Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Get This Puppy Clean


  • This topic is locked This topic is locked
28 replies to this topic

#1 UAH Grad

UAH Grad

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 04 November 2011 - 11:43 AM

Hi,

I am working on a computer that is running Windows 7 x64 and I have ran Malwarebytes, Combofix, Spybot S&D, TDSSKiller, reset all Internet Explorer 9 to factory and I still have a browser redirect. Any Google search results that I click on redirects me to different sights and it also plays audio in the background. I am having to correspond with you guys via my personal computer as the sick one will not let me access your site. Any help would be GREATLY appreciated!!!! Here is the DDS log and I also attached the attach file.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Tracy at 11:18:39 on 2011-11-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.3346 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-system: DisableTaskMgr =
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr =
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2A12C8C1-504C-479F-BB10-5A8E7A066455} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\p0fjgo2u.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-5-25 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-5-25 128512]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-20 136176]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-20 136176]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2011-11-03 22:55:29 -------- d-----w- C:\Users\Tracy\AppData\Local\Mozilla
2011-11-03 21:04:34 -------- d-----w- C:\Windows\System32\SPReview
2011-11-03 21:04:17 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-03 20:54:08 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-03 20:54:08 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-03 20:38:21 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-03 19:14:34 98816 ----a-w- C:\Windows\sed.exe
2011-11-03 19:14:34 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-03 19:14:34 256000 ----a-w- C:\Windows\PEV.exe
2011-11-03 19:14:34 208896 ----a-w- C:\Windows\MBR.exe
2011-11-03 19:13:26 -------- d-----w- C:\ComboFix
2011-11-03 17:49:27 -------- d-----w- C:\ProgramData\Geek Squad
2011-11-03 17:04:44 -------- d-----w- C:\Program Files\Emsisoft Anti-Malware
2011-11-03 17:04:42 -------- d-----w- C:\HJT
2011-11-03 17:03:00 -------- d-----w- C:\Users\Tracy\AppData\Roaming\Malwarebytes
2011-11-03 16:58:04 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-03 16:58:00 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-03 16:58:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-25 20:48:33 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-25 20:48:33 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-07 15:46:23 -------- d-----w- C:\ProgramData\Garmin
.
==================== Find3M ====================
.
2011-11-03 21:23:57 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-11-03 21:23:56 175104 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 11:25:52.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 UAH Grad

UAH Grad
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 04 November 2011 - 12:11 PM

I forgot to mention that the computer originally had the System Restore virus and I followed the removal instructions for it and this is what remains.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 AM

Posted 05 November 2011 - 09:05 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 AM

Posted 07 November 2011 - 11:18 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 UAH Grad

UAH Grad
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 08 November 2011 - 10:57 AM

Sorry for the delay, I am only able to access this computer whenever my friend is at home and he has been away for the past couple of days. I am now running combofix and will post the results as soon as it finishes.

The only symptoms that we are experiencing at the moment are the browser hijacker....it will not allow you to surf on the Internet at all (even in safe mode). I am corresponding to you through my computer.

Thanks!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 AM

Posted 08 November 2011 - 11:06 AM

ok let me have the report when ready


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 UAH Grad

UAH Grad
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 08 November 2011 - 11:59 AM

Here are the results of the Combpfix scan....

It will not allow me to copy and paste to this forum....it says my post is too long, so I have included the results as a .txt file even though it says not to attach files.

Thanks again for all your help!!!!

Attached Files

  • Attached File  log.txt   182.27KB   2 downloads


#8 UAH Grad

UAH Grad
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 08 November 2011 - 12:03 PM

Google redirect still remains after the Combofix....

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 AM

Posted 08 November 2011 - 12:16 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 UAH Grad

UAH Grad
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 08 November 2011 - 12:52 PM

Here are the results from the tdsskiller scan....

