Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection Issue


  • Please log in to reply
16 replies to this topic

#1 SyianZi

SyianZi

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:55 AM

Posted 04 July 2011 - 02:50 PM

I'm currently using a Toshiba Laptop, and this is a family laptop so it gets used quite frequently. A few days ago (2nd of July) I was handed this laptop by my partner with strict instructions to "FIX IT" as it was being extremely unresponsive and just wouldn't work. The start bar kept going off, a "windows scanner" kept popping up and all sorts of other stuff. I got through most of it and the laptop now stays on, works and is generally fine.

I do have one problem though which is this redirecting issue. When I'm on a search engine like google, the results come up just fine, but when I click on them, it takes me to that website for a split second before switching to another website, which then prompts a download. This happens in Altavista and Bing too. I am able to either copy the links into the address bar or simple type the website I want into the address bar and surf as I please, and clicking other hyperlinks on other pages doesn't cause me any issues at all.

I'm using Firefox 5 at the moment. I've run Malwarebytes, CCleaner, Spybot S&D, Comodo, NOD32 and SuperAntiSpyware. I can't seem to find or locate the problem. I've also tried to reset my router and check through those settings to the best of my abilities but that didn't work, however I didn't hold much hope for that as the other PC on my network can do google searches (and other search engine searches) just fine.

Any help on the matter would be greatly appriciated, I'm not sure if I am infected, however the previous virus' did change a lot of settings on my computer including hiding a bucket load of files on my pc which I had to unhide manually, so I'm unsure if this is an infection, or just a change of setting somewhere I don't know how to fix.

I look forward to hearing back soon.

System Information:

Spoiler

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:55 AM

Posted 04 July 2011 - 04:08 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 SyianZi

SyianZi
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:55 AM

Posted 04 July 2011 - 06:00 PM

Thanks for getting back to me so soon. I've done what been requested and the information will be displayed below. Hope this is fine


====Security Check Log====



Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET NOD32 Antivirus
McAfee Security Scan
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````





====Mini Tool Box====



MiniToolBox by Farbar
Ran by david (administrator) on 04-07-2011 at 22:51:05
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : suzanne-laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-DA-A4-BA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::71ee:dfab:1432:2b0f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 04 July 2011 18:34:38
Lease Expires . . . . . . . . . . : 05 July 2011 18:34:37
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 268444003
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-75-28-A9-00-1E-33-93-4C-3F
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-93-4C-3F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging google.com [209.85.146.105] with 32 bytes of data:

Reply from 209.85.146.105: bytes=32 time=51ms TTL=52

Reply from 209.85.146.105: bytes=32 time=50ms TTL=52



Ping statistics for 209.85.146.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 51ms, Average = 50ms

Server: www.routerlogin.com
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=183ms TTL=47

Reply from 209.191.122.70: bytes=32 time=180ms TTL=47



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 180ms, Maximum = 183ms, Average = 181ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=7ms TTL=128

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 2ms, Maximum = 7ms, Average = 4ms

===========================================================================
Interface List
11 ...00 21 63 da a4 ba ...... Atheros AR5007EG Wireless Network Adapter
10 ...00 1e 33 93 4c 3f ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.5 281
192.168.0.5 255.255.255.255 On-link 192.168.0.5 281
192.168.0.255 255.255.255.255 On-link 192.168.0.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::71ee:dfab:1432:2b0f/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/04/2011 04:19:57 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/04/2011 04:02:22 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/03/2011 00:44:24 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/03/2011 00:37:10 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/02/2011 07:33:45 PM) (Source: Application Hang) (User: )
Description: The program 32694008.exe version 5.3.132.965 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 444
Start Time: 01cc38e59d27e7ff
Termination Time: 0

Error: (07/02/2011 07:33:31 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19088, time stamp 0x4de07b1b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x75ff1875,
process id 0x1764, application start time 0xiexplore.exe0.

