Search Engine redirect virus?

Good day. I have what appears to be a redirect virus. I search for one thing and a totally different item appears. I am using Windows XP and Firefox, McAfee AV. All systems are up to date. Please help

• Please download TDSSKiller from here and save it to your Desktop
• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
  
  
  
  
  
• Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)
• If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
  
  
  
  
  
• Click Start Scan and allow the scan process to run
  
  
• If threats are detected select Skip for all of them unless I instruct you otherwise
• Click Continue
  
  
  
  
  
• Click Reboot computer
• Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply

===================================================


aswMBR

--------------------

• Download aswMBR and save it to your desktop.
  
• Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
• If you need help to disable your protection programs see here and here.
• Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
• Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.
  
  
  
  
• When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
  
  
  
  
• Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
• Click the   button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  
  

  

• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under scan settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  
  
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
• Click the Back button.
• Click the Finish button.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment.

• TDSSKiller log
• aswMBR log
• ESET results

 

I'm doing all of the above now and will post results when finished. Thank you very much!

I posted the information and it's now gone. Should I post it again? Thank you.

Where did you post it? Post it again here

I am going to have to post the results in parts. The TDSS file is very large and there is a text in the lower right hand corner of this dialog box that reads "saving post" that does not go away. So, I''l send it in a few different parts.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-21 10:49:39
-----------------------------
10:49:39.468    OS Version: Windows 5.1.2600 Service Pack 3
10:49:39.468    Number of processors: 1 586 0x209
10:49:39.468    ComputerName: JOHN  UserName: User
10:49:40.109    Initialize success
10:53:10.625    AVAST engine defs: 13022102
10:55:58.265    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:55:58.265    Disk 0 Vendor: WDC_WD1600AAJB-56R1A0 01.03E01 Size: 152627MB BusType: 3
10:55:58.296    Disk 0 MBR read successfully
10:55:58.296    Disk 0 MBR scan
10:55:58.343    Disk 0 Windows XP default MBR code
10:55:58.343    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 63
10:55:58.343    Disk 0 scanning sectors +312560640
10:55:58.406    Disk 0 scanning C:\WINDOWS\system32\drivers
10:56:09.453    Service scanning
10:56:26.953    Modules scanning
10:56:30.812    Module: C:\WINDOWS\system32\drivers\hardlock.sys  **SUSPICIOUS**
10:56:31.250    Disk 0 trace - called modules:
10:56:31.281    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:56:31.781    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b9f2ab8]
10:56:31.781    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ba3cd98]
10:56:32.515    AVAST engine scan C:\WINDOWS
10:56:37.187    AVAST engine scan C:\WINDOWS\system32
11:00:24.250    AVAST engine scan C:\WINDOWS\system32\drivers
11:00:39.859    AVAST engine scan C:\Documents and Settings\User
11:08:28.140    File: C:\Documents and Settings\User\My Documents\Downloaded Installations\1465\install\START.EXE  **INFECTED** Win32:CIH-G@dam
11:22:20.703    AVAST engine scan C:\Documents and Settings\All Users
11:24:50.968    Scan finished successfully
11:26:53.015    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\My Documents\MBR.dat"
11:26:53.031    The log file has been saved successfully to "C:\Documents and Settings\User\My Documents\aswMBR.txt"

 

Eset Results

 

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\b6iqtc4o.default\prefs.js    JS/SecurityDisabler.A.Gen application    cleaned by deleting - quarantined
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\b6iqtc4o.default\user.js    JS/SecurityDisabler.A.Gen application    cleaned by deleting - quarantined
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\b6iqtc4o.default\extensions\xpdqcytlsc@xpdqcytlsc.org.xpi    JS/Redirector.NCI trojan    deleted - quarantined
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\4\8f85c44-11d90e29    multiple threats    deleted - quarantined
C:\Documents and Settings\User\Local Settings\temp\ICReinstall_Firefox_Setup_18.0.1[1].exe    a variant of Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\temp\is1275519350\yontoo-c4.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\GOMPLAYERENSETUP.EXE    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\Setup_FreeAVCHDConverter.exe    Win32/Toolbar.SearchSuite application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{E0C42019-9E51-4C8A-9C6D-97DDD96DD210}\RP776\A0095426.rbf    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{E0C42019-9E51-4C8A-9C6D-97DDD96DD210}\RP776\A0095427.rbf    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{E0C42019-9E51-4C8A-9C6D-97DDD96DD210}\RP776\A0095431.rbf    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{E0C42019-9E51-4C8A-9C6D-97DDD96DD210}\RP776\A0095457.msi    probably a variant of Win32/Toolbar.Widgi application    deleted - quarantined
C:\WINDOWS\Installer\MSI294.tmp    probably a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
 