11:50:49.0285 2908 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
11:50:49.0550 2908 ============================================================
11:50:49.0550 2908 Current date / time: 2011/11/08 11:50:49.0550
11:50:49.0550 2908 SystemInfo:
11:50:49.0550 2908
11:50:49.0566 2908 OS Version: 6.1.7600 ServicePack: 0.0
11:50:49.0566 2908 Product type: Workstation
11:50:49.0566 2908 ComputerName: GENECLECKLER-PC
11:50:49.0566 2908 UserName: Tracy
11:50:49.0566 2908 Windows directory: C:\Windows
11:50:49.0566 2908 System windows directory: C:\Windows
11:50:49.0566 2908 Running under WOW64
11:50:49.0566 2908 Processor architecture: Intel x64
11:50:49.0566 2908 Number of processors: 4
11:50:49.0566 2908 Page size: 0x1000
11:50:49.0566 2908 Boot type: Safe boot with network
11:50:49.0566 2908 ============================================================
11:50:50.0314 2908 Initialize success
11:50:52.0795 2028 ============================================================
11:50:52.0795 2028 Scan started
11:50:52.0795 2028 Mode: Manual;
11:50:52.0795 2028 ============================================================
11:50:55.0353 2028 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
11:50:55.0353 2028 1394ohci - ok
11:50:55.0384 2028 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
11:50:55.0384 2028 ACPI - ok
11:50:55.0431 2028 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
11:50:55.0431 2028 AcpiPmi - ok
11:50:55.0478 2028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:50:55.0478 2028 adp94xx - ok
11:50:55.0494 2028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:50:55.0494 2028 adpahci - ok
11:50:55.0509 2028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:50:55.0509 2028 adpu320 - ok
11:50:55.0572 2028 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
11:50:55.0587 2028 AFD - ok
11:50:55.0603 2028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:50:55.0603 2028 agp440 - ok
11:50:55.0634 2028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:50:55.0634 2028 aliide - ok
11:50:55.0665 2028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:50:55.0665 2028 amdide - ok
11:50:55.0681 2028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:50:55.0681 2028 AmdK8 - ok
11:50:55.0852 2028 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
11:50:55.0899 2028 amdkmdag - ok
11:50:55.0962 2028 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
11:50:55.0962 2028 amdkmdap - ok
11:50:55.0993 2028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:50:55.0993 2028 AmdPPM - ok
11:50:56.0008 2028 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:50:56.0008 2028 amdsata - ok
11:50:56.0024 2028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:50:56.0024 2028 amdsbs - ok
11:50:56.0040 2028 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:50:56.0040 2028 amdxata - ok
11:50:56.0071 2028 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:50:56.0071 2028 AppID - ok
11:50:56.0133 2028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:50:56.0133 2028 arc - ok
11:50:56.0149 2028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:50:56.0164 2028 arcsas - ok
11:50:56.0180 2028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:50:56.0180 2028 AsyncMac - ok
11:50:56.0227 2028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:50:56.0227 2028 atapi - ok
11:50:56.0242 2028 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
11:50:56.0242 2028 AtiHdmiService - ok
11:50:56.0398 2028 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
11:50:56.0430 2028 atikmdag - ok
11:50:56.0523 2028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:50:56.0523 2028 b06bdrv - ok
11:50:56.0570 2028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:50:56.0570 2028 b57nd60a - ok
11:50:56.0601 2028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:50:56.0601 2028 Beep - ok
11:50:56.0648 2028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:50:56.0648 2028 blbdrive - ok
11:50:56.0726 2028 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:50:56.0726 2028 bowser - ok
11:50:56.0742 2028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:50:56.0742 2028 BrFiltLo - ok
11:50:56.0757 2028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:50:56.0757 2028 BrFiltUp - ok
11:50:56.0788 2028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:50:56.0788 2028 Brserid - ok
11:50:56.0804 2028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:50:56.0804 2028 BrSerWdm - ok
11:50:56.0835 2028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:50:56.0835 2028 BrUsbMdm - ok
11:50:56.0851 2028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:50:56.0851 2028 BrUsbSer - ok
11:50:56.0866 2028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:50:56.0866 2028 BTHMODEM - ok
11:50:56.0991 2028 catchme - ok
11:50:57.0038 2028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:50:57.0038 2028 cdfs - ok
11:50:57.0069 2028 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
11:50:57.0069 2028 cdrom - ok
11:50:57.0100 2028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:50:57.0100 2028 circlass - ok
11:50:57.0132 2028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:50:57.0132 2028 CLFS - ok
11:50:57.0178 2028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:50:57.0178 2028 CmBatt - ok
11:50:57.0210 2028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:50:57.0210 2028 cmdide - ok
