users\Sera\Desktop\aswMBR.txt"
 
Hold on with Combofix for now....

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Oh, well, too late. ComboFix has been running a while, currently at "Stage 50." I suppose I will let it finish.
I presume TDSSKiller should kill that TDL4 Rootkit?

*Edit*

Combofix log

ComboFix 11-10-21.06 - Sera 10/22/2011 13:34:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2445 [GMT -7:00]
Running from: c:\users\Sera\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-10-22 21:01 . 2011-10-22 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-22 01:17 . 2011-10-22 01:17 -------- d-----w- c:\programdata\Malwarebytes
2011-10-21 23:14 . 2011-10-21 23:48 -------- d-----w- c:\programdata\SecTaskMan
2011-10-21 23:14 . 2011-10-21 23:27 -------- d-----w- c:\program files (x86)\Security Task Manager
2011-10-21 21:37 . 2011-10-21 21:37 -------- d-----w- c:\windows\SysWow64\Wat
2011-10-21 21:35 . 2011-10-21 21:37 -------- d-----w- c:\windows\system32\WAT
2011-10-21 21:35 . 2011-10-21 21:35 -------- d-----w- C:\kleaner.tmp
2011-10-21 21:25 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DC4B536-BE6F-4B65-8579-14F4BAF83506}\mpengine.dll
2011-10-21 21:09 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-10-21 21:09 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-10-21 20:55 . 2011-10-21 20:59 -------- d-----w- c:\program files (x86)\ewido anti-malware
2011-10-21 20:48 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-10-21 20:48 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-10-21 20:48 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-10-21 20:48 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-10-21 20:48 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-21 20:48 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-10-21 20:48 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-21 20:48 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-10-21 20:48 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-21 20:48 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-10-21 20:46 . 2011-10-22 01:17 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-21 02:40 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-21 02:10 . 2011-10-21 02:10 -------- d-----w- c:\program files (x86)\Trend Micro
2011-10-21 00:23 . 2011-10-21 00:23 -------- d-----w- c:\windows\NAPP_Dism_Log
2011-10-21 00:16 . 2011-10-21 00:16 -------- d--h--w- c:\programdata\Common Files
2011-10-21 00:10 . 2011-10-22 20:06 -------- d-----w- c:\programdata\MFAData
2011-10-21 00:05 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2011-10-21 00:05 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2011-10-21 00:05 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-10-21 00:05 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-10-21 00:03 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-10-21 00:02 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll
2011-10-21 00:01 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-10-21 00:00 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-10-20 23:53 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-10-20 23:53 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-10-20 23:53 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-20 23:53 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-10-20 23:53 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-10-20 23:53 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-10-20 23:53 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-10-20 23:53 . 2011-10-20 23:53 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-10-20 23:52 . 2011-10-20 23:52 -------- d-----w- c:\program files (x86)\Microsoft
2011-10-20 23:52 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-10-20 23:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-10-20 23:52 . 2011-10-20 23:52 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-10-20 23:52 . 2011-10-20 23:54 -------- d-----w- c:\program files (x86)\Windows Live
2011-10-20 23:50 . 2011-10-20 23:50 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-10-20 23:49 . 2011-10-20 23:49 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2011-10-20 23:48 . 2011-10-20 23:49 -------- d-----w- c:\program files (x86)\CyberLink
2011-10-20 23:48 . 2011-10-20 23:48 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-20 23:48 . 2011-10-20 23:48 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-20 23:48 . 2011-10-20 23:48 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-10-20 23:48 . 2011-05-25 02:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-20 23:46 . 2010-01-14 20:12 632056 ----a-w- c:\windows\Image.dll
2011-10-20 23:46 . 2010-01-13 17:47 206208 ----a-w- c:\windows\PLFSetI.exe
2011-10-20 23:46 . 2010-01-11 23:16 49464 ----a-w- c:\windows\AutosetFrequency.exe
2011-10-20 23:46 . 2009-12-14 17:05 25848 ----a-w- c:\windows\USB_VIDEO_REG.exe
2011-10-20 23:46 . 2009-11-12 17:29 9168 ----a-w- c:\windows\Suyin.reg
2011-10-20 23:46 . 2010-01-14 20:11 1664248 ----a-w- c:\windows\Acer Crystal Eye webcam.exe
2011-10-20 23:44 . 2011-10-20 23:44 -------- d-----w- c:\program files\Synaptics
2011-10-20 23:41 . 2011-10-20 23:41 -------- d-----w- c:\program files (x86)\Launch Manager
2011-10-20 23:40 . 2011-10-20 23:40 -------- d---a-w- C:\book
2011-10-20 23:37 . 2011-10-20 23:37 -------- d-----w- c:\programdata\OEM_E471269A730D
2011-10-20 23:35 . 2011-10-20 23:40 -------- d-----w- c:\users\Sera
2011-10-20 23:35 . 2011-10-20 23:35 -------- d-----w- C:\Recovery
2011-10-20 23:32 . 2011-10-20 23:32 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-10-20 23:30 . 2011-10-20 23:30 -------- d-----w- c:\program files\Common Files\Intel
2011-10-20 23:30 . 2011-10-20 23:30 -------- d-----w- c:\program files (x86)\Common Files\Intel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 21:07 . 2011-10-22 21:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DC4B536-BE6F-4B65-8579-14F4BAF83506}\offreg.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctODY0MDM1OTI0LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=3d720b752d8847d1ad0ba113f0100082-1fc1b400056ed3528f3ecfcaab2643c4916260be" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-03-17 866336]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 410648]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sera\AppData\Roaming\Mozilla\Firefox\Profiles\ts1a5owq.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2011-10-22 14:23:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-22 21:23
.
Pre-Run: 266,657,427,456 bytes free
Post-Run: 265,990,651,904 bytes free
.
- - End Of File - - 7FE860F294DBEA580C64C9B1F683DF55
 
