Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus?


  • Please log in to reply
7 replies to this topic

#1 Xactly

Xactly

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 03 October 2011 - 02:49 AM

Hello, this is my first time posting on Bleeping Computer. I have done some snoopin around on the website and am still not exactly clear where I should put this post and or what to do next.

I recently got some sort of redirect virus that redirects me when I click on a link provided by a search engine. I have seen many posts that require logs, is this something that I should do?

I apologize for the lack of knowledge, but I would really like some help if it would be possible.

Thank you for your time.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 AM

Posted 03 October 2011 - 07:20 AM

Welcome to BC Xactly

This is the proper forum to get started. However, depending on your infection and what log we need to see, you may be directed to another forum where more powerful tools are required.

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Change parameters.
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.
  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.


Step 7 instructs you to scan your computer using Malwarebytes Anti-Malware.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware as you may need to rename it or use RKill by Grinler.


Note: Some infections will alter the Proxy settings in Internet Explorer which can affect your ability to browse, update or download tools required for disinfection. If you are experiencing such a problem, check those settings. To do that, please refer to Steps 4-7 under the section Automated Removal Instructions in this guide. If using FireFox, refer to these instructions to check and configure Proxy Settings under the Connection Settings Dialog.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Xactly

Xactly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 03 October 2011 - 08:58 PM

Thank you for the fast response. I will get to this asap.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 AM

Posted 04 October 2011 - 06:44 AM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Xactly

Xactly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 11 October 2011 - 12:11 AM

Hello, I know it has been awhile but I finally got around to running TDSSKiller.

When trying to right click the program my window would freeze and I would never be allowed to see the new list of options upon right clicking. Eventually, and I don't know why, the window popped up and I ran the program.

Everything went smoothly until I got to the step where I was supposed to upload the suspicious files in the file to scan box. I did not understand this step fully, as I did not see any box or way to navigate through the program.

Here is the report given by the program, hope it helps.