11:50:57.0225 2028 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
11:50:57.0225 2028 CNG - ok
11:50:57.0256 2028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:50:57.0256 2028 Compbatt - ok
11:50:57.0303 2028 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
11:50:57.0303 2028 CompositeBus - ok
11:50:57.0319 2028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:50:57.0319 2028 crcdisk - ok
11:50:57.0428 2028 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:50:57.0428 2028 DfsC - ok
11:50:57.0459 2028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:50:57.0459 2028 discache - ok
11:50:57.0490 2028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:50:57.0490 2028 Disk - ok
11:50:57.0506 2028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:50:57.0506 2028 drmkaud - ok
11:50:57.0553 2028 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:50:57.0568 2028 DXGKrnl - ok
11:50:57.0631 2028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:50:57.0646 2028 ebdrv - ok
11:50:57.0678 2028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:50:57.0678 2028 elxstor - ok
11:50:57.0740 2028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:50:57.0740 2028 ErrDev - ok
11:50:57.0756 2028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:50:57.0756 2028 exfat - ok
11:50:57.0787 2028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:50:57.0787 2028 fastfat - ok
11:50:57.0802 2028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:50:57.0802 2028 fdc - ok
11:50:57.0834 2028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:50:57.0834 2028 FileInfo - ok
11:50:57.0849 2028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:50:57.0849 2028 Filetrace - ok
11:50:57.0865 2028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:50:57.0865 2028 flpydisk - ok
11:50:57.0880 2028 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:50:57.0880 2028 FltMgr - ok
11:50:57.0896 2028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:50:57.0896 2028 FsDepends - ok
11:50:57.0912 2028 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:50:57.0912 2028 Fs_Rec - ok
11:50:57.0943 2028 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:50:57.0943 2028 fvevol - ok
11:50:57.0974 2028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:50:57.0974 2028 gagp30kx - ok
11:50:58.0005 2028 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:50:58.0005 2028 GEARAspiWDM - ok
11:50:58.0052 2028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:50:58.0052 2028 hcw85cir - ok
11:50:58.0099 2028 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:50:58.0099 2028 HdAudAddService - ok
11:50:58.0130 2028 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
11:50:58.0130 2028 HDAudBus - ok
11:50:58.0161 2028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:50:58.0161 2028 HidBatt - ok
11:50:58.0177 2028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:50:58.0177 2028 HidBth - ok
11:50:58.0192 2028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:50:58.0192 2028 HidIr - ok
11:50:58.0224 2028 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
11:50:58.0224 2028 HidUsb - ok
11:50:58.0255 2028 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
11:50:58.0255 2028 HpSAMD - ok
11:50:58.0302 2028 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:50:58.0302 2028 HTTP - ok
11:50:58.0333 2028 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:50:58.0333 2028 hwpolicy - ok
11:50:58.0380 2028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:50:58.0380 2028 i8042prt - ok
11:50:58.0411 2028 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:50:58.0411 2028 iaStorV - ok
11:50:58.0458 2028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:50:58.0458 2028 iirsp - ok
11:50:58.0520 2028 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
11:50:58.0520 2028 IntcAzAudAddService - ok
11:50:58.0536 2028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:50:58.0536 2028 intelide - ok
11:50:58.0567 2028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:50:58.0567 2028 intelppm - ok
11:50:58.0598 2028 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:50:58.0598 2028 IpFilterDriver - ok
11:50:58.0614 2028 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
11:50:58.0614 2028 IPMIDRV - ok
11:50:58.0629 2028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:50:58.0629 2028 IPNAT - ok
11:50:58.0692 2028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:50:58.0692 2028 IRENUM - ok
11:50:58.0738 2028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:50:58.0738 2028 isapnp - ok
11:50:58.0754 2028 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
11:50:58.0754 2028 iScsiPrt - ok
11:50:58.0785 2028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:50:58.0785 2028 kbdclass - ok
11:50:58.0801 2028 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
11:50:58.0801 2028 kbdhid - ok
11:50:58.0832 2028 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
11:50:58.0832 2028 KSecDD - ok
11:50:58.0863 2028 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
11:50:58.0863 2028 KSecPkg - ok
11:50:58.0894 2028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:50:58.0894 2028 ksthunk - ok
11:50:58.0941 2028 L8042Kbd (8fa5f561f8d9e9d9d0f5b9fdc92fe0fa) C:\Windows\system32\DRIVERS\L8042Kbd.sys
11:50:58.0941 2028 L8042Kbd - ok
11:50:58.0972 2028 LHidFilt (2ab5199d61f6c2bbdcaf21acb9276845) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:50:58.0972 2028 LHidFilt - ok