TDSS Part 1

 

 

10:29:14.0062 0944  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:29:16.0171 0944  ============================================================
10:29:16.0171 0944  Current date / time: 2013/02/21 10:29:16.0171
10:29:16.0171 0944  SystemInfo:
10:29:16.0171 0944  
10:29:16.0171 0944  OS Version: 5.1.2600 ServicePack: 3.0
10:29:16.0171 0944  Product type: Workstation
10:29:16.0171 0944  ComputerName: JOHN
10:29:16.0171 0944  UserName: User
10:29:16.0171 0944  Windows directory: C:\WINDOWS
10:29:16.0171 0944  System windows directory: C:\WINDOWS
10:29:16.0171 0944  Processor architecture: Intel x86
10:29:16.0171 0944  Number of processors: 1
10:29:16.0171 0944  Page size: 0x1000
10:29:16.0171 0944  Boot type: Normal boot
10:29:16.0171 0944  ============================================================
10:29:18.0875 0944  BG loaded
10:29:22.0312 0944  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:29:22.0359 0944  Drive \Device\Harddisk1\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:29:22.0359 0944  ============================================================
10:29:22.0359 0944  \Device\Harddisk0\DR0:
10:29:22.0359 0944  MBR partitions:
10:29:22.0359 0944  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
10:29:22.0359 0944  \Device\Harddisk1\DR2:
10:29:22.0359 0944  MBR partitions:
10:29:22.0359 0944  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
10:29:22.0359 0944  ============================================================
10:29:22.0578 0944  C: <-> \Device\Harddisk0\DR0\Partition1
10:29:22.0593 0944  E: <-> \Device\Harddisk1\DR2\Partition1
10:29:22.0593 0944  ============================================================
10:29:22.0593 0944  Initialize success
10:29:22.0593 0944  ============================================================
10:33:47.0734 3664  ============================================================
10:33:47.0734 3664  Scan started
10:33:47.0734 3664  Mode: Manual; TDLFS;
10:33:47.0734 3664  ============================================================
10:33:48.0093 3664  ================ Scan system memory ========================
10:33:48.0109 3664  System memory - ok
10:33:48.0109 3664  ================ Scan services =============================
10:33:48.0250 3664  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:33:48.0250 3664  !SASCORE - ok
10:33:48.0984 3664  Abiosdsk - ok
10:33:48.0984 3664  abp480n5 - ok
10:33:49.0109 3664  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:33:49.0125 3664  ACPI - ok
10:33:49.0203 3664  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:33:49.0203 3664  ACPIEC - ok
10:33:49.0453 3664  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:33:49.0593 3664  AdobeFlashPlayerUpdateSvc - ok
10:33:49.0609 3664  adpu160m - ok
10:33:49.0625 3664  aeaudio - ok
10:33:49.0703 3664  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:33:49.0718 3664  aec - ok
10:33:49.0796 3664  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:33:49.0796 3664  AFD - ok
10:33:49.0796 3664  Aha154x - ok
10:33:49.0812 3664  aic78u2 - ok
10:33:49.0828 3664  aic78xx - ok
10:33:49.0875 3664  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:33:49.0875 3664  Alerter - ok
10:33:49.0921 3664  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
10:33:49.0921 3664  ALG - ok
10:33:49.0937 3664  AliIde - ok
10:33:49.0968 3664  amsint - ok
10:33:50.0000 3664  [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
10:33:50.0000 3664  APC Data Service - ok
10:33:50.0046 3664  [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
10:33:50.0062 3664  APC UPS Service - ok
10:33:50.0187 3664  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:33:50.0187 3664  Apple Mobile Device - ok
10:33:50.0187 3664  AppMgmt - ok
10:33:50.0234 3664  asc - ok
10:33:50.0234 3664  asc3350p - ok
10:33:50.0250 3664  asc3550 - ok
10:33:50.0406 3664  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:33:50.0515 3664  aspnet_state - ok
10:33:50.0593 3664  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:33:50.0593 3664  AsyncMac - ok
10:33:50.0656 3664  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:33:50.0656 3664  atapi - ok
10:33:50.0671 3664  Atdisk - ok
10:33:50.0734 3664  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:33:50.0734 3664  Atmarpc - ok
10:33:50.0812 3664  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:33:50.0812 3664  AudioSrv - ok
10:33:50.0859 3664  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:33:50.0875 3664  audstub - ok
10:33:51.0015 3664  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:33:51.0031 3664  Beep - ok
10:33:51.0203 3664  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:33:51.0234 3664  BITS - ok
10:33:51.0437 3664  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:33:51.0453 3664  Bonjour Service - ok
10:33:51.0484 3664  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
10:33:51.0562 3664  Browser - ok
10:33:51.0828 3664  catchme - ok
10:33:51.0906 3664  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:33:51.0906 3664  cbidf2k - ok
10:33:51.0937 3664  cd20xrnt - ok
10:33:51.0968 3664  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:33:51.0968 3664  Cdaudio - ok
10:33:52.0093 3664  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:33:52.0093 3664  Cdfs - ok
10:33:52.0250 3664  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:33:52.0437 3664  Cdrom - ok
10:33:52.0468 3664  [ 7E6F7DA1C4DE5680820F964562548949 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
10:33:52.0468 3664  cfwids - ok
10:33:52.0546 3664  Changer - ok
10:33:52.0593 3664  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:33:52.0640 3664  CiSvc - ok
10:33:52.0687 3664  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:33:52.0687 3664  ClipSrv - ok
10:33:52.0781 3664  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:33:52.0875 3664  clr_optimization_v2.0.50727_32 - ok
10:33:53.0234 3664  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:33:53.0375 3664  clr_optimization_v4.0.30319_32 - ok
10:33:53.0390 3664  CmdIde - ok
10:33:53.0421 3664  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:33:53.0437 3664  Compbatt - ok
10:33:53.0562 3664  COMSysApp - ok
10:33:53.0578 3664  Cpqarray - ok
10:33:53.0671 3664  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:33:53.0687 3664  CryptSvc - ok
10:33:53.0687 3664  dac2w2k - ok
10:33:53.0703 3664  dac960nt - ok
10:33:53.0859 3664  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:33:53.0859 3664  DcomLaunch - ok
10:33:53.0890 3664  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:33:53.0890 3664  Dhcp - ok
10:33:53.0968 3664  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys

Just post last few lines of TDSSkiller log alone.

TDSS Part 2

 

10:33:53.0968 3664  Disk - ok
10:33:53.0984 3664  dmadmin - ok
10:33:54.0234 3664  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:33:54.0265 3664  dmboot - ok
10:33:54.0578 3664  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:33:54.0609 3664  dmio - ok
10:33:54.0640 3664  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:33:54.0656 3664  dmload - ok
10:33:54.0734 3664  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:33:54.0765 3664  dmserver - ok
10:33:54.0828 3664  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:33:54.0828 3664  DMusic - ok
10:33:55.0000 3664  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:33:55.0000 3664  Dnscache - ok
10:33:55.0203 3664  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:33:55.0296 3664  Dot3svc - ok
10:33:55.0312 3664  dpti2o - ok
10:33:55.0421 3664  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:33:55.0421 3664  drmkaud - ok
10:33:55.0453 3664  [ D94437E7EE086677B266099F695CDEA1 ] E1000           C:\WINDOWS\system32\DRIVERS\e1000325.sys
10:33:55.0562 3664  E1000 - ok
10:33:55.0750 3664  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:33:55.0750 3664  EapHost - ok
10:33:55.0968 3664  [ 1428AF5504E8D8B353F5136BDECC20CC ] EaseUS Agent    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
10:33:55.0984 3664  EaseUS Agent - ok
10:33:56.0015 3664  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:33:56.0015 3664  ERSvc - ok
10:33:56.0109 3664  [ 9F92AA4B29781706368FDD5CA667FB77 ] EUBAKUP         C:\WINDOWS\system32\drivers\eubakup.sys
10:33:56.0296 3664  EUBAKUP - ok
10:33:56.0312 3664  EUBAKUP0 - ok
10:33:56.0343 3664  [ D3ACFE7826D7629B6C4A8744AEEB87B5 ] EUBKMON         C:\WINDOWS\system32\drivers\EUBKMON.sys
10:33:56.0437 3664  EUBKMON - ok
10:33:56.0468 3664  EUBKMON0 - ok
10:33:56.0500 3664  [ AA60F425359F7A8397723BBC9FBE85AF ] EUDSKACS        C:\WINDOWS\system32\drivers\eudskacs.sys
10:33:56.0687 3664  EUDSKACS - ok
10:33:56.0703 3664  [ A41686470FB5FDA7D985ADC8798FBAE3 ] EUFDDISK        C:\WINDOWS\system32\drivers\EuFdDisk.sys
10:33:56.0890 3664  EUFDDISK - ok
10:33:56.0937 3664  EUFDDISK0 - ok
10:33:57.0046 3664  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
10:33:57.0046 3664  Eventlog - ok
10:33:57.0078 3664  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
10:33:57.0078 3664  EventSystem - ok
10:33:57.0109 3664  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:33:57.0140 3664  Fastfat - ok
10:33:57.0187 3664  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:33:57.0203 3664  FastUserSwitchingCompatibility - ok
10:33:57.0218 3664  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:33:57.0250 3664  Fdc - ok
10:33:57.0281 3664  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:33:57.0343 3664  Fips - ok
10:33:57.0484 3664  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:33:57.0625 3664  FLEXnet Licensing Service - ok
10:33:57.0828 3664  [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
10:33:57.0828 3664  FlipShare Service - ok
10:33:58.0000 3664  [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
10:33:58.0015 3664  FlipShareServer - ok
10:33:58.0031 3664  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:33:58.0031 3664  Flpydisk - ok
10:33:58.0125 3664  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:33:58.0140 3664  FltMgr - ok
10:33:58.0234 3664  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:33:58.0281 3664  FontCache3.0.0.0 - ok
10:33:58.0312 3664  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:33:58.0312 3664  Fs_Rec - ok
10:33:58.0343 3664  [ B7AA8283EC551D3A3B924E520E0621A7 ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
10:33:58.0578 3664  FTDIBUS - ok
10:33:58.0593 3664  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:33:58.0609 3664  Ftdisk - ok
10:33:58.0687 3664  [ 596D31583CE332B5514520D74837F434 ] FTSER2K         C:\WINDOWS\system32\drivers\ftser2k.sys
10:33:58.0781 3664  FTSER2K - ok
10:33:58.0843 3664  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:33:58.0937 3664  GEARAspiWDM - ok
10:33:59.0000 3664  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:33:59.0000 3664  Gpc - ok
10:33:59.0046 3664  [ 922D79BFE60E6277DAA15DFD2A751F4D ] Guard Agent     C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
10:33:59.0078 3664  Guard Agent - ok