Error: (07/02/2011 06:44:48 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/02/2011 04:45:05 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\UFCH3Z31.DEFAULT\CACHE\5> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/02/2011 04:45:05 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\UFCH3Z31.DEFAULT\CACHE\5> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/02/2011 04:45:04 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\UFCH3Z31.DEFAULT\CACHE\4> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (07/04/2011 10:07:49 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2011 10:07:45 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2011 09:28:21 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2011 09:28:17 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2011 05:22:05 PM) (Source: Service Control Manager) (User: )
Description: Akamai NetSession Interface%%126

Error: (07/04/2011 04:20:35 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (07/04/2011 04:20:35 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (07/04/2011 04:20:35 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (07/04/2011 04:20:35 PM) (Source: Service Control Manager) (User: )
Description: AFD
appdrv01
cmdGuard
cmdHlp
DfsC
ehdrv
inspect
jswpslwf
MpFilter
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
SASDIFSV
SASKUTIL
Smb
spldr
tdx
Wanarpv6

Error: (07/04/2011 04:20:35 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068


Microsoft Office Sessions:
=========================

========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 53%
Total physical RAM: 1916.89 MB
Available physical RAM: 900.81 MB
Total Pagefile: 4083.05 MB
Available Pagefile: 2097.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.32 MB

======================= Partitions: =======================================

1 Drive c: (Vista) (Fixed) (Total:74.45 GB) (Free:29.96 GB) NTFS
2 Drive e: (Data) (Fixed) (Total:73.13 GB) (Free:67.58 GB) NTFS

================= Users: ==================================================

User accounts for \\SUZANNE-LAPTOP

-------------------------------------------------------------------------------
Administrator david Guest
The command completed successfully.

================= End of Users ============================================





====Malwarebytes====

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7019

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

04/07/2011 23:01:16
mbam-log-2011-07-04 (23-01-16).txt

Scan type: Quick scan
Objects scanned: 159251
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

System Information:

Spoiler

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:55 AM

Posted 04 July 2011 - 06:04 PM

You're running two AV programs, ESET NOD32 Antivirus and Microsoft Security Essentials.
One of them has to go.
Your choice.

You can also safely uninstall McAfee Security Scan, typical foistware.

I still need GMER scan.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 SyianZi

SyianZi
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:55 AM

Posted 04 July 2011 - 06:14 PM

Alright, I've kept NOD32, and removed McAfee SS, However I'm having a little trouble posting the GMER log, as it's quite large. (I'm being informed the post is (Would be) too big). Any Suggestions?

System Information:

Spoiler

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:55 AM

Posted 04 July 2011 - 06:20 PM

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

What about Microsoft Security Essentials?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 SyianZi

SyianZi
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:55 AM

Posted 04 July 2011 - 06:31 PM

Oops yeah I forgot to mention that, Microsoft Security Essentials has gone,I chose NOD32.

This is the link to the gmerlog, thanks for the tip

http://www.filedropper.com/gmerlog

I will check back on this thread in the morning, It's getting pretty late, but thank you so far.

System Information:

Spoiler

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:55 AM

Posted 04 July 2011 - 06:50 PM

You're very welcome Posted Image



====gmer====


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-04 23:51:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1652GSX rev.LV010M
Running: j9wgf2w3.exe; Driver: C:\Users\david\AppData\Local\Temp\axriykog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8CA1CE02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8CA1E3AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8CA1CFEE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8CA1C12C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8CA1CA68]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8CA1C00C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8CA1C7FC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8CA1E03C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8CA1B9F8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8CA1DA4C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8CA1C3F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8CA1CC44]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8CA1C698]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8CA1D4E8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8CA1D79C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8CA1DD44]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8CA1C35E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8CA1C584]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8D216620]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8CA1BBFC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8CA1D0FC]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 826EE89C 4 Bytes [02, CE, A1, 8C]
.text ntkrnlpa.exe!KeSetEvent + 13D 826EE8C0 8 Bytes [AA, E3, A1, 8C, EE, CF, A1, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 826EE944 4 Bytes [2C, C1, A1, 8C]
.text ntkrnlpa.exe!KeSetEvent + 1D9 826EE95C 4 Bytes [68, CA, A1, 8C]
.text ntkrnlpa.exe!KeSetEvent + 205 826EE988 4 Bytes [0C, C0, A1, 8C]
.text ...
.text kdcom.dll!KdSendPacket 80401041 367 Bytes [0B, B8, FF, FF, 00, 00, 66, ...]
.text kdcom.dll!KdRestore + 55 804011B1 9 Bytes [FF, 8B, F0, 8B, C6, E9, DB, ...]
.text kdcom.dll!KdRestore + 5F 804011BB 8 Bytes [8B, C7, 8D, 50, 02, 66, 8B, ...] {MOV EAX, EDI; LEA EDX, [EAX+0x2]; MOV CX, [EAX]}
.text kdcom.dll!KdRestore + 68 804011C4 1 Byte [C0]
.text kdcom.dll!KdRestore + 68 804011C4 102 Bytes [C0, 02, 66, 85, C9, 75, F5, ...]
.text kdcom.dll!KdRestore + CF 8040122B 59 Bytes [0F, BE, 8C, 05, 94, FE, FF, ...]
.text ...
.text kdcom.dll!KdReceivePacket + CA 804013B8 105 Bytes [00, 03, 87, 58, 0E, 00, 00, ...]
.text kdcom.dll!KdReceivePacket + 134 80401422 29 Bytes [75, 08, FF, 15, A8, 02, 40, ...]
.text kdcom.dll!KdReceivePacket + 152 80401440 16 Bytes [F0, FF, FF, 53, 6A, 00, FF, ...]
.text kdcom.dll!KdReceivePacket + 164 80401452 8 Bytes [00, 8B, 5D, F8, 89, BB, 5C, ...] {ADD [EBX-0x447607a3], CL; POP ESP; PUSH CS}
.text kdcom.dll!KdReceivePacket + 16E 8040145C 37 Bytes [89, BB, 58, 0E, 00, 00, 0F, ...]
.text ...
.text kdcom.dll!KdSendPacket + 82 804015E8 133 Bytes [22, 02, 49, 6F, 47, 65, 74, ...]
.text kdcom.dll!KdSendPacket + 108 8040166E 8 Bytes [72, 79, 54, 6F, 44, 61, 74, ...] {JB 0x7b; PUSH ESP; OUTSD ; INC ESP; POPA ; JZ 0x69}
.text kdcom.dll!KdSendPacket + 111 80401677 186 Bytes CALL ECB46881
.text kdcom.dll!KdSendPacket + 1CE 80401734 35 Bytes [08, 00, 00, 00, 08, 00, 00, ...]
.text kdcom.dll!KdSendPacket + 1F2 80401758 3 Bytes [0D, 06, 00]
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x87F5A000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x87FA3000, 0x510, 0x40000040]

---- User code sections - GMER 1.0.15 ----

[Comodo entries skipped - Broni]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdD3Transition] [804005E9] \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdD0Transition] [804005DF] \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdReceivePacket] [8040060D] \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdSendPacket] [80400631] \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdRestore] [80400619] \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdSave] [80400625] \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize0] [804005F3] \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \SystemRoot\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize1] [804005FF] \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \SystemRoot\system32\hal.dll[KDCOM.dll!KdRestore] [80400619] \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \SystemRoot\system32\kdcom.dll[HAL.dll!READ_PORT_UCHAR] FC458B08
IAT \SystemRoot\system32\kdcom.dll[HAL.dll!WRITE_PORT_UCHAR] [8B87048B] \SystemRoot\system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.)
IAT \SystemRoot\system32\kdcom.dll[HAL.dll!HalQueryRealTimeClock] C3030C55
IAT \SystemRoot\system32\kdcom.dll[HAL.dll!KdComPortInUse] 1A3A188A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [71417817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7146A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7141BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7140F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [714175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7140E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [71448395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7141DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7140FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7140FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [714071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7149CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7143C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7140D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [71406853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7140687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [71412AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Threads - GMER 1.0.15 ----