22:06:08.0980 4660 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
22:06:09.0635 4660 ============================================================
22:06:09.0635 4660 Current date / time: 2011/10/10 22:06:09.0635
22:06:09.0635 4660 SystemInfo:
22:06:09.0635 4660
22:06:09.0635 4660 OS Version: 6.0.6002 ServicePack: 2.0
22:06:09.0635 4660 Product type: Workstation
22:06:09.0635 4660 ComputerName: MAX-PC
22:06:09.0651 4660 UserName: Max
22:06:09.0651 4660 Windows directory: C:\Windows
22:06:09.0651 4660 System windows directory: C:\Windows
22:06:09.0651 4660 Processor architecture: Intel x86
22:06:09.0651 4660 Number of processors: 2
22:06:09.0651 4660 Page size: 0x1000
22:06:09.0651 4660 Boot type: Normal boot
22:06:09.0651 4660 ============================================================
22:06:10.0431 4660 Initialize success
22:06:17.0981 5960 ============================================================
22:06:17.0981 5960 Scan started
22:06:17.0981 5960 Mode: Manual; SigCheck; TDLFS;
22:06:17.0981 5960 ============================================================
22:06:18.0309 5960 33a0b008 - ok
22:06:18.0496 5960 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:06:18.0605 5960 ACPI - ok
22:06:18.0715 5960 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:06:18.0746 5960 adp94xx - ok
22:06:18.0808 5960 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:06:18.0824 5960 adpahci - ok
22:06:18.0855 5960 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:06:18.0871 5960 adpu160m - ok
22:06:18.0902 5960 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:06:18.0917 5960 adpu320 - ok
22:06:19.0120 5960 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:06:19.0136 5960 AFD - ok
22:06:19.0214 5960 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:06:19.0229 5960 agp440 - ok
22:06:19.0307 5960 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:06:19.0323 5960 aic78xx - ok
22:06:19.0401 5960 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:06:19.0417 5960 aliide - ok
22:06:19.0479 5960 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:06:19.0495 5960 amdagp - ok
22:06:19.0510 5960 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:06:19.0526 5960 amdide - ok
22:06:19.0557 5960 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:06:19.0588 5960 AmdK7 - ok
22:06:19.0619 5960 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:06:19.0651 5960 AmdK8 - ok
22:06:19.0697 5960 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:06:19.0775 5960 ApfiltrService - ok
22:06:19.0869 5960 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:06:19.0869 5960 arc - ok
22:06:19.0963 5960 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:06:19.0978 5960 arcsas - ok
22:06:20.0025 5960 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:06:20.0056 5960 AsyncMac - ok
22:06:20.0087 5960 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:06:20.0103 5960 atapi - ok
22:06:20.0165 5960 BCM42RLY - ok
22:06:20.0275 5960 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:06:20.0321 5960 BCM43XX - ok
22:06:20.0446 5960 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:06:20.0477 5960 Beep - ok
22:06:20.0524 5960 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:06:20.0540 5960 blbdrive - ok
22:06:20.0602 5960 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:06:20.0618 5960 bowser - ok
22:06:20.0665 5960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:06:20.0680 5960 BrFiltLo - ok
22:06:20.0711 5960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:06:20.0727 5960 BrFiltUp - ok
22:06:20.0774 5960 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:06:20.0821 5960 Brserid - ok
22:06:20.0852 5960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:06:20.0899 5960 BrSerWdm - ok
22:06:20.0945 5960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:06:20.0992 5960 BrUsbMdm - ok
22:06:21.0008 5960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:06:21.0055 5960 BrUsbSer - ok
22:06:21.0117 5960 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:06:21.0164 5960 BTHMODEM - ok
22:06:21.0257 5960 catchme - ok
22:06:21.0304 5960 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:06:21.0320 5960 cdfs - ok
22:06:21.0382 5960 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:06:21.0413 5960 cdrom - ok
22:06:21.0476 5960 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\Windows\system32\drivers\cfwids.sys
22:06:21.0491 5960 cfwids - ok
22:06:21.0554 5960 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:06:21.0569 5960 circlass - ok
22:06:21.0616 5960 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:06:21.0632 5960 CLFS - ok
22:06:21.0710 5960 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:06:21.0741 5960 CmBatt - ok
22:06:21.0772 5960 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:06:21.0788 5960 cmdide - ok
22:06:21.0819 5960 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:06:21.0835 5960 Compbatt - ok
22:06:21.0866 5960 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:06:21.0881 5960 crcdisk - ok