10:33:59.0171 3664  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:33:59.0281 3664  gupdate - ok
10:33:59.0296 3664  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:33:59.0296 3664  gupdatem - ok
10:33:59.0421 3664  [ 303CE8B1397D88FA0F1B9E8AB212939F ] hardlock        C:\WINDOWS\system32\drivers\hardlock.sys
10:34:02.0031 3664  hardlock - ok
10:34:02.0078 3664  [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt          C:\WINDOWS\system32\drivers\Haspnt.sys
10:34:02.0171 3664  Haspnt - ok
10:34:02.0234 3664  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:34:02.0250 3664  helpsvc - ok
10:34:02.0296 3664  [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt         C:\WINDOWS\system32\DRIVERS\HidBatt.sys
10:34:02.0312 3664  HidBatt - ok
10:34:02.0312 3664  HidServ - ok
10:34:02.0390 3664  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:34:02.0406 3664  HidUsb - ok
10:34:02.0453 3664  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:34:02.0453 3664  hkmsvc - ok
10:34:02.0484 3664  hpn - ok
10:34:02.0609 3664  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:34:02.0609 3664  HTTP - ok
10:34:02.0656 3664  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:34:02.0671 3664  HTTPFilter - ok
10:34:02.0671 3664  i2omgmt - ok
10:34:02.0687 3664  i2omp - ok
10:34:02.0750 3664  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:34:02.0750 3664  i8042prt - ok
10:34:02.0906 3664  [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:34:03.0078 3664  ialm - ok
10:34:03.0218 3664  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:34:03.0359 3664  idsvc - ok
10:34:03.0421 3664  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:34:03.0421 3664  Imapi - ok
10:34:03.0468 3664  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:34:03.0468 3664  ImapiService - ok
10:34:03.0531 3664  ini910u - ok
10:34:03.0640 3664  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:34:03.0640 3664  IntelIde - ok
10:34:03.0796 3664  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:34:03.0796 3664  intelppm - ok
10:34:04.0109 3664  [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
10:34:04.0109 3664  IntuitUpdateService - ok
10:34:04.0156 3664  [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
10:34:04.0171 3664  IntuitUpdateServiceV4 - ok
10:34:04.0250 3664  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:34:04.0265 3664  Ip6Fw - ok
10:34:04.0296 3664  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:34:04.0296 3664  IpFilterDriver - ok
10:34:04.0312 3664  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:34:04.0312 3664  IpInIp - ok
10:34:04.0328 3664  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:34:04.0343 3664  IpNat - ok
10:34:04.0421 3664  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:34:04.0578 3664  iPod Service - ok
10:34:04.0640 3664  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sy@
10:34:04.0640 3664  IPSec - ok
10:34:04.0703 3664  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:34:04.0703 3664  IRENUM - ok
10:34:04.0781 3664  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:34:04.0781 3664  isapnp - ok
10:34:04.0796 3664  itlperf - ok
10:34:04.0843 3664  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:34:04.0843 3664  Kbdclass - ok
10:34:04.0890 3664  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:34:04.0890 3664  kbdhid - ok
10:34:05.0031 3664  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:34:05.0031 3664  kmixer - ok
10:34:05.0093 3664  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:34:05.0109 3664  KSecDD - ok
10:34:05.0187 3664  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
10:34:05.0203 3664  LanmanServer - ok
10:34:05.0296 3664  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:34:05.0312 3664  lanmanworkstation - ok
10:34:05.0328 3664  lbrtfdc - ok
10:34:05.0375 3664  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:34:05.0375 3664  LmHosts - ok
10:34:05.0484 3664  [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
10:34:05.0484 3664  McAfee SiteAdvisor Service - ok
10:34:05.0593 3664  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
10:34:05.0718 3664  McComponentHostService - ok
10:34:05.0718 3664  [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McMPFSvc        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
10:34:05.0734 3664  McMPFSvc - ok
10:34:05.0750 3664  [ B26A3EA976E6FD5C03C65F6E5824AD7C ] mcmscsvc        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