Thread System [4:224] 862620B3
Thread System [4:236] 862637FB

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\lxTiueHQRFVJQV.exe.info 140 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\~32694008 232 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\~32694008.info 114 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\~326940081 232 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\~326940081.info 192 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\~43638084 232 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\~43638084.info 114 bytes

---- EOF - GMER 1.0.15 ----

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:55 AM

Posted 04 July 2011 - 06:51 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 SyianZi

SyianZi
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:55 AM

Posted 05 July 2011 - 04:43 AM

Alright, I'm unable to get TDSSKiller to run. I've tried running as administrator too, but nothing happens.

System Information:

Spoiler

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:55 AM

Posted 05 July 2011 - 02:03 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 SyianZi

SyianZi
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:55 AM

Posted 05 July 2011 - 02:18 PM

ok I ran TDSS Fix Tool and it restarted the laptop, and then came up with a box saying ***Infected MBR Detected Which then was repaired. I'll run TDSSKiller now.

System Information:

Spoiler

#13 SyianZi

SyianZi
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:55 AM

Posted 05 July 2011 - 02:25 PM

2011/07/05 20:23:18.0873 5516 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/05 20:23:20.0886 5516 ================================================================================
2011/07/05 20:23:20.0886 5516 SystemInfo:
2011/07/05 20:23:20.0886 5516
2011/07/05 20:23:20.0886 5516 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/05 20:23:20.0886 5516 Product type: Workstation
2011/07/05 20:23:20.0886 5516 ComputerName: SUZANNE-LAPTOP
2011/07/05 20:23:20.0886 5516 UserName: david
2011/07/05 20:23:20.0886 5516 Windows directory: C:\Windows
2011/07/05 20:23:20.0886 5516 System windows directory: C:\Windows
2011/07/05 20:23:20.0886 5516 Processor architecture: Intel x86
2011/07/05 20:23:20.0886 5516 Number of processors: 2
2011/07/05 20:23:20.0886 5516 Page size: 0x1000
2011/07/05 20:23:20.0886 5516 Boot type: Normal boot
2011/07/05 20:23:20.0886 5516 ================================================================================
2011/07/05 20:23:26.0377 5516 Initialize success
2011/07/05 20:23:51.0509 5776 ================================================================================
2011/07/05 20:23:51.0509 5776 Scan started
2011/07/05 20:23:51.0509 5776 Mode: Manual;
2011/07/05 20:23:51.0509 5776 ================================================================================
2011/07/05 20:23:53.0568 5776 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/05 20:23:53.0630 5776 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/05 20:23:53.0771 5776 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/05 20:23:53.0817 5776 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/05 20:23:53.0880 5776 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/05 20:23:54.0036 5776 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/05 20:23:54.0114 5776 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/07/05 20:23:54.0239 5776 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/05 20:23:54.0301 5776 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/05 20:23:54.0363 5776 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/05 20:23:54.0473 5776 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/05 20:23:54.0504 5776 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/05 20:23:54.0566 5776 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/05 20:23:54.0613 5776 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/05 20:23:54.0816 5776 appdrv01 (f951c27fe54e1b2b5ada9719289b4756) C:\Windows\system32\Drivers\appdrv01.sys
2011/07/05 20:23:55.0019 5776 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/05 20:23:55.0081 5776 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/05 20:23:55.0237 5776 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/05 20:23:55.0284 5776 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/05 20:23:55.0346 5776 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
2011/07/05 20:23:55.0565 5776 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/05 20:23:55.0721 5776 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/07/05 20:23:55.0799 5776 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/05 20:23:55.0923 5776 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/05 20:23:55.0986 5776 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/05 20:23:56.0033 5776 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/05 20:23:56.0111 5776 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/05 20:23:56.0189 5776 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/05 20:23:56.0235 5776 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/05 20:23:56.0267 5776 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/05 20:23:56.0345 5776 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/05 20:23:56.0423 5776 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/05 20:23:56.0516 5776 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/05 20:23:56.0563 5776 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/05 20:23:56.0688 5776 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/05 20:23:56.0766 5776 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/05 20:23:56.0875 5776 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/05 20:23:56.0953 5776 cmderd (953a3a618789cb50f682e5315012f8f4) C:\Windows\system32\DRIVERS\cmderd.sys
2011/07/05 20:23:57.0000 5776 cmdGuard (ab491f59adb3a496a6a13636767c9317) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/07/05 20:23:57.0031 5776 cmdHlp (4eca66ad76e621b8d4cf8b861a5d2ff6) C:\Windows\system32\DRIVERS\cmdhlp.sys