11:50:59.0004 2028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:50:59.0004 2028 lltdio - ok
11:50:59.0035 2028 LMouFilt (ed2fd8bbd73478cce7c707fb8103cb56) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:50:59.0035 2028 LMouFilt - ok
11:50:59.0066 2028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:50:59.0066 2028 LSI_FC - ok
11:50:59.0097 2028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:50:59.0097 2028 LSI_SAS - ok
11:50:59.0113 2028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:50:59.0113 2028 LSI_SAS2 - ok
11:50:59.0128 2028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:50:59.0128 2028 LSI_SCSI - ok
11:50:59.0160 2028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:50:59.0160 2028 luafv - ok
11:50:59.0191 2028 LUsbFilt (f425622cff9eec074be8787e74d2b6f5) C:\Windows\system32\Drivers\LUsbFilt.Sys
11:50:59.0191 2028 LUsbFilt - ok
11:50:59.0206 2028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:50:59.0206 2028 megasas - ok
11:50:59.0238 2028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:50:59.0238 2028 MegaSR - ok
11:50:59.0253 2028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:50:59.0269 2028 Modem - ok
11:50:59.0300 2028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:50:59.0300 2028 monitor - ok
11:50:59.0331 2028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:50:59.0331 2028 mouclass - ok
11:50:59.0362 2028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:50:59.0362 2028 mouhid - ok
11:50:59.0378 2028 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:50:59.0378 2028 mountmgr - ok
11:50:59.0409 2028 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
11:50:59.0409 2028 mpio - ok
11:50:59.0440 2028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:50:59.0440 2028 mpsdrv - ok
11:50:59.0456 2028 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:50:59.0456 2028 MRxDAV - ok
11:50:59.0503 2028 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:50:59.0503 2028 mrxsmb - ok
11:50:59.0550 2028 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:50:59.0550 2028 mrxsmb10 - ok
11:50:59.0565 2028 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:50:59.0565 2028 mrxsmb20 - ok
11:50:59.0581 2028 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
11:50:59.0581 2028 msahci - ok
11:50:59.0612 2028 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
11:50:59.0612 2028 msdsm - ok
11:50:59.0659 2028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:50:59.0659 2028 Msfs - ok
11:50:59.0674 2028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:50:59.0674 2028 mshidkmdf - ok
11:50:59.0690 2028 MSICDSetup - ok
11:50:59.0737 2028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:50:59.0737 2028 msisadrv - ok
11:50:59.0768 2028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:50:59.0768 2028 MSKSSRV - ok
11:50:59.0784 2028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:50:59.0784 2028 MSPCLOCK - ok
11:50:59.0799 2028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:50:59.0799 2028 MSPQM - ok
11:50:59.0815 2028 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:50:59.0815 2028 MsRPC - ok
11:50:59.0846 2028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:50:59.0846 2028 mssmbios - ok
11:50:59.0862 2028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:50:59.0862 2028 MSTEE - ok
11:50:59.0877 2028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:50:59.0877 2028 MTConfig - ok
11:50:59.0908 2028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:50:59.0908 2028 Mup - ok
11:50:59.0924 2028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:50:59.0940 2028 NativeWifiP - ok
11:50:59.0986 2028 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:51:00.0002 2028 NDIS - ok
11:51:00.0018 2028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:51:00.0018 2028 NdisCap - ok
11:51:00.0049 2028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:51:00.0049 2028 NdisTapi - ok
11:51:00.0096 2028 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:51:00.0096 2028 Ndisuio - ok
11:51:00.0111 2028 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:51:00.0111 2028 NdisWan - ok
11:51:00.0127 2028 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:51:00.0127 2028 NDProxy - ok
11:51:00.0142 2028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:51:00.0142 2028 NetBIOS - ok
11:51:00.0158 2028 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:51:00.0158 2028 NetBT - ok
11:51:00.0220 2028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:51:00.0220 2028 nfrd960 - ok
11:51:00.0267 2028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:51:00.0267 2028 Npfs - ok
11:51:00.0283 2028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:51:00.0283 2028 nsiproxy - ok
11:51:00.0595 2028 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:51:00.0595 2028 Ntfs - ok
11:51:00.0704 2028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:51:00.0704 2028 Null - ok
11:51:00.0782 2028 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:51:00.0782 2028 nvraid - ok
11:51:00.0798 2028 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:51:00.0798 2028 nvstor - ok
11:51:00.0813 2028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:51:00.0813 2028 nv_agp - ok
11:51:00.0860 2028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:51:00.0860 2028 ohci1394 - ok
11:51:00.0891 2028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:51:00.0891 2028 Parport - ok