22:06:21.0913 5960 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:06:21.0944 5960 Crusoe - ok
22:06:21.0991 5960 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:06:22.0006 5960 DfsC - ok
22:06:22.0084 5960 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:06:22.0084 5960 disk - ok
22:06:22.0162 5960 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:06:22.0193 5960 Dot4 - ok
22:06:22.0225 5960 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:06:22.0256 5960 Dot4Print - ok
22:06:22.0287 5960 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:06:22.0318 5960 dot4usb - ok
22:06:22.0365 5960 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:06:22.0381 5960 drmkaud - ok
22:06:22.0459 5960 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:06:22.0490 5960 DXGKrnl - ok
22:06:22.0568 5960 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
22:06:22.0599 5960 e1express - ok
22:06:22.0661 5960 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:06:22.0677 5960 E1G60 - ok
22:06:22.0739 5960 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:06:22.0755 5960 Ecache - ok
22:06:22.0817 5960 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:06:22.0833 5960 elxstor - ok
22:06:22.0880 5960 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:06:22.0911 5960 ErrDev - ok
22:06:22.0989 5960 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:06:23.0005 5960 exfat - ok
22:06:23.0051 5960 fanio (0dd24dabb0b8c4ac0d8f2ebf0492276a) C:\Windows\system32\drivers\fanio.sys
22:06:23.0051 5960 fanio ( UnsignedFile.Multi.Generic ) - warning
22:06:23.0051 5960 fanio - detected UnsignedFile.Multi.Generic (1)
22:06:23.0083 5960 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:06:23.0098 5960 fastfat - ok
22:06:23.0129 5960 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:06:23.0192 5960 fdc - ok
22:06:23.0254 5960 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:06:23.0254 5960 FileInfo - ok
22:06:23.0285 5960 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:06:23.0317 5960 Filetrace - ok
22:06:23.0410 5960 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:06:23.0441 5960 flpydisk - ok
22:06:23.0473 5960 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:06:23.0488 5960 FltMgr - ok
22:06:23.0551 5960 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:06:23.0582 5960 Fs_Rec - ok
22:06:23.0613 5960 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:06:23.0613 5960 gagp30kx - ok
22:06:23.0644 5960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:06:23.0660 5960 GEARAspiWDM - ok
22:06:23.0738 5960 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:06:23.0785 5960 HdAudAddService - ok
22:06:23.0831 5960 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:06:23.0863 5960 HDAudBus - ok
22:06:23.0894 5960 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:06:23.0941 5960 HidBth - ok
22:06:23.0956 5960 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:06:24.0003 5960 HidIr - ok
22:06:24.0065 5960 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:06:24.0097 5960 HidUsb - ok
22:06:24.0128 5960 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:06:24.0143 5960 HpCISSs - ok
22:06:24.0237 5960 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:06:24.0253 5960 HTTP - ok
22:06:24.0299 5960 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:06:24.0299 5960 i2omp - ok
22:06:24.0362 5960 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:06:24.0393 5960 i8042prt - ok
22:06:24.0487 5960 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) C:\Windows\system32\drivers\ianvstor.sys
22:06:24.0518 5960 iaNvStor - ok
22:06:24.0580 5960 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
22:06:24.0596 5960 iaStor - ok
22:06:24.0627 5960 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:06:24.0627 5960 iaStorV - ok
22:06:24.0674 5960 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:06:24.0689 5960 iirsp - ok
22:06:24.0736 5960 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
22:06:24.0752 5960 intelide - ok
22:06:24.0767 5960 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:06:24.0799 5960 intelppm - ok
22:06:24.0877 5960 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:06:24.0908 5960 IpFilterDriver - ok
22:06:24.0923 5960 IpInIp - ok
22:06:24.0955 5960 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:06:24.0986 5960 IPMIDRV - ok
22:06:25.0017 5960 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:06:25.0048 5960 IPNAT - ok
22:06:25.0111 5960 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:06:25.0126 5960 IRENUM - ok
22:06:25.0173 5960 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:06:25.0189 5960 isapnp - ok
22:06:25.0251 5960 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:06:25.0267 5960 iScsiPrt - ok
22:06:25.0313 5960 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:06:25.0329 5960 iteatapi - ok
22:06:25.0391 5960 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:06:25.0407 5960 iteraid - ok
22:06:25.0469 5960 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:06:25.0485 5960 kbdclass - ok