TDSSKiller (after ComboFix was run) found zero threats.

14:28:49.0369 2568 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
14:28:49.0806 2568 ============================================================
14:28:49.0806 2568 Current date / time: 2011/10/22 14:28:49.0806
14:28:49.0806 2568 SystemInfo:
14:28:49.0806 2568
14:28:49.0806 2568 OS Version: 6.1.7600 ServicePack: 0.0
14:28:49.0806 2568 Product type: Workstation
14:28:49.0806 2568 ComputerName: SERA-PC
14:28:49.0806 2568 UserName: Sera
14:28:49.0806 2568 Windows directory: C:\Windows
14:28:49.0806 2568 System windows directory: C:\Windows
14:28:49.0806 2568 Running under WOW64
14:28:49.0806 2568 Processor architecture: Intel x64
14:28:49.0806 2568 Number of processors: 4
14:28:49.0806 2568 Page size: 0x1000
14:28:49.0806 2568 Boot type: Normal boot
14:28:49.0806 2568 ============================================================
14:28:50.0180 2568 Initialize success
14:28:58.0214 1128 ============================================================
14:28:58.0214 1128 Scan started
14:28:58.0214 1128 Mode: Manual;
14:28:58.0214 1128 ============================================================
14:29:00.0398 1128 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:29:00.0398 1128 1394ohci - ok
14:29:00.0929 1128 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:29:00.0944 1128 ACPI - ok
14:29:01.0334 1128 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:29:01.0350 1128 AcpiPmi - ok
14:29:01.0740 1128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:29:01.0756 1128 adp94xx - ok
14:29:02.0177 1128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:29:02.0192 1128 adpahci - ok
14:29:02.0614 1128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:29:02.0614 1128 adpu320 - ok
14:29:03.0113 1128 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
14:29:03.0113 1128 AFD - ok
14:29:03.0550 1128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:29:03.0550 1128 agp440 - ok
14:29:03.0971 1128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:29:03.0971 1128 aliide - ok
14:29:04.0376 1128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:29:04.0376 1128 amdide - ok
14:29:04.0798 1128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:29:04.0798 1128 AmdK8 - ok
14:29:05.0203 1128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:29:05.0203 1128 AmdPPM - ok
14:29:05.0593 1128 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
14:29:05.0593 1128 amdsata - ok
14:29:06.0030 1128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:29:06.0030 1128 amdsbs - ok
14:29:06.0529 1128 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
14:29:06.0529 1128 amdxata - ok
14:29:06.0950 1128 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:29:06.0966 1128 AppID - ok
14:29:07.0387 1128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:29:07.0387 1128 arc - ok
14:29:07.0777 1128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:29:07.0793 1128 arcsas - ok
14:29:08.0167 1128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:29:08.0167 1128 AsyncMac - ok
14:29:08.0620 1128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:29:08.0620 1128 atapi - ok
14:29:09.0041 1128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:29:09.0056 1128 b06bdrv - ok
14:29:09.0478 1128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:29:09.0493 1128 b57nd60a - ok
14:29:10.0024 1128 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:29:10.0055 1128 BCM43XX - ok
14:29:10.0492 1128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:29:10.0492 1128 Beep - ok
14:29:10.0913 1128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:29:10.0913 1128 blbdrive - ok
14:29:11.0303 1128 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:29:11.0303 1128 bowser - ok
14:29:11.0724 1128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:29:11.0724 1128 BrFiltLo - ok
14:29:12.0098 1128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:29:12.0098 1128 BrFiltUp - ok
14:29:12.0535 1128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:29:12.0551 1128 Brserid - ok
14:29:12.0956 1128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:29:12.0972 1128 BrSerWdm - ok
14:29:13.0378 1128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:29:13.0378 1128 BrUsbMdm - ok