10:34:05.0750 3664  mcmscsvc - ok
10:34:05.0796 3664  [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McNaiAnn        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
10:34:05.0796 3664  McNaiAnn - ok
10:34:05.0812 3664  [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McNASvc         C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
10:34:05.0812 3664  McNASvc - ok
10:34:05.0968 3664  [ ADA83A989D5822DAA5E2F62FDF118AC6 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
10:34:05.0968 3664  McODS - ok
10:34:05.0984 3664  [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McProxy         C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
10:34:05.0984 3664  McProxy - ok
10:34:06.0046 3664  [ BE02C80A9D856868BB14E4C7DB6F82BB ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
10:34:06.0046 3664  McShield - ok
10:34:06.0078 3664  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:34:06.0140 3664  Messenger - ok
10:34:06.0171 3664  [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf              C:\WINDOWS\system32\DRIVERS\mf.sys
10:34:06.0171 3664  mf - ok
10:34:06.0234 3664  [ 84D59A3EDDFB9438FB94F7F80D37859D ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
10:34:06.0234 3664  mfeapfk - ok
10:34:06.0421 3664  [ 67E961988312B1A28D6F93357B0BF998 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
10:34:06.0421 3664  mfeavfk - ok
10:34:06.0437 3664  mfeavfk01 - ok
10:34:06.0453 3664  [ 19161B1796CF74A6A326ABDE309062BA ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
10:34:06.0453 3664  mfebopk - ok
10:34:06.0515 3664  [ 3D8E909DA47E22E2B32056FD2AE66EDE ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
10:34:06.0515 3664  mfefire - ok
10:34:06.0531 3664  [ D5F89B4934960C70882924D992C6ABFC ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
10:34:06.0640 3664  mfefirek - ok
10:34:06.0687 3664  [ 0EFAB2B91B27543FE589DE700DE07136 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
10:34:06.0812 3664  mfehidk - ok
10:34:06.0859 3664  [ 549DD4966BF0B1D1FC205CA0755A745B ] mfendisk        C:\WINDOWS\system32\DRIVERS\mfendisk.sys
10:34:06.0968 3664  mfendisk - ok
10:34:06.0968 3664  [ 549DD4966BF0B1D1FC205CA0755A745B ] mfendiskmp      C:\WINDOWS\system32\DRIVERS\mfendisk.sys
10:34:06.0968 3664  mfendiskmp - ok
10:34:07.0031 3664  [ C9EDA1EADA2AB6E34CD1A10C3A24AB25 ] mferkdet        C:\WINDOWS\system32\drivers\mferkdet.sys
10:34:07.0140 3664  mferkdet - ok
10:34:07.0187 3664  [ E6C5F7AADE5A31C057D73201ACFE8ADF ] mfetdi2k        C:\WINDOWS\system32\drivers\mfetdi2k.sys
10:34:07.0296 3664  mfetdi2k - ok
10:34:07.0406 3664  [ 5C1B2814EF2A6313936A111D3FD095AF ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
10:34:07.0406 3664  mfevtp - ok
10:34:07.0468 3664  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:34:07.0484 3664  mnmdd - ok
10:34:07.0546 3664  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:34:07.0562 3664  mnmsrvc - ok
10:34:07.0625 3664  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:34:07.0625 3664  Modem - ok
10:34:07.0687 3664  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:34:07.0687 3664  Mouclass - ok
10:34:07.0765 3664  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:34:07.0765 3664  mouhid - ok
10:34:07.0843 3664  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:34:07.0843 3664  MountMgr - ok
10:34:07.0953 3664  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:34:08.0062 3664  MozillaMaintenance - ok
10:34:08.0062 3664  mraid35x - ok
10:34:08.0265 3664  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:34:08.0281 3664  MRxDAV - ok
10:34:08.0375 3664  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:34:08.0390 3664  MRxSmb - ok
10:34:08.0593 3664  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:34:08.0671 3664  MSDTC - ok
10:34:08.0921 3664  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:34:08.0921 3664  Msfs - ok
10:34:08.0968 3664  MSIServer - ok
10:34:09.0046 3664  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:34:09.0062 3664  MSKSSRV - ok
10:34:09.0171 3664  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:34:09.0187 3664  MSPCLOCK - ok
10:34:09.0203 3664  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:34:09.0203 3664  MSPQM - ok
10:34:09.0265 3664  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:34:09.0281 3664  mssmbios - ok