2011/07/05 20:23:57.0109 5776 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/05 20:23:57.0140 5776 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/05 20:23:57.0203 5776 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/05 20:23:57.0234 5776 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/05 20:23:57.0374 5776 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/05 20:23:57.0452 5776 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/05 20:23:57.0577 5776 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/05 20:23:57.0655 5776 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/05 20:23:57.0795 5776 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/05 20:23:57.0905 5776 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys
2011/07/05 20:23:58.0185 5776 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/05 20:23:58.0295 5776 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/07/05 20:23:58.0388 5776 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/05 20:23:58.0451 5776 epfwwfpr (ddb45f6371714601a43e8be38145be18) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/07/05 20:23:58.0653 5776 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/05 20:23:58.0747 5776 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/05 20:23:58.0825 5776 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/05 20:23:58.0919 5776 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/05 20:23:58.0981 5776 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/05 20:23:59.0012 5776 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/05 20:23:59.0090 5776 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/05 20:23:59.0277 5776 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/05 20:23:59.0402 5776 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/05 20:23:59.0433 5776 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/07/05 20:23:59.0480 5776 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/05 20:23:59.0574 5776 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/05 20:23:59.0667 5776 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/05 20:23:59.0730 5776 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/05 20:23:59.0761 5776 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/05 20:23:59.0870 5776 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/05 20:23:59.0917 5776 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/05 20:24:00.0026 5776 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/05 20:24:00.0151 5776 HSF_DPV (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/05 20:24:00.0229 5776 HSXHWAZL (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/07/05 20:24:00.0541 5776 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/05 20:24:00.0603 5776 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/05 20:24:00.0681 5776 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/05 20:24:00.0759 5776 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/05 20:24:00.0853 5776 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/05 20:24:00.0915 5776 inspect (f0b1f95f5864e7b52332f014ea9adc63) C:\Windows\system32\DRIVERS\inspect.sys
2011/07/05 20:24:01.0025 5776 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/05 20:24:01.0087 5776 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/05 20:24:01.0149 5776 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/05 20:24:01.0274 5776 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/05 20:24:01.0337 5776 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/05 20:24:01.0383 5776 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/05 20:24:01.0430 5776 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/05 20:24:01.0524 5776 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/05 20:24:01.0586 5776 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/05 20:24:01.0617 5776 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/05 20:24:01.0680 5776 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
2011/07/05 20:24:01.0742 5776 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/05 20:24:01.0805 5776 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/07/05 20:24:01.0867 5776 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/05 20:24:01.0976 5776 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/05 20:24:02.0054 5776 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/05 20:24:02.0117 5776 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/05 20:24:02.0148 5776 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/05 20:24:02.0195 5776 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/05 20:24:02.0257 5776 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/05 20:24:02.0351 5776 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/05 20:24:02.0413 5776 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/05 20:24:02.0444 5776 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/05 20:24:02.0538 5776 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/05 20:24:02.0616 5776 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/05 20:24:02.0678 5776 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/05 20:24:02.0709 5776 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/05 20:24:02.0772 5776 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/05 20:24:02.0803 5776 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/05 20:24:03.0146 5776 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/05 20:24:03.0193 5776 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/05 20:24:03.0255 5776 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/05 20:24:03.0302 5776 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/05 20:24:03.0427 5776 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/05 20:24:03.0739 5776 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/05 20:24:03.0989 5776 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/05 20:24:04.0035 5776 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/05 20:24:04.0098 5776 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/05 20:24:04.0145 5776 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/05 20:24:04.0285 5776 