14:29:13.0768 1128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:29:13.0783 1128 BrUsbSer - ok
14:29:14.0173 1128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:29:14.0173 1128 BTHMODEM - ok
14:29:14.0626 1128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:29:14.0626 1128 cdfs - ok
14:29:15.0000 1128 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:29:15.0000 1128 cdrom - ok
14:29:15.0390 1128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:29:15.0390 1128 circlass - ok
14:29:15.0671 1128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:29:15.0671 1128 CLFS - ok
14:29:16.0123 1128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:29:16.0123 1128 CmBatt - ok
14:29:16.0513 1128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:29:16.0513 1128 cmdide - ok
14:29:16.0919 1128 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
14:29:16.0934 1128 CNG - ok
14:29:17.0356 1128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:29:17.0356 1128 Compbatt - ok
14:29:17.0730 1128 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:29:17.0730 1128 CompositeBus - ok
14:29:18.0120 1128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:29:18.0120 1128 crcdisk - ok
14:29:18.0557 1128 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:29:18.0557 1128 DfsC - ok
14:29:18.0962 1128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:29:18.0962 1128 discache - ok
14:29:19.0352 1128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:29:19.0368 1128 Disk - ok
14:29:19.0789 1128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:29:19.0789 1128 drmkaud - ok
14:29:20.0210 1128 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:29:20.0210 1128 DXGKrnl - ok
14:29:20.0866 1128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:29:20.0912 1128 ebdrv - ok
14:29:21.0365 1128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:29:21.0380 1128 elxstor - ok
14:29:21.0786 1128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:29:21.0786 1128 ErrDev - ok
14:29:22.0176 1128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:29:22.0192 1128 exfat - ok
14:29:22.0613 1128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:29:22.0613 1128 fastfat - ok
14:29:23.0050 1128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:29:23.0050 1128 fdc - ok
14:29:23.0471 1128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:29:23.0471 1128 FileInfo - ok
14:29:23.0908 1128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:29:23.0908 1128 Filetrace - ok
14:29:24.0282 1128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:29:24.0298 1128 flpydisk - ok
14:29:24.0688 1128 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:29:24.0688 1128 FltMgr - ok
14:29:25.0124 1128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:29:25.0124 1128 FsDepends - ok
14:29:25.0514 1128 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:29:25.0514 1128 Fs_Rec - ok
14:29:25.0904 1128 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:29:25.0904 1128 fvevol - ok
14:29:26.0341 1128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:29:26.0341 1128 gagp30kx - ok
14:29:26.0794 1128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:29:26.0794 1128 hcw85cir - ok
14:29:27.0215 1128 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:29:27.0230 1128 HdAudAddService - ok
14:29:27.0652 1128 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:29:27.0652 1128 HDAudBus - ok
14:29:28.0026 1128 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:29:28.0026 1128 HECIx64 - ok
14:29:28.0385 1128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:29:28.0385 1128 HidBatt - ok
14:29:28.0790 1128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:29:28.0790 1128 HidBth - ok
14:29:29.0180 1128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:29:29.0180 1128 HidIr - ok
14:29:29.0555 1128 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:29:29.0555 1128 HidUsb - ok
14:29:29.0945 1128 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:29:29.0945 1128 HpSAMD - ok
14:29:30.0335 1128 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:29:30.0350 1128 HTTP - ok
14:29:30.0756 1128 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:29:30.0756 1128 hwpolicy - ok
14:29:31.0115 1128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:29:31.0115 1128 i8042prt - ok
14:29:31.0567 1128 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