22:06:25.0501 5960 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:06:25.0532 5960 kbdhid - ok
22:06:25.0579 5960 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:06:25.0594 5960 KSecDD - ok
22:06:25.0657 5960 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:06:25.0672 5960 LHidFilt - ok
22:06:25.0703 5960 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:06:25.0735 5960 lltdio - ok
22:06:25.0781 5960 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:06:25.0781 5960 LMouFilt - ok
22:06:25.0828 5960 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:06:25.0844 5960 LSI_FC - ok
22:06:25.0859 5960 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:06:25.0875 5960 LSI_SAS - ok
22:06:25.0906 5960 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:06:25.0922 5960 LSI_SCSI - ok
22:06:25.0953 5960 LTXMD_VAC (834098ee53663043e94f51d8b8e2cb0e) C:\Windows\system32\drivers\lmvac.sys
22:06:25.0969 5960 LTXMD_VAC - ok
22:06:26.0000 5960 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:06:26.0031 5960 luafv - ok
22:06:26.0078 5960 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
22:06:26.0078 5960 LUsbFilt - ok
22:06:26.0187 5960 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:06:26.0203 5960 megasas - ok
22:06:26.0234 5960 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:06:26.0265 5960 MegaSR - ok
22:06:26.0312 5960 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\Windows\system32\drivers\mfeapfk.sys
22:06:26.0327 5960 mfeapfk - ok
22:06:26.0359 5960 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\Windows\system32\drivers\mfeavfk.sys
22:06:26.0374 5960 mfeavfk - ok
22:06:26.0405 5960 mfeavfk01 - ok
22:06:26.0452 5960 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\Windows\system32\drivers\mfebopk.sys
22:06:26.0468 5960 mfebopk - ok
22:06:26.0561 5960 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\Windows\system32\drivers\mfefirek.sys
22:06:26.0624 5960 mfefirek - ok
22:06:26.0671 5960 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\Windows\system32\drivers\mfehidk.sys
22:06:26.0686 5960 mfehidk - ok
22:06:26.0733 5960 mfenlfk (3f9c3147c904fb4377ede0d9df06c789) C:\Windows\system32\DRIVERS\mfenlfk.sys
22:06:26.0733 5960 mfenlfk - ok
22:06:26.0764 5960 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\Windows\system32\drivers\mferkdet.sys
22:06:26.0764 5960 mferkdet - ok
22:06:26.0795 5960 mfewfpk (991069f1e220842c5f9742f6ec4b40a8) C:\Windows\system32\drivers\mfewfpk.sys
22:06:26.0811 5960 mfewfpk - ok
22:06:26.0858 5960 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:06:26.0873 5960 Modem - ok
22:06:26.0920 5960 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:06:26.0951 5960 monitor - ok
22:06:26.0983 5960 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
22:06:26.0998 5960 motmodem - ok
22:06:27.0029 5960 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:06:27.0029 5960 mouclass - ok
22:06:27.0061 5960 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:06:27.0092 5960 mouhid - ok
22:06:27.0107 5960 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:06:27.0123 5960 MountMgr - ok
22:06:27.0154 5960 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:06:27.0170 5960 mpio - ok
22:06:27.0201 5960 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:06:27.0232 5960 mpsdrv - ok
22:06:27.0263 5960 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:06:27.0279 5960 Mraid35x - ok
22:06:27.0295 5960 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:06:27.0310 5960 MRxDAV - ok
22:06:27.0357 5960 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:06:27.0373 5960 mrxsmb - ok
22:06:27.0388 5960 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:06:27.0404 5960 mrxsmb10 - ok
22:06:27.0451 5960 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:06:27.0451 5960 mrxsmb20 - ok
22:06:27.0482 5960 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:06:27.0497 5960 msahci - ok
22:06:27.0544 5960 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:06:27.0560 5960 msdsm - ok
22:06:27.0607 5960 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:06:27.0622 5960 Msfs - ok
22:06:27.0669 5960 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:06:27.0685 5960 msisadrv - ok
22:06:27.0716 5960 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:06:27.0731 5960 MSKSSRV - ok
22:06:27.0778 5960 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:06:27.0809 5960 MSPCLOCK - ok
22:06:27.0841 5960 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:06:27.0856 5960 MSPQM - ok
22:06:27.0887 5960 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:06:27.0903 5960 MsRPC - ok
22:06:27.0919 5960 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:06:27.0934 5960 mssmbios - ok
22:06:27.0965 5960 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:06:27.0997 5960 MSTEE - ok
22:06:28.0028 5960 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:06:28.0043 5960 Mup - ok
22:06:28.0106 5960 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:06:28.0121 5960 NativeWifiP - ok
22:06:28.0153 5960 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:06:28.0168 5960 NDIS - ok