11:51:00.0907 2028 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:51:00.0907 2028 partmgr - ok
11:51:00.0922 2028 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
11:51:00.0922 2028 pci - ok
11:51:00.0938 2028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:51:00.0938 2028 pciide - ok
11:51:00.0954 2028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:51:00.0969 2028 pcmcia - ok
11:51:00.0969 2028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:51:00.0969 2028 pcw - ok
11:51:01.0000 2028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:51:01.0000 2028 PEAUTH - ok
11:51:01.0047 2028 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:51:01.0047 2028 PptpMiniport - ok
11:51:01.0047 2028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:51:01.0063 2028 Processor - ok
11:51:01.0094 2028 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:51:01.0094 2028 Psched - ok
11:51:01.0141 2028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:51:01.0141 2028 ql2300 - ok
11:51:01.0156 2028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:51:01.0156 2028 ql40xx - ok
11:51:01.0172 2028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:51:01.0172 2028 QWAVEdrv - ok
11:51:01.0188 2028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:51:01.0188 2028 RasAcd - ok
11:51:01.0203 2028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:51:01.0219 2028 RasAgileVpn - ok
11:51:01.0219 2028 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:51:01.0219 2028 Rasl2tp - ok
11:51:01.0234 2028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:51:01.0234 2028 RasPppoe - ok
11:51:01.0266 2028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:51:01.0266 2028 RasSstp - ok
11:51:01.0281 2028 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:51:01.0281 2028 rdbss - ok
11:51:01.0297 2028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:51:01.0297 2028 rdpbus - ok
11:51:01.0312 2028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:51:01.0312 2028 RDPCDD - ok
11:51:01.0328 2028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:51:01.0328 2028 RDPENCDD - ok
11:51:01.0344 2028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:51:01.0344 2028 RDPREFMP - ok
11:51:01.0359 2028 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:51:01.0375 2028 RDPWD - ok
11:51:01.0406 2028 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:51:01.0406 2028 rdyboost - ok
11:51:01.0422 2028 RMCAST (77b3b747eb2413072b8e4306018d0c9b) C:\Windows\system32\DRIVERS\RMCAST.sys
11:51:01.0422 2028 RMCAST - ok
11:51:01.0468 2028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:51:01.0468 2028 rspndr - ok
11:51:01.0515 2028 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:51:01.0531 2028 RTL8167 - ok
11:51:01.0578 2028 s116bus (33e3b5497741e11609f5c19a4babece5) C:\Windows\system32\DRIVERS\s116bus.sys
11:51:01.0578 2028 s116bus - ok
11:51:01.0609 2028 s116mdfl (3bf42a40d618ee70c7a0194655120594) C:\Windows\system32\DRIVERS\s116mdfl.sys
11:51:01.0609 2028 s116mdfl - ok
11:51:01.0656 2028 s116mdm (1337f164c6a833ebc094c7db2e52c095) C:\Windows\system32\DRIVERS\s116mdm.sys
11:51:01.0656 2028 s116mdm - ok
11:51:01.0687 2028 s116nd5 (0fe400d90ed42b93b43c3c9f0b4fd43d) C:\Windows\system32\DRIVERS\s116nd5.sys
11:51:01.0687 2028 s116nd5 - ok
11:51:01.0734 2028 s116unic (e587b738bc7cbb094bcd041b345c9bd3) C:\Windows\system32\DRIVERS\s116unic.sys
11:51:01.0734 2028 s116unic - ok
11:51:01.0796 2028 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
11:51:01.0796 2028 sbp2port - ok
11:51:01.0812 2028 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:51:01.0812 2028 scfilter - ok
11:51:01.0843 2028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:51:01.0843 2028 secdrv - ok
11:51:01.0858 2028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:51:01.0858 2028 Serenum - ok
11:51:01.0874 2028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:51:01.0874 2028 Serial - ok
11:51:01.0921 2028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:51:01.0921 2028 sermouse - ok
11:51:01.0968 2028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:51:01.0968 2028 sffdisk - ok
11:51:01.0968 2028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:51:01.0968 2028 sffp_mmc - ok
11:51:01.0983 2028 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys
11:51:01.0983 2028 sffp_sd - ok
11:51:02.0014 2028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:51:02.0014 2028 sfloppy - ok
11:51:02.0030 2028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:51:02.0030 2028 SiSRaid2 - ok
11:51:02.0061 2028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:51:02.0061 2028 SiSRaid4 - ok
11:51:02.0092 2028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:51:02.0092 2028 Smb - ok
11:51:02.0124 2028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:51:02.0124 2028 spldr - ok
11:51:02.0170 2028 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:51:02.0170 2028 srv - ok
11:51:02.0202 2028 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:51:02.0202 2028 srv2 - ok
11:51:02.0248 2028 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:51:02.0248 2028 srvnet - ok
11:51:02.0280 2028 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
11:51:02.0280 2028 StarOpen - ok
11:51:02.0295 2028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:51:02.0295 2028 stexstor - ok
11:51:02.0326 2028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:51:02.0326 2028 swenum - ok