14:29:31.0567 1128 iaStor - ok
14:29:32.0004 1128 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
14:29:32.0020 1128 iaStorV - ok
14:29:32.0597 1128 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:29:32.0784 1128 igfx - ok
14:29:33.0158 1128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:29:33.0158 1128 iirsp - ok
14:29:33.0595 1128 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
14:29:33.0595 1128 Impcd - ok
14:29:34.0063 1128 IntcAzAudAddService (51c98815721b44bf70e8aeb3ff3f57d6) C:\Windows\system32\drivers\RTKVHD64.sys
14:29:34.0079 1128 IntcAzAudAddService - ok
14:29:34.0500 1128 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:29:34.0516 1128 IntcDAud - ok
14:29:34.0890 1128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:29:34.0890 1128 intelide - ok
14:29:35.0264 1128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:29:35.0264 1128 intelppm - ok
14:29:35.0639 1128 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:29:35.0639 1128 IpFilterDriver - ok
14:29:36.0029 1128 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:29:36.0029 1128 IPMIDRV - ok
14:29:36.0450 1128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:29:36.0450 1128 IPNAT - ok
14:29:36.0856 1128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:29:36.0856 1128 IRENUM - ok
14:29:37.0246 1128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:29:37.0246 1128 isapnp - ok
14:29:37.0651 1128 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:29:37.0651 1128 iScsiPrt - ok
14:29:38.0072 1128 k57nd60a (c9b4ecc187581e5bf3f76648884b7829) C:\Windows\system32\DRIVERS\k57nd60a.sys
14:29:38.0072 1128 k57nd60a - ok
14:29:38.0462 1128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:29:38.0462 1128 kbdclass - ok
14:29:38.0821 1128 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:29:38.0821 1128 kbdhid - ok
14:29:39.0196 1128 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
14:29:39.0211 1128 KSecDD - ok
14:29:39.0570 1128 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
14:29:39.0586 1128 KSecPkg - ok
14:29:39.0944 1128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:29:39.0944 1128 ksthunk - ok
14:29:40.0412 1128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:29:40.0412 1128 lltdio - ok
14:29:40.0802 1128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:29:40.0802 1128 LSI_FC - ok
14:29:41.0161 1128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:29:41.0177 1128 LSI_SAS - ok
14:29:41.0551 1128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:29:41.0551 1128 LSI_SAS2 - ok
14:29:41.0910 1128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:29:41.0910 1128 LSI_SCSI - ok
14:29:42.0269 1128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:29:42.0269 1128 luafv - ok
14:29:42.0612 1128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:29:42.0628 1128 megasas - ok
14:29:43.0064 1128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:29:43.0064 1128 MegaSR - ok
14:29:43.0454 1128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:29:43.0454 1128 Modem - ok
14:29:43.0813 1128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:29:43.0813 1128 monitor - ok
14:29:44.0188 1128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:29:44.0188 1128 mouclass - ok
14:29:44.0593 1128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:29:44.0593 1128 mouhid - ok
14:29:44.0968 1128 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:29:44.0968 1128 mountmgr - ok
14:29:45.0389 1128 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:29:45.0389 1128 mpio - ok
14:29:45.0919 1128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:29:45.0919 1128 mpsdrv - ok
14:29:46.0356 1128 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:29:46.0356 1128 MRxDAV - ok
14:29:46.0793 1128 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:29:46.0793 1128 mrxsmb - ok
14:29:47.0214 1128 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:29:47.0214 1128 mrxsmb10 - ok
14:29:47.0620 1128 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:29:47.0620 1128 mrxsmb20 - ok
14:29:48.0025 1128 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:29:48.0025 1128 msahci - ok
14:29:48.0415 1128 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:29:48.0415 1128 msdsm - ok