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/05 20:24:04.0347 5776 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/05 20:24:04.0394 5776 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/05 20:24:04.0457 5776 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/05 20:24:04.0550 5776 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/05 20:24:04.0581 5776 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/05 20:24:04.0613 5776 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/05 20:24:04.0706 5776 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/05 20:24:04.0815 5776 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/05 20:24:04.0862 5776 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/05 20:24:04.0893 5776 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/05 20:24:05.0003 5776 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/05 20:24:05.0034 5776 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/05 20:24:05.0112 5776 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/05 20:24:05.0205 5776 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/05 20:24:05.0299 5776 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/05 20:24:05.0361 5776 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/05 20:24:05.0408 5776 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/05 20:24:05.0517 5776 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/05 20:24:05.0595 5776 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/05 20:24:05.0689 5776 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/05 20:24:05.0736 5776 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/05 20:24:05.0767 5776 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/05 20:24:05.0845 5776 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/05 20:24:05.0939 5776 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/07/05 20:24:06.0032 5776 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/05 20:24:06.0079 5776 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/05 20:24:06.0141 5776 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/05 20:24:06.0204 5776 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/05 20:24:06.0266 5776 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/05 20:24:06.0313 5776 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/05 20:24:06.0407 5776 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/05 20:24:06.0609 5776 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/05 20:24:06.0672 5776 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/05 20:24:06.0765 5776 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/05 20:24:06.0828 5776 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/05 20:24:06.0937 5776 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/05 20:24:07.0046 5776 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/05 20:24:07.0109 5776 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/05 20:24:07.0171 5776 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/05 20:24:07.0202 5776 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/05 20:24:07.0311 5776 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/05 20:24:07.0374 5776 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/05 20:24:07.0421 5776 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/05 20:24:07.0467 5776 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/05 20:24:07.0561 5776 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/05 20:24:07.0608 5776 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/05 20:24:07.0670 5776 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/05 20:24:07.0779 5776 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/05 20:24:07.0889 5776 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/07/05 20:24:07.0967 5776 RTSTOR (01c64783db1f40e1e3df67dd36199b35) C:\Windows\system32\drivers\RTSTOR.SYS
2011/07/05 20:24:08.0185 5776 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
2011/07/05 20:24:08.0247 5776 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
2011/07/05 20:24:08.0294 5776 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
2011/07/05 20:24:08.0357 5776 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
2011/07/05 20:24:08.0450 5776 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
2011/07/05 20:24:08.0513 5776 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
2011/07/05 20:24:08.0575 5776 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
2011/07/05 20:24:08.0684 5776 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/05 20:24:08.0747 5776 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/05 20:24:08.0856 5776 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/05 20:24:08.0949 5776 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/05 20:24:09.0012 5776 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/07/05 20:24:09.0183 5776 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/05 20:24:09.0261 5776 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/05 20:24:09.0339 5776 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/05 20:24:09.0402 5776 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/05 20:24:09.0449 5776 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/05 20:24:09.0589 5776 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/05 20:24:09.0636 5776 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/05 20:24:09.0698 5776 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/05 20:24:09.0729 5776 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/05 20:24:09.0792 5776 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/05 20:24:09.0901 5776 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/05 20:24:09.0995 5776 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/05 20:24:10.0088 5776 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/05 20:24:10.0182 5776 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/05 20:24:10.0463 5776 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/05 20:24:10.0743 5776 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/07/05 20:24:10.0821 5776 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/05 