11:51:02.0389 2028 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
11:51:02.0404 2028 Tcpip - ok
11:51:02.0436 2028 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
11:51:02.0436 2028 TCPIP6 - ok
11:51:02.0467 2028 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:51:02.0467 2028 tcpipreg - ok
11:51:02.0482 2028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:51:02.0482 2028 TDPIPE - ok
11:51:02.0514 2028 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:51:02.0514 2028 TDTCP - ok
11:51:02.0529 2028 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:51:02.0529 2028 tdx - ok
11:51:02.0545 2028 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
11:51:02.0545 2028 TermDD - ok
11:51:02.0560 2028 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:51:02.0576 2028 tssecsrv - ok
11:51:02.0607 2028 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:51:02.0607 2028 tunnel - ok
11:51:02.0654 2028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:51:02.0654 2028 uagp35 - ok
11:51:02.0670 2028 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:51:02.0670 2028 udfs - ok
11:51:02.0716 2028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:51:02.0716 2028 uliagpkx - ok
11:51:02.0779 2028 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
11:51:02.0779 2028 umbus - ok
11:51:02.0794 2028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:51:02.0794 2028 UmPass - ok
11:51:02.0841 2028 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
11:51:02.0841 2028 USBAAPL64 - ok
11:51:02.0857 2028 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys
11:51:02.0857 2028 usbccgp - ok
11:51:02.0904 2028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:51:02.0904 2028 usbcir - ok
11:51:02.0919 2028 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
11:51:02.0919 2028 usbehci - ok
11:51:02.0966 2028 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
11:51:02.0966 2028 usbhub - ok
11:51:02.0966 2028 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
11:51:02.0966 2028 usbohci - ok
11:51:02.0982 2028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:51:02.0982 2028 usbprint - ok
11:51:03.0028 2028 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:51:03.0028 2028 usbscan - ok
11:51:03.0044 2028 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:51:03.0044 2028 USBSTOR - ok
11:51:03.0075 2028 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
11:51:03.0075 2028 usbuhci - ok
11:51:03.0091 2028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:51:03.0091 2028 vdrvroot - ok
11:51:03.0106 2028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:51:03.0106 2028 vga - ok
11:51:03.0138 2028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:51:03.0138 2028 VgaSave - ok
11:51:03.0153 2028 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
11:51:03.0169 2028 vhdmp - ok
11:51:03.0184 2028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:51:03.0184 2028 viaide - ok
11:51:03.0200 2028 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
11:51:03.0200 2028 volmgr - ok
11:51:03.0231 2028 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:51:03.0231 2028 volmgrx - ok
11:51:03.0247 2028 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
11:51:03.0247 2028 volsnap - ok
11:51:03.0294 2028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:51:03.0294 2028 vsmraid - ok
11:51:03.0309 2028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:51:03.0309 2028 vwifibus - ok
11:51:03.0325 2028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:51:03.0325 2028 WacomPen - ok
11:51:03.0356 2028 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:51:03.0356 2028 WANARP - ok
11:51:03.0372 2028 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:51:03.0387 2028 Wanarpv6 - ok
11:51:03.0465 2028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:51:03.0465 2028 Wd - ok
11:51:03.0496 2028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:51:03.0496 2028 Wdf01000 - ok
11:51:03.0528 2028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:51:03.0528 2028 WfpLwf - ok
11:51:03.0543 2028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:51:03.0543 2028 WIMMount - ok
11:51:03.0606 2028 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:51:03.0606 2028 WinUsb - ok
11:51:03.0637 2028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:51:03.0637 2028 WmiAcpi - ok
11:51:03.0668 2028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:51:03.0668 2028 ws2ifsl - ok
11:51:03.0684 2028 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:51:03.0684 2028 WudfPf - ok
11:51:03.0715 2028 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:51:03.0715 2028 WUDFRd - ok
11:51:03.0762 2028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:51:03.0762 2028 \Device\Harddisk0\DR0 - ok
11:51:03.0762 2028 Boot (0x1200) (f01eb097029b322caff31d85ed7f1115) \Device\Harddisk0\DR0\Partition0
11:51:03.0777 2028 \Device\Harddisk0\DR0\Partition0 - ok
11:51:03.0777 2028 Boot (0x1200) (472097794812863d981345ba259079b6) \Device\Harddisk0\DR0\Partition1
11:51:03.0777 2028 \Device\Harddisk0\DR0\Partition1 - ok
11:51:03.0777 2028 ============================================================
11:51:03.0777 2028 Scan finished
11:51:03.0777 2028 ============================================================
11:51:03.0777 1420 Detected object count: 0
11:51:03.0777 1420 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 AM