14:29:48.0837 1128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:29:48.0837 1128 Msfs - ok
14:29:49.0227 1128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:29:49.0227 1128 mshidkmdf - ok
14:29:49.0617 1128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:29:49.0617 1128 msisadrv - ok
14:29:50.0007 1128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:29:50.0007 1128 MSKSSRV - ok
14:29:50.0397 1128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:29:50.0397 1128 MSPCLOCK - ok
14:29:50.0802 1128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:29:50.0802 1128 MSPQM - ok
14:29:51.0239 1128 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:29:51.0239 1128 MsRPC - ok
14:29:51.0645 1128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:29:51.0645 1128 mssmbios - ok
14:29:52.0019 1128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:29:52.0019 1128 MSTEE - ok
14:29:52.0393 1128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:29:52.0393 1128 MTConfig - ok
14:29:52.0799 1128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:29:52.0799 1128 Mup - ok
14:29:53.0267 1128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:29:53.0283 1128 NativeWifiP - ok
14:29:53.0719 1128 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:29:53.0735 1128 NDIS - ok
14:29:54.0109 1128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:29:54.0109 1128 NdisCap - ok
14:29:54.0499 1128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:29:54.0499 1128 NdisTapi - ok
14:29:54.0889 1128 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:29:54.0889 1128 Ndisuio - ok
14:29:55.0295 1128 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:29:55.0295 1128 NdisWan - ok
14:29:55.0716 1128 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:29:55.0716 1128 NDProxy - ok
14:29:56.0106 1128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:29:56.0106 1128 NetBIOS - ok
14:29:56.0559 1128 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:29:56.0574 1128 NetBT - ok
14:29:56.0995 1128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:29:56.0995 1128 nfrd960 - ok
14:29:57.0370 1128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:29:57.0385 1128 Npfs - ok
14:29:57.0729 1128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:29:57.0729 1128 nsiproxy - ok
14:29:58.0306 1128 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
14:29:58.0337 1128 Ntfs - ok
14:29:58.0727 1128 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
14:29:58.0727 1128 NTIDrvr - ok
14:29:59.0086 1128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:29:59.0086 1128 Null - ok
14:29:59.0507 1128 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
14:29:59.0523 1128 nvraid - ok
14:29:59.0913 1128 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
14:29:59.0928 1128 nvstor - ok
14:30:00.0287 1128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:30:00.0287 1128 nv_agp - ok
14:30:00.0693 1128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:30:00.0693 1128 ohci1394 - ok
14:30:01.0114 1128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:30:01.0129 1128 Parport - ok
14:30:01.0535 1128 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:30:01.0535 1128 partmgr - ok
14:30:01.0956 1128 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:30:01.0956 1128 pci - ok
14:30:02.0362 1128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:30:02.0377 1128 pciide - ok
14:30:02.0783 1128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:30:02.0799 1128 pcmcia - ok
14:30:03.0173 1128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:30:03.0173 1128 pcw - ok
14:30:03.0641 1128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:30:03.0657 1128 PEAUTH - ok
14:30:04.0093 1128 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:30:04.0093 1128 PptpMiniport - ok
14:30:04.0468 1128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:30:04.0468 1128 Processor - ok
14:30:04.0936 1128 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:30:04.0936 1128 Psched - ok
14:30:05.0466 1128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:30:05.0497 1128 ql2300 - ok
14:30:05.0856 1128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:30:05.0872 1128 ql40xx - ok
14:30:06.0231 1128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:30:06.0231 1128 QWAVEdrv - ok