10:34:09.0296 3664  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:34:09.0312 3664  Mup - ok
10:34:09.0343 3664  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:34:09.0375 3664  napagent - ok
10:34:09.0437 3664  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:34:09.0453 3664  NDIS - ok
10:34:09.0500 3664  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:34:09.0593 3664  NdisTapi - ok
10:34:09.0609 3664  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:34:09.0625 3664  Ndisuio - ok
10:34:09.0671 3664  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:34:09.0687 3664  NdisWan - ok
10:34:09.0734 3664  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:34:09.0734 3664  NDProxy - ok
10:34:09.0781 3664  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:34:09.0781 3664  NetBIOS - ok
10:34:09.0812 3664  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:34:09.0812 3664  NetBT - ok
10:34:09.0859 3664  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:34:09.0875 3664  NetDDE - ok
10:34:09.0875 3664  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:34:09.0875 3664  NetDDEdsdm - ok
10:34:09.0937 3664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:34:09.0937 3664  Netlogon - ok
10:34:09.0953 3664  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
10:34:09.0968 3664  Netman - ok
10:34:10.0000 3664  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:34:10.0015 3664  NetTcpPortSharing - ok
10:34:10.0062 3664  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:34:10.0062 3664  Nla - ok
10:34:10.0078 3664  NmPar - ok
10:34:10.0156 3664  [ B9730495E0CF674680121E34BD95A73B ] NPF             C:\WINDOWS\system32\drivers\NPF.sys
10:34:10.0343 3664  NPF - ok
10:34:10.0406 3664  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:34:10.0406 3664  Npfs - ok
10:34:10.0531 3664  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:34:10.0562 3664  Ntfs - ok
10:34:10.0578 3664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:34:10.0578 3664  NtLmSsp - ok
10:34:10.0734 3664  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:34:10.0765 3664  NtmsSvc - ok
10:34:10.0875 3664  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:34:10.0875 3664  Null - ok
10:34:10.0906 3664  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:34:11.0031 3664  NwlnkFlt - ok
10:34:11.0062 3664  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:34:11.0125 3664  NwlnkFwd - ok
10:34:11.0250 3664  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:34:11.0796 3664  ose - ok
10:34:11.0843 3664  Par1284 - ok
10:34:11.0968 3664  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:34:11.0984 3664  Parport - ok
10:34:12.0000 3664  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:34:12.0015 3664  PartMgr - ok
10:34:12.0031 3664  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:34:12.0031 3664  ParVdm - ok
10:34:12.0031 3664  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:34:12.0046 3664  PCI - ok
10:34:12.0093 3664  PCIDump - ok
10:34:12.0171 3664  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:34:12.0187 3664  PCIIde - ok
10:34:12.0234 3664  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:34:12.0250 3664  Pcmcia - ok
10:34:12.0265 3664  PDCOMP - ok
10:34:12.0265 3664  PDFRAME - ok
10:34:12.0281 3664  PDRELI - ok
10:34:12.0296 3664  PDRFRAME - ok
10:34:12.0328 3664  perc2 - ok
10:34:12.0343 3664  perc2hib - ok
10:34:12.0406 3664  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:34:12.0437 3664  PlugPlay - ok
10:34:12.0468 3664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:34:12.0468 3664  PolicyAgent - ok
10:34:12.0609 3664  [ C3B2DB58A8891481360DF811F8B22DF1 ] portenum        C:\WINDOWS\system32\DRIVERS\portenum.sys
10:34:12.0718 3664  portenum - ok
10:34:12.0750 3664  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:34:12.0765 3664  PptpMiniport - ok
10:34:12.0781 3664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:34:12.0781 3664  ProtectedStorage - ok
10:34:12.0796 3664  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:34:12.0796 3664  PSched - ok
10:34:12.0859 3664  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:34:12.0859 3664  Ptilink - ok
10:34:12.0875 3664  ql1080 - ok
10:34:12.0875 3664  Ql10wnt - ok
10:34:12.0890 3664  ql12160 - ok
10:34:12.0906 3664  ql1240 - ok
10:34:12.0921 3664  ql1280 - ok
10:34:12.0937 3664  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:34:12.0953 3664  RasAcd - ok