Posted 08 November 2011 - 01:14 PM

ello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 UAH Grad

UAH Grad
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 08 November 2011 - 01:26 PM

Here are the results from the aswMBR scan....

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-08 12:18:45
-----------------------------
12:18:45.695 OS Version: Windows x64 6.1.7600
12:18:45.695 Number of processors: 4 586 0x1E05
12:18:45.695 ComputerName: GENECLECKLER-PC UserName: Tracy
12:18:46.678 Initialize success
12:20:58.155 AVAST engine defs: 11110801
12:21:06.376 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8
12:21:06.376 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3
12:21:08.404 Disk 0 MBR read successfully
12:21:08.404 Disk 0 MBR scan
12:21:08.404 Disk 0 Windows 7 default MBR code
12:21:08.404 Disk 0 MBR hidden
12:21:08.404 Service scanning
12:21:08.856 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
12:21:09.418 Modules scanning
12:21:09.418 Disk 0 trace - called modules:
12:21:09.418 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004d0b334]<<
12:21:09.418 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf9060]
12:21:09.418 3 CLASSPNP.SYS[fffff8800185b43f] -> nt!IofCallDriver -> [0xfffffa8004a4f580]
12:21:09.418 5 ACPI.sys[fffff88000d6e781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-8[0xfffffa8004a4e060]
12:21:09.434 \Driver\atapi[0xfffffa8004a2c5b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004d0b334
12:21:11.789 AVAST engine scan C:\Windows
12:21:14.628 AVAST engine scan C:\Windows\system32
12:22:17.559 AVAST engine scan C:\Windows\system32\drivers
12:22:24.236 AVAST engine scan C:\Users\Tracy
12:24:02.095 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
12:24:02.968 The log file has been saved successfully to "E:\aswMBR.txt"


It gives me the option to FixMBR but I have not clicked on this, as you did not instruct me to at this time. However, I still have the program running and await further instructions. Thank you again for your time and efforts. :thumbup2:

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 AM

Posted 08 November 2011 - 02:13 PM

Hello

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.



gring
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 UAH Grad

UAH Grad
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 08 November 2011 - 02:20 PM

Do you want me to reboot back into Safe Mode or boot normally?

#15 UAH Grad

UAH Grad
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 08 November 2011 - 02:35 PM

also, I notice the aswMBR scans the current user folder....there are 4 user profiles on this computer....will this effect the results? I missed that detail, sorry.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users