14:30:06.0636 1128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:30:06.0636 1128 RasAcd - ok
14:30:07.0042 1128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:30:07.0042 1128 RasAgileVpn - ok
14:30:07.0463 1128 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:07.0463 1128 Rasl2tp - ok
14:30:07.0869 1128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:07.0869 1128 RasPppoe - ok
14:30:08.0243 1128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:30:08.0259 1128 RasSstp - ok
14:30:08.0680 1128 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:30:08.0680 1128 rdbss - ok
14:30:09.0085 1128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:30:09.0085 1128 rdpbus - ok
14:30:09.0491 1128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:09.0491 1128 RDPCDD - ok
14:30:09.0897 1128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:30:09.0897 1128 RDPENCDD - ok
14:30:10.0271 1128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:30:10.0287 1128 RDPREFMP - ok
14:30:10.0645 1128 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:30:10.0661 1128 RDPWD - ok
14:30:11.0035 1128 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:30:11.0035 1128 rdyboost - ok
14:30:11.0425 1128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:30:11.0425 1128 rspndr - ok
14:30:11.0800 1128 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys
14:30:11.0815 1128 RSUSBSTOR - ok
14:30:12.0174 1128 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:30:12.0174 1128 sbp2port - ok
14:30:12.0580 1128 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:30:12.0580 1128 scfilter - ok
14:30:13.0001 1128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:30:13.0001 1128 secdrv - ok
14:30:13.0407 1128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:30:13.0407 1128 Serenum - ok
14:30:13.0812 1128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:30:13.0812 1128 Serial - ok
14:30:14.0218 1128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:30:14.0218 1128 sermouse - ok
14:30:14.0639 1128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:30:14.0639 1128 sffdisk - ok
14:30:15.0060 1128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:30:15.0060 1128 sffp_mmc - ok
14:30:15.0466 1128 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:30:15.0466 1128 sffp_sd - ok
14:30:15.0871 1128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:30:15.0887 1128 sfloppy - ok
14:30:16.0308 1128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:30:16.0308 1128 SiSRaid2 - ok
14:30:16.0667 1128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:30:16.0667 1128 SiSRaid4 - ok
14:30:17.0041 1128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:30:17.0041 1128 Smb - ok
14:30:17.0447 1128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:30:17.0447 1128 spldr - ok
14:30:17.0899 1128 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:30:17.0899 1128 srv - ok
14:30:18.0305 1128 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:30:18.0321 1128 srv2 - ok
14:30:18.0695 1128 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:30:18.0695 1128 srvnet - ok
14:30:19.0069 1128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:30:19.0069 1128 stexstor - ok
14:30:19.0428 1128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:30:19.0428 1128 swenum - ok
14:30:19.0834 1128 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
14:30:19.0834 1128 SynTP - ok
14:30:20.0271 1128 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
14:30:20.0286 1128 Tcpip - ok
14:30:20.0707 1128 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
14:30:20.0723 1128 TCPIP6 - ok
14:30:21.0113 1128 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:30:21.0113 1128 tcpipreg - ok
14:30:21.0487 1128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:30:21.0487 1128 TDPIPE - ok
14:30:21.0862 1128 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:30:21.0862 1128 TDTCP - ok
14:30:22.0221 1128 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:30:22.0221 1128 tdx - ok
14:30:22.0611 1128 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:30:22.0611 1128 TermDD - ok
14:30:23.0047 1128 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:23.0047 1128 tssecsrv - ok
14:30:23.0453 1128 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:30:23.0453 1128 tunnel - ok