20:24:10.0868 5776 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/05 20:24:10.0915 5776 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/05 20:24:10.0946 5776 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/05 20:24:11.0055 5776 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/05 20:24:11.0196 5776 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/07/05 20:24:11.0289 5776 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/05 20:24:11.0336 5776 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/05 20:24:11.0539 5776 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/07/05 20:24:11.0726 5776 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/05 20:24:11.0804 5776 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/05 20:24:11.0851 5776 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/05 20:24:11.0913 5776 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/05 20:24:12.0101 5776 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/07/05 20:24:12.0179 5776 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/05 20:24:12.0257 5776 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/05 20:24:12.0335 5776 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/05 20:24:12.0584 5776 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/07/05 20:24:12.0631 5776 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/05 20:24:12.0709 5776 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/05 20:24:12.0834 5776 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/05 20:24:12.0896 5776 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/05 20:24:12.0974 5776 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/05 20:24:13.0021 5776 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/05 20:24:13.0068 5776 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/05 20:24:13.0161 5776 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/05 20:24:13.0224 5776 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/05 20:24:13.0317 5776 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/05 20:24:13.0395 5776 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/05 20:24:13.0458 5776 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/05 20:24:13.0536 5776 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/05 20:24:13.0583 5776 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/05 20:24:13.0676 5776 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/05 20:24:13.0754 5776 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/05 20:24:13.0879 5776 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/07/05 20:24:14.0144 5776 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/05 20:24:14.0222 5776 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/05 20:24:14.0300 5776 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/05 20:24:14.0331 5776 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/05 20:24:14.0378 5776 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/05 20:24:14.0456 5776 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/05 20:24:14.0534 5776 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/05 20:24:14.0612 5776 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/05 20:24:14.0659 5776 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/05 20:24:14.0768 5776 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/05 20:24:14.0815 5776 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/05 20:24:14.0831 5776 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/05 20:24:14.0940 5776 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/05 20:24:15.0002 5776 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/05 20:24:15.0143 5776 winachsf (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/05 20:24:15.0330 5776 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/05 20:24:15.0455 5776 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/05 20:24:15.0517 5776 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/05 20:24:15.0673 5776 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/05 20:24:15.0767 5776 XAudio (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/07/05 20:24:15.0860 5776 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/07/05 20:24:16.0110 5776 ZSMC303 (b53430a93fef17b08ac3a9f245b9720f) C:\Windows\system32\Drivers\usbVM303.sys
2011/07/05 20:24:16.0188 5776 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/05 20:24:16.0235 5776 Boot (0x1200) (362079d0735a4ee5bffa400b38af7c08) \Device\Harddisk0\DR0\Partition0
2011/07/05 20:24:16.0250 5776 Boot (0x1200) (471f62b9d0a0f8dab7a6a8484d15c020) \Device\Harddisk0\DR0\Partition1
2011/07/05 20:24:16.0281 5776 Boot (0x1200) (59b1a1f4df5bf0fe124ebf3777ec46b5) \Device\Harddisk0\DR0\Partition2
2011/07/05 20:24:16.0297 5776 ================================================================================
2011/07/05 20:24:16.0297 5776 Scan finished
2011/07/05 20:24:16.0297 5776 ================================================================================
2011/07/05 20:24:16.0313 5476 Detected object count: 0
2011/07/05 20:24:16.0313 5476 Actual detected object count: 0

System Information:

Spoiler

#14 SyianZi

SyianZi
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:55 AM

Posted 05 July 2011 - 02:30 PM

Alright, I've done a few google searches and searches with bing, and things seem to have gone well, I haven't been redirected yet. Thats actually great news. I will hold out and keep a check on this over the next few days but it seems to be doing well. Would you have me do anything else to make sure? Other wise I'm very grateful.

System Information:

Spoiler

#15 jcarranco

jcarranco

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 05 July 2011 - 03:14 PM

I just want to say I was having the same problems on a computer here at work. Searches were getting redirected, tried using TDSSKiller and it wouldn't run. Downloaded FixTDSS and that was able to run, detect, and kill the rootkit. Afterwards, TDSSKiller ran fine, and came up clean. FixTDSS fixed my problem. Thanks Broni.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users