10:34:13.0000 3664  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:34:13.0015 3664  RasAuto - ok
10:34:13.0046 3664  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:34:13.0046 3664  Rasl2tp - ok
10:34:13.0078 3664  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:34:13.0078 3664  RasMan - ok
10:34:13.0156 3664  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:34:13.0171 3664  RasPppoe - ok
10:34:13.0187 3664  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:34:13.0187 3664  Raspti - ok
10:34:13.0281 3664  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:34:13.0296 3664  Rdbss - ok
10:34:13.0359 3664  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:34:13.0359 3664  RDPCDD - ok
10:34:13.0421 3664  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:34:13.0421 3664  RDPWD - ok
10:34:13.0531 3664  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:34:13.0531 3664  RDSessMgr - ok
10:34:13.0625 3664  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:34:13.0625 3664  redbook - ok
10:34:13.0718 3664  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:34:13.0765 3664  RemoteAccess - ok
10:34:13.0812 3664  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:34:13.0812 3664  RpcLocator - ok
10:34:13.0843 3664  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
10:34:13.0859 3664  RpcSs - ok
10:34:13.0937 3664  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:34:13.0953 3664  RSVP - ok
10:34:14.0031 3664  [ EF884D84975C2D2F0EC00C0ABB2923BE ] SAiDownloader   C:\WINDOWS\system32\SAiDownloader.exe
10:34:14.0031 3664  SAiDownloader - ok
10:34:14.0078 3664  [ 626FF246CAEB4761978FF3A0790B97B2 ] SAiLicSvr       C:\WINDOWS\system32\SAiLicSvr.exe
10:34:14.0093 3664  SAiLicSvr - ok
10:34:14.0156 3664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:34:14.0156 3664  SamSs - ok
10:34:14.0203 3664  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:34:14.0203 3664  SASDIFSV - ok
10:34:14.0218 3664  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:34:14.0234 3664  SASKUTIL - ok
10:34:14.0265 3664  [ C1AE5D1F53285D79A0B73A62AF20734F ] SBRE            C:\WINDOWS\system32\drivers\SBREdrv.sys
10:34:14.0468 3664  SBRE - ok
10:34:14.0578 3664  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:34:14.0578 3664  SCardSvr - ok
10:34:14.0640 3664  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:34:14.0656 3664  Schedule - ok
10:34:14.0687 3664  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:34:14.0687 3664  Secdrv - ok
10:34:14.0718 3664  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:34:14.0718 3664  seclogon - ok
10:34:14.0921 3664  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt         C:\WINDOWS\system32\drivers\senfilt.sys
10:34:14.0921 3664  senfilt - ok
10:34:14.0937 3664  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
10:34:14.0937 3664  SENS - ok
10:34:14.0953 3664  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:34:14.0968 3664  serenum - ok
10:34:15.0000 3664  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:34:15.0015 3664  Serial - ok
10:34:15.0093 3664  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:34:15.0093 3664  Sfloppy - ok
10:34:15.0125 3664  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:34:15.0125 3664  ShellHWDetection - ok
10:34:15.0140 3664  Simbad - ok
10:34:15.0171 3664  [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
10:34:15.0171 3664  smwdm - ok
10:34:15.0218 3664  [ 8D4A96868AE13C3CF8425B383B59D802 ] SNTNLUSB        C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
10:34:15.0312 3664  SNTNLUSB - ok
10:34:15.0312 3664  Sparrow - ok
10:34:15.0406 3664  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:34:15.0406 3664  splitter - ok
10:34:15.0453 3664  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:34:15.0453 3664  Spooler - ok
10:34:15.0515 3664  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:34:15.0531 3664  sr - ok
10:34:15.0625 3664  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:34:15.0640 3664  srservice - ok
10:34:15.0687 3664  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:34:15.0687 3664  Srv - ok
10:34:15.0765 3664  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:34:15.0812 3664  SSDPSRV - ok
10:34:15.0843 3664  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:34:15.0859 3664  stisvc - ok
10:34:15.0890 3664  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys

OK, will do.

Last Lines of TDSS

 

10:37:32.0156 2528  [ 1E0BE34388EAE50753DBA528474DC9D5 ] C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll
10:37:32.0156 2528  C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll - ok
10:37:32.0171 2528  [ 96A6697BE287BE007B8307BA35175551 ] C:\PROGRA~1\McAfee\SITEAD~1\mcbrwctl.dll
10:37:32.0171 2528  C:\PROGRA~1\McAfee\SITEAD~1\mcbrwctl.dll - ok
10:37:32.0171 2528  [ 8144C9367EA8C8176A7E9C6BD15A0179 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzimc10.dll
10:37:32.0171 2528  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzimc10.dll - ok
10:37:32.0171 2528  [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
10:37:32.0171 2528  C:\WINDOWS\system32\d3d9.dll - ok
10:37:32.0187 2528  [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
10:37:32.0187 2528  C:\WINDOWS\system32\d3d8thk.dll - ok
10:37:32.0187 2528  [ 5E6F953ADF328787A72E1A66781B4F1B ] C:\PROGRA~1\McAfee\MSC\mcmispps.dll
10:37:32.0187 2528  C:\PROGRA~1\McAfee\MSC\mcmispps.dll - ok
10:37:32.0203 2528  [ 38A834E92B90146C4CB0154B23CD9538 ] C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe
10:37:32.0203 2528  C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe - ok
10:37:32.0203 2528  ============================================================
10:37:32.0203 2528  Scan finished
10:37:32.0203 2528  ============================================================
10:37:32.0218 3508  Detected object count: 1
10:37:32.0218 3508  Actual detected object count: 1
10:37:36.0171 3508  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:37:36.0171 3508  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:37:39.0578 0776  Deinitialize success
 

Launch TDSSkiller again and to select DELETE for TDSSFilesystem

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

• Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  For instructions with screenshots, please refer to this Guide.
• When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
• Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
• If an update is found, the program will automatically update itself. Press the OK button and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
• Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
• Click on the Scan button.
• When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked and then click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
• Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

• Please download MiniToolBox, save it to your desktop
• Please close any Firefox browsers you may have open
  
• Double click the icon to launch the program
  
• Make sure the following options are checked:
  
  
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
• Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
• Please copy and paste the contents in your reply

===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

• Make sure the following options are checked:
  
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

• Please download AdwCleaner by Xplode onto your desktop.
• Double click on AdwCleaner.exe, select OK, then Run
• Click on DELETE
• A logfile will automatically open after the scan has finished
• Copy and paste the contents in your reply
• You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


Junkware Removal Tooll by thisisu

-------------------

• Please download Junkware Removal Tool and save it to your desktop.
• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
• Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
• Please allow the program time to run
• Once completed a Notepad document will open on your desktop
• Copy and paste the contents in your reply

===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

• Link 1
• Link 2
• Link 3
• Link 4

• In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.

• Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  
  • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
• An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
• Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
• If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================


Autoruns

--------------------

• Please download AutoRuns and save it to your desktop
• Double click the AutoRuns.zip folder
• Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
• Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
• Double click on the text file,copy and paste the contents in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment.

• Malwarebytes log
• MiniToolBox log
• Farbar's Service Scanner log
• AdwCleaner log
• Junkware Removal Tool log
• Rkill log
• Autoruns log

 

I don't have that option for TDSS, should I just un-select the TDLFS file system option?

Move to next scan