14:30:23.0859 1128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:30:23.0859 1128 uagp35 - ok
14:30:24.0264 1128 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
14:30:24.0264 1128 UBHelper - ok
14:30:24.0701 1128 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:30:24.0701 1128 udfs - ok
14:30:25.0138 1128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:30:25.0138 1128 uliagpkx - ok
14:30:25.0512 1128 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:30:25.0512 1128 umbus - ok
14:30:25.0871 1128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:30:25.0871 1128 UmPass - ok
14:30:26.0308 1128 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
14:30:26.0308 1128 usbccgp - ok
14:30:26.0713 1128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:30:26.0713 1128 usbcir - ok
14:30:27.0119 1128 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
14:30:27.0119 1128 usbehci - ok
14:30:27.0556 1128 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
14:30:27.0571 1128 usbhub - ok
14:30:27.0961 1128 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
14:30:27.0961 1128 usbohci - ok
14:30:28.0351 1128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:30:28.0351 1128 usbprint - ok
14:30:28.0773 1128 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:28.0773 1128 USBSTOR - ok
14:30:29.0209 1128 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:30:29.0209 1128 usbuhci - ok
14:30:29.0615 1128 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
14:30:29.0631 1128 usbvideo - ok
14:30:30.0036 1128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:30:30.0036 1128 vdrvroot - ok
14:30:30.0473 1128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:30:30.0473 1128 vga - ok
14:30:30.0832 1128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:30:30.0832 1128 VgaSave - ok
14:30:31.0222 1128 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:30:31.0222 1128 vhdmp - ok
14:30:31.0612 1128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:30:31.0612 1128 viaide - ok
14:30:32.0017 1128 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:30:32.0017 1128 volmgr - ok
14:30:32.0423 1128 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:30:32.0423 1128 volmgrx - ok
14:30:32.0797 1128 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:30:32.0813 1128 volsnap - ok
14:30:33.0203 1128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:30:33.0203 1128 vsmraid - ok
14:30:33.0562 1128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:30:33.0562 1128 vwifibus - ok
14:30:33.0936 1128 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:30:33.0936 1128 vwififlt - ok
14:30:34.0357 1128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:30:34.0357 1128 WacomPen - ok
14:30:34.0763 1128 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:34.0763 1128 WANARP - ok
14:30:34.0779 1128 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:34.0779 1128 Wanarpv6 - ok
14:30:35.0200 1128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:30:35.0200 1128 Wd - ok
14:30:35.0574 1128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:30:35.0590 1128 Wdf01000 - ok
14:30:36.0027 1128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:30:36.0027 1128 WfpLwf - ok
14:30:36.0385 1128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:30:36.0385 1128 WIMMount - ok
14:30:36.0838 1128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:30:36.0838 1128 WmiAcpi - ok
14:30:37.0259 1128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:30:37.0275 1128 ws2ifsl - ok
14:30:37.0696 1128 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:30:37.0696 1128 WudfPf - ok
14:30:37.0727 1128 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:30:37.0758 1128 \Device\Harddisk0\DR0 - ok
14:30:37.0758 1128 Boot (0x1200) (fecbb432cf37e836dfd845ff07da652f) \Device\Harddisk0\DR0\Partition0
14:30:37.0758 1128 \Device\Harddisk0\DR0\Partition0 - ok
14:30:37.0774 1128 Boot (0x1200) (ccc0c62b3284e18a13611efa867e85b3) \Device\Harddisk0\DR0\Partition1
14:30:37.0774 1128 \Device\Harddisk0\DR0\Partition1 - ok
14:30:37.0774 1128 ============================================================
14:30:37.0774 1128 Scan finished
14:30:37.0774 1128 ============================================================
14:30:37.0789 1952 Detected object count: 0
14:30:37.0789 1952 Actual detected object count: 0
 