22:06:28.0199 5960 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:06:28.0215 5960 NdisTapi - ok
22:06:28.0231 5960 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:06:28.0262 5960 Ndisuio - ok
22:06:28.0309 5960 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:06:28.0324 5960 NdisWan - ok
22:06:28.0340 5960 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:06:28.0371 5960 NDProxy - ok
22:06:28.0418 5960 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:06:28.0433 5960 NetBIOS - ok
22:06:28.0496 5960 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:06:28.0511 5960 netbt - ok
22:06:28.0558 5960 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:06:28.0574 5960 nfrd960 - ok
22:06:28.0605 5960 NPF (d21fee8db254ba762656878168ac1db6) C:\Windows\system32\drivers\npf.sys
22:06:28.0621 5960 NPF ( UnsignedFile.Multi.Generic ) - warning
22:06:28.0621 5960 NPF - detected UnsignedFile.Multi.Generic (1)
22:06:28.0636 5960 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:06:28.0667 5960 Npfs - ok
22:06:28.0714 5960 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
22:06:28.0761 5960 NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning
22:06:28.0761 5960 NPPTNT2 - detected UnsignedFile.Multi.Generic (1)
22:06:28.0792 5960 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:06:28.0823 5960 nsiproxy - ok
22:06:28.0870 5960 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:06:28.0917 5960 Ntfs - ok
22:06:28.0948 5960 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:06:28.0995 5960 ntrigdigi - ok
22:06:29.0026 5960 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:06:29.0057 5960 Null - ok
22:06:29.0432 5960 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:06:29.0806 5960 nvlddmkm - ok
22:06:29.0837 5960 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:06:29.0853 5960 nvraid - ok
22:06:29.0884 5960 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:06:29.0884 5960 nvstor - ok
22:06:29.0931 5960 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:06:29.0947 5960 nv_agp - ok
22:06:29.0962 5960 NwlnkFlt - ok
22:06:29.0978 5960 NwlnkFwd - ok
22:06:30.0025 5960 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
22:06:30.0040 5960 OEM02Dev - ok
22:06:30.0056 5960 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
22:06:30.0071 5960 OEM02Vfx - ok
22:06:30.0118 5960 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:06:30.0134 5960 ohci1394 - ok
22:06:30.0165 5960 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:06:30.0212 5960 Parport - ok
22:06:30.0227 5960 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:06:30.0243 5960 partmgr - ok
22:06:30.0274 5960 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:06:30.0305 5960 Parvdm - ok
22:06:30.0352 5960 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:06:30.0368 5960 pci - ok
22:06:30.0399 5960 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:06:30.0415 5960 pciide - ok
22:06:30.0446 5960 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:06:30.0461 5960 pcmcia - ok
22:06:30.0508 5960 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:06:30.0586 5960 PEAUTH - ok
22:06:30.0680 5960 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:06:30.0711 5960 PptpMiniport - ok
22:06:30.0742 5960 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:06:30.0773 5960 Processor - ok
22:06:30.0805 5960 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:06:30.0836 5960 PSched - ok
22:06:30.0851 5960 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
22:06:30.0867 5960 PxHelp20 - ok
22:06:30.0929 5960 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:06:30.0992 5960 ql2300 - ok
22:06:31.0023 5960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:06:31.0039 5960 ql40xx - ok
22:06:31.0070 5960 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:06:31.0085 5960 QWAVEdrv - ok
22:06:31.0179 5960 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
22:06:31.0273 5960 R300 - ok
22:06:31.0304 5960 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:06:31.0335 5960 RasAcd - ok
22:06:31.0351 5960 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:06:31.0382 5960 Rasl2tp - ok
22:06:31.0413 5960 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:06:31.0429 5960 RasPppoe - ok
22:06:31.0460 5960 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:06:31.0475 5960 RasSstp - ok
22:06:31.0522 5960 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:06:31.0538 5960 rdbss - ok
22:06:31.0569 5960 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:06:31.0600 5960 RDPCDD - ok
22:06:31.0631 5960 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:06:31.0663 5960 rdpdr - ok
22:06:31.0678 5960 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:06:31.0694 5960 RDPENCDD - ok
22:06:31.0741 5960 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:06:31.0756 5960 RDPWD - ok
22:06:31.0803 5960 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:06:31.0819 5960 rimmptsk - ok
22:06:31.0834 5960 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:06:31.0850 5960 rimsptsk - ok