Good Lord, after all this, the browser is still redirecting!!

What could possibly be remaining, even after I do a system restore to factory reset? Which I tried even before posting here on Techspot? Should clean install of Windows be next?
 
Your MBR is still infected.

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

exit

Restart computer.

Post new aswMBR log.
 
Hm. After I did the bootrec /fixmber and exit, the computer is now saying "Your computer was unable to start" and is offering me Startup Repair..
 
Go back to System Recovery.
Perform bootrec /fixmbr command one more time and additionally perform this command:
bootrec /fixboot
Make sure you don't misspell anything.
 
OK did that.
Computer still says computer is unable to start and offers Startup Repair option. One difference from before is I can for a split second see a blue screen with white letters on top,which I can't make out due to the short duration. This screen comes up, then it goes to black to give me the Startup Repair screen. Even if I press startup repair, after a while, it just gives the mesage "Windows cannot repair this computer automatically."

This is an Acer Aspire 5741-5763 and never came with the Windows disc. In the beginning, I did make the "backup" DVD's as the computer instructed, but if the computer does not boot at all, how does one Restore the computer using the backup DVD's I had made? Do you just stick in the disc #1 and restart?
 
Yes, even in safe mode, windows still fails to start and gives me the same Repair Startup Menu, which does not fix things.
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
I booted from the OTLPE disc, and it went to REATOGO-X-PE, then a blue screen appeared that said: "A problem has been detected and windows has been shut down to prevent damage to your computer

If this is the first time...restart ...if again, follow these steps:
Check for viruses..remove any newly installed hard drives...Run CHKDSK /F to check for hard drive corruption, etc

Technical Information:
*** Stop: 0x0000007B (OxF78DA528, OxC0000034, 0x00000000, zx00000000)"
 
1. Click Start, click Run, type chkdsk /f /r, and then click OK.
2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
3. Restart the computer.
4. Chkdsk will run.
 
I could not even get to the "start" button since I could not boot in any mode, normal, safe, or OTLPE boot disc.

I ended up just Restoring to factory settings and hope for the best. So far so good this time, and I wonder fixmbr command made the difference this time compared to last time I did the factory reset.

I ran ansMBR after reset.


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-24 22:46:27
-----------------------------
22:46:27.357 OS Version: Windows x64 6.1.7600
22:46:27.357 Number of processors: 4 586 0x2502
22:46:27.358 ComputerName: SERA-PC UserName: sera
22:46:29.906 Initialize success
22:46:30.067 AVAST engine defs: 11102402
22:46:42.090 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:46:42.094 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
22:46:42.112 Disk 0 MBR read successfully
22:46:42.117 Disk 0 MBR scan
22:46:42.122 Disk 0 Windows 7 default MBR code
22:46:42.126 Service scanning
22:46:45.882 Modules scanning
22:46:45.889 Disk 0 trace - called modules:
22:46:45.923 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:46:45.930 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005229060]
22:46:45.936 3 CLASSPNP.SYS[fffff88001aad43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004faf050]
22:46:47.704 AVAST engine scan C:\Windows
22:46:52.029 AVAST engine scan C:\Windows\system32
22:47:41.061 AVAST engine scan C:\Windows\system32\drivers
22:47:45.644 AVAST engine scan C:\Users\sera
22:48:08.466 AVAST engine scan C:\ProgramData
22:48:14.831 Scan finished successfully
22:48:54.533 Disk 0 MBR has been saved successfully to "C:\Users\sera\Desktop\MBR.dat"
22:48:54.538 The log file has been saved successfully to "C:\Users\sera\Desktop\aswMBR.txt"
 
You must log in or register to reply here.

Similar threads

S
Solved Browser Hijacker causing extensive Win8 issues
2 3 4
Replies
75
Views
19K
Broni
Broni
D
Solved Lingering virus/malware sluggish computer browser hijacker?
Replies
17
Views
6K
Broni
Broni
S
Solved BSOD - Not sure what caused this
Replies
19
Views
7K
Broni
Broni

Latest posts

Back