22:06:31.0865 5960 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:06:31.0881 5960 rismxdp - ok
22:06:31.0928 5960 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:06:31.0959 5960 rspndr - ok
22:06:31.0975 5960 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:06:31.0990 5960 sbp2port - ok
22:06:32.0021 5960 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
22:06:32.0037 5960 sdbus - ok
22:06:32.0053 5960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:06:32.0099 5960 secdrv - ok
22:06:32.0131 5960 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:06:32.0177 5960 Serenum - ok
22:06:32.0209 5960 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:06:32.0255 5960 Serial - ok
22:06:32.0271 5960 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:06:32.0302 5960 sermouse - ok
22:06:32.0349 5960 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
22:06:32.0365 5960 sffdisk - ok
22:06:32.0396 5960 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:06:32.0427 5960 sffp_mmc - ok
22:06:32.0443 5960 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:06:32.0474 5960 sffp_sd - ok
22:06:32.0521 5960 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:06:32.0552 5960 sfloppy - ok
22:06:32.0599 5960 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:06:32.0614 5960 sisagp - ok
22:06:32.0661 5960 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:06:32.0661 5960 SiSRaid2 - ok
22:06:32.0692 5960 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:06:32.0708 5960 SiSRaid4 - ok
22:06:32.0739 5960 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:06:32.0755 5960 Smb - ok
22:06:32.0801 5960 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:06:32.0801 5960 spldr - ok
22:06:32.0864 5960 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:06:32.0879 5960 srv - ok
22:06:32.0911 5960 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:06:32.0926 5960 srv2 - ok
22:06:32.0942 5960 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:06:32.0957 5960 srvnet - ok
22:06:33.0020 5960 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
22:06:33.0035 5960 STHDA - ok
22:06:33.0082 5960 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:06:33.0098 5960 swenum - ok
22:06:33.0129 5960 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:06:33.0145 5960 Symc8xx - ok
22:06:33.0176 5960 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:06:33.0191 5960 Sym_hi - ok
22:06:33.0207 5960 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:06:33.0223 5960 Sym_u3 - ok
22:06:33.0254 5960 tclondrv - ok
22:06:33.0316 5960 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
22:06:33.0379 5960 Tcpip - ok
22:06:33.0441 5960 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
22:06:33.0472 5960 Tcpip6 - ok
22:06:33.0503 5960 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:06:33.0535 5960 tcpipreg - ok
22:06:33.0581 5960 TcUsb (a54b8fc62db00c018eafafb47d00511e) C:\Windows\system32\Drivers\tcusb.sys
22:06:33.0675 5960 TcUsb - ok
22:06:33.0706 5960 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:06:33.0737 5960 TDPIPE - ok
22:06:33.0769 5960 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:06:33.0800 5960 TDTCP - ok
22:06:33.0815 5960 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:06:33.0847 5960 tdx - ok
22:06:33.0862 5960 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:06:33.0878 5960 TermDD - ok
22:06:33.0909 5960 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:06:33.0940 5960 tssecsrv - ok
22:06:33.0971 5960 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:06:33.0987 5960 tunmp - ok
22:06:34.0003 5960 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:06:34.0018 5960 tunnel - ok
22:06:34.0049 5960 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:06:34.0065 5960 uagp35 - ok
22:06:34.0096 5960 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:06:34.0112 5960 udfs - ok
22:06:34.0143 5960 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:06:34.0159 5960 uliagpkx - ok
22:06:34.0174 5960 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:06:34.0190 5960 uliahci - ok
22:06:34.0205 5960 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:06:34.0221 5960 UlSata - ok
22:06:34.0237 5960 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:06:34.0237 5960 ulsata2 - ok
22:06:34.0268 5960 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:06:34.0299 5960 umbus - ok
22:06:34.0330 5960 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
22:06:34.0361 5960 UMPass - ok
22:06:34.0408 5960 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
22:06:34.0408 5960 USBAAPL - ok
22:06:34.0439 5960 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:06:34.0471 5960 usbaudio - ok
22:06:34.0517 5960 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:06:34.0533 5960 usbccgp - ok
22:06:34.0549 5960 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:06:34.0595 5960 usbcir - ok
22:06:34.0627 5960 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:06:34.0658 5960 usbehci - ok
22:06:34.0673 5960 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:06:34.0705 5960 usbhub - ok
22:06:34.0736 5960 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:06:34.0783 5960 usbohci - ok
22:06:34.0814 5960 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:06:34.0829 5960 usbprint - ok
22:06:34.0861 5960 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:06:34.0876 5960 usbscan - ok
22:06:34.0907 5960 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:06:34.0923 5960 USBSTOR - ok
22:06:34.0954 5960 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:06:34.0970 5960 usbuhci - ok
22:06:35.0001 5960 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:06:35.0032 5960 vga - ok
22:06:35.0063 5960 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:06:35.0095 5960 VgaSave - ok
22:06:35.0141 5960 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:06:35.0141 5960 viaagp - ok
22:06:35.0173 5960 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:06:35.0204 5960 ViaC7 - ok
22:06:35.0251 5960 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:06:35.0251 5960 viaide - ok
22:06:35.0297 5960 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:06:35.0313 5960 volmgr - ok
22:06:35.0344 5960 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:06:35.0360 5960 volmgrx - ok
22:06:35.0391 5960 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:06:35.0407 5960 volsnap - ok
22:06:35.0438 5960 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:06:35.0453 5960 vsmraid - ok
22:06:35.0500 5960 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:06:35.0547 5960 WacomPen - ok
22:06:35.0563 5960 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:06:35.0594 5960 Wanarp - ok
22:06:35.0609 5960 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:06:35.0625 5960 Wanarpv6 - ok
22:06:35.0672 5960 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:06:35.0687 5960 Wd - ok
22:06:35.0734 5960 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:06:35.0750 5960 Wdf01000 - ok
22:06:35.0828 5960 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:06:35.0843 5960 WmiAcpi - ok
22:06:35.0921 5960 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:06:35.0937 5960 WpdUsb - ok
22:06:35.0984 5960 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:06:36.0015 5960 ws2ifsl - ok
22:06:36.0062 5960 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:06:36.0077 5960 WUDFRd - ok
22:06:36.0140 5960 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
22:06:36.0155 5960 yukonwlh - ok
22:06:36.0187 5960 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:06:36.0296 5960 \Device\Harddisk0\DR0 - ok
22:06:36.0327 5960 Boot (0x1200) (6c0aa10bc95d57288d22250049917fa9) \Device\Harddisk0\DR0\Partition0
22:06:36.0327 5960 \Device\Harddisk0\DR0\Partition0 - ok
22:06:36.0327 5960 Boot (0x1200) (72d59b44d49c18e1b09a31da5505d569) \Device\Harddisk0\DR0\Partition1
22:06:36.0327 5960 \Device\Harddisk0\DR0\Partition1 - ok
22:06:36.0327 5960 ============================================================
22:06:36.0327 5960 Scan finished
22:06:36.0327 5960 ============================================================
22:06:36.0343 5704 Detected object count: 3
22:06:36.0343 5704 Actual detected object count: 3
22:07:55.0466 5704 fanio ( UnsignedFile.Multi.Generic ) - skipped by user
22:07:55.0466 5704 fanio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:07:55.0466 5704 NPF ( UnsignedFile.Multi.Generic ) - skipped by user
22:07:55.0466 5704 NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:07:55.0466 5704 NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
22:07:55.0466 5704 NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Thank you in advance.

Edited by Xactly, 11 October 2011 - 12:11 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 AM

Posted 11 October 2011 - 06:55 AM

Continue with Step 7 to scan your computer using Malwarebytes Anti-Malware and post the scan results.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Xactly

Xactly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 14 October 2011 - 05:25 AM

I ran malwarebytes, found 3 trojans which were quarantined, and I thought I got rid of them. After a few more days the redirects started to come back and now they are even worse.

I also noticed that I can't update my windows either. I keep getting code error 643 whenever I try to install the update.

Could malwarebytes have worsened the problem? What would be the best course of action now?

Thank you for your time.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:18 AM

Posted 14 October 2011 - 06:17 AM

Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself or infect critical system files which cannot be cleaned. Sometimes there is an undetected hidden piece of malware such as a rootkit which protects malicious files and registry keys so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need to create and post a DDS log for further investigation.

Please read the Preparation Guide For Requesting Help.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, please reply back here with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users