Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Restore gone, left with Google Redirect


  • This topic is locked This topic is locked
49 replies to this topic

#1 Griwa

Griwa

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 11 November 2011 - 03:02 AM

I just got windows restore virus, after successfully removing it, all anti-malware/spyware softwares i've tried have come out clean. But google redirects like crazy when I use google chrome, a bit in opera and random pop ups in firefox... :(
Please help, and thank you in advance.

Im running windows 7 64-bit, so here is the DDS.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Grigori at 23:48:05 on 2011-11-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4095.1980 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
TCP: Interfaces\{9982A814-CEDD-46ED-80B9-098B94A27F14} : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
TCP: Interfaces\{9982A814-CEDD-46ED-80B9-098B94A27F14}\347344647344 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9982A814-CEDD-46ED-80B9-098B94A27F14}\542354441353 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CD16ECBC-1D65-4BFB-9CD9-CFD30659273F} : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 Arctosa;Arctosa Keyboard;C:\Windows\system32\drivers\Arctosa.sys --> C:\Windows\system32\drivers\Arctosa.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-4-4 1431888]
S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-11-11 05:53:57 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2011-11-11 05:39:41 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-11 05:34:32 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-11 03:55:56 98816 ----a-w- C:\Windows\sed.exe
2011-11-11 03:55:56 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-11 03:55:56 256000 ----a-w- C:\Windows\PEV.exe
2011-11-11 03:55:56 208896 ----a-w- C:\Windows\MBR.exe
2011-11-11 03:54:45 -------- d-----w- C:\ComboFix
2011-11-11 03:24:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 03:05:44 -------- d-----w- C:\Users\Grigori\AppData\Local\Opera
2011-11-10 04:36:02 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-10 04:35:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-09 12:44:43 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 12:44:43 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 12:44:41 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 12:44:39 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 08:44:40 -------- d-----w- C:\Program Files\CCleaner
2011-11-09 08:18:30 -------- d-----w- C:\Users\Grigori\AppData\Roaming\SUPERAntiSpyware.com
2011-11-09 08:18:10 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-11-09 08:18:10 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-11-08 04:54:46 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-11-08 04:52:41 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-11-08 04:49:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-08 04:49:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-07 19:34:22 -------- d-----w- C:\Windows\System32\appmgmt
2011-11-07 16:56:35 -------- d-----w- C:\Users\Grigori\AppData\Roaming\95829
2011-11-07 16:56:14 -------- d-----w- C:\Users\Grigori\AppData\Roaming\A0495
2011-11-07 16:24:29 -------- d-----w- C:\Program Files (x86)\95829
2011-11-06 16:21:30 -------- d-----w- C:\Users\Grigori\AppData\Roaming\Malwarebytes
2011-11-05 01:44:13 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3137AD7-A301-4C34-9835-AFEAD79A0532}\mpengine.dll
2011-10-26 16:07:55 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 16:07:55 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-17 03:10:50 24270208 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-17 02:55:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-13 04:58:57 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 04:58:57 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 04:58:56 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 04:58:56 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
.
==================== Find3M ====================
.
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-14 04:11:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 23:55:19.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 11 November 2011 - 03:10 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Griwa

Griwa
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 November 2011 - 01:40 AM

Ran combofix, everything going fine until reporting log... had a pop up from internet explorer(i never use IE). I also noticed through out my normal computer usage iexplorer.exe running, ending process does nothing as it boots up again. I tried google and it still redirects... here is the ComboFix log:


ComboFix 11-11-11.06 - Grigori 11/11/2011 21:50:14.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4095.2723 [GMT -8:00]
Running from: c:\users\Grigori\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Grigori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-12 06:17 . 2011-11-12 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 05:53 . 2011-11-11 05:54 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2011-11-11 05:37 . 2011-11-11 05:37 -------- d-----w- c:\users\Mcx1-GOD
2011-11-11 03:24 . 2011-11-11 03:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 03:24 . 2011-11-11 03:24 -------- d-----w- c:\programdata\McAfee
2011-11-11 03:05 . 2011-11-11 03:05 -------- d-----w- c:\users\Grigori\AppData\Local\Opera
2011-11-11 03:05 . 2011-11-11 03:05 -------- d-----w- c:\program files (x86)\Opera
2011-11-10 04:36 . 2011-11-10 04:36 -------- d-----w- c:\programdata\Malwarebytes
2011-11-10 04:35 . 2011-11-11 05:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-09 12:44 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 12:44 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 12:44 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:44 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 08:44 . 2011-11-09 08:44 -------- d-----w- c:\program files\CCleaner
2011-11-09 08:18 . 2011-11-09 08:18 -------- d-----w- c:\users\Grigori\AppData\Roaming\SUPERAntiSpyware.com
2011-11-09 08:18 . 2011-11-11 18:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-09 08:18 . 2011-11-09 08:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-08 04:54 . 2011-11-08 04:54 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-08 04:52 . 2011-11-08 04:52 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-08 04:49 . 2011-11-09 03:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-08 04:49 . 2011-11-09 03:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-07 19:34 . 2011-11-07 19:35 -------- d-----w- c:\windows\system32\appmgmt
2011-11-07 16:56 . 2011-11-07 17:50 -------- d-----w- c:\users\Grigori\AppData\Roaming\95829
2011-11-07 16:56 . 2011-11-07 17:50 -------- d-----w- c:\users\Grigori\AppData\Roaming\A0495
2011-11-07 16:24 . 2011-11-07 16:24 -------- d-----w- c:\program files (x86)\95829
2011-11-06 16:50 . 2011-11-06 16:50 -------- d-----w- c:\windows\Sun
2011-11-06 16:21 . 2011-11-06 16:21 -------- d-----w- c:\users\Grigori\AppData\Roaming\Malwarebytes
2011-11-06 15:59 . 2011-11-06 15:59 -------- d-----w- c:\windows\system32\Macromed
2011-11-05 01:44 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3137AD7-A301-4C34-9835-AFEAD79A0532}\mpengine.dll
2011-10-26 16:07 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 16:07 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-17 03:10 . 2011-10-17 03:10 24270208 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 03:25 . 2011-10-13 04:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 04:59 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-16 22:23 . 2011-05-21 02:22 737072 ---ha-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-09-16 22:23 . 2011-05-21 02:22 48648 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-08-27 05:37 . 2011-10-13 04:58 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 04:58 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 04:58 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-13 04:58 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-20 05:37 . 2011-10-13 04:59 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 04:31 . 2011-10-13 04:59 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-17 05:26 . 2011-10-13 04:59 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-13 04:59 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-13 04:59 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-13 04:59 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-11_05.01.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-04 07:08 . 2011-11-12 05:40 43304 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-12 05:40 29548 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-04 06:22 . 2011-11-12 03:13 12252 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1865039180-776292860-911228389-1001_UserData.bin
+ 2011-04-04 02:59 . 2011-11-11 08:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-04 02:59 . 2011-11-11 03:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-04 02:59 . 2011-11-11 08:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-04 02:59 . 2011-11-11 03:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-11 03:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-11 08:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-04 06:21 . 2011-11-12 05:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-04 06:21 . 2011-11-11 04:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-08 18:46 . 2011-11-12 05:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-08 18:46 . 2011-11-11 04:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-08 18:46 . 2011-11-11 04:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-08 18:46 . 2011-11-12 05:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-08 18:46 . 2011-11-12 05:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-11-08 18:46 . 2011-11-11 04:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-04-04 06:21 . 2011-11-12 05:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-04 06:21 . 2011-11-11 04:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-04 06:21 . 2011-11-12 05:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-04 06:21 . 2011-11-11 04:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-04 06:21 . 2011-11-12 06:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-04 06:21 . 2011-11-11 04:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-04 06:21 . 2011-11-12 06:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-04 06:21 . 2011-11-11 04:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-11 04:35 . 2011-11-11 04:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-12 05:39 . 2011-11-12 05:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-12 05:39 . 2011-11-12 05:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-11 04:35 . 2011-11-11 04:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-11 05:53 . 2009-08-17 17:54 278528 c:\windows\SysWOW64\pncrt.dll
+ 2004-05-26 12:37 . 2004-05-26 12:37 719872 c:\windows\SysWOW64\devil.dll
+ 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\SysWOW64\avisynth.dll
- 2009-07-14 02:36 . 2011-11-11 04:39 667474 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-12 05:44 667474 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-11 04:39 126150 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-12 05:44 126150 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2011-11-12 03:18 104744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2011-11-11 04:34 517936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-12 05:38 517936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-11-10 18:45 7380000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-11-11 18:04 7380000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2011-10-13 15:57 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-11 08:04 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-11 5495680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Grigori\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-05 1431888]
R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 Arctosa;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1865039180-776292860-911228389-1001Core.job
- c:\users\Grigori\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 03:24]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1865039180-776292860-911228389-1001UA.job
- c:\users\Grigori\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 03:24]
.
2011-11-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2820d90d-59a2-41ec-838c-4a2295923804.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2011-11-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task eebe36ca-86da-4f68-ab08-83102d568fd2.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\0a\04,7?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-11 22:35:24
ComboFix-quarantined-files.txt 2011-11-12 06:35
ComboFix2.txt 2011-11-11 05:25
.
Pre-Run: 351,601,061,888 bytes free
Post-Run: 351,293,403,136 bytes free
.
- - End Of File - - D2F2D07A22D983C0D9047DFC1FC18104

Edited by Griwa, 12 November 2011 - 01:41 AM.


#4 Griwa

Griwa
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 November 2011 - 01:53 AM

Also a few things I've noticed... I have 3 network connections 2 legit(1 LAN ethernet which is on my MOBO, and a wireless N adapter) however I have no clue what Microsoft virtual adapter is... which is the third one.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 12 November 2011 - 11:55 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Griwa

Griwa
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 November 2011 - 01:05 PM

TDSSKiller found nothing.



10:03:07.0955 0668 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
10:03:08.0170 0668 ============================================================
10:03:08.0170 0668 Current date / time: 2011/11/12 10:03:08.0170
10:03:08.0170 0668 SystemInfo:
10:03:08.0170 0668
10:03:08.0170 0668 OS Version: 6.1.7601 ServicePack: 1.0
10:03:08.0170 0668 Product type: Workstation
10:03:08.0170 0668 ComputerName: GOD
10:03:08.0170 0668 UserName: Grigori
10:03:08.0170 0668 Windows directory: C:\Windows
10:03:08.0170 0668 System windows directory: C:\Windows
10:03:08.0170 0668 Running under WOW64
10:03:08.0170 0668 Processor architecture: Intel x64
10:03:08.0170 0668 Number of processors: 4
10:03:08.0170 0668 Page size: 0x1000
10:03:08.0170 0668 Boot type: Normal boot
10:03:08.0170 0668 ============================================================
10:03:10.0673 0668 Initialize success
10:03:18.0113 1292 ============================================================
10:03:18.0113 1292 Scan started
10:03:18.0113 1292 Mode: Manual;
10:03:18.0113 1292 ============================================================
10:03:19.0703 1292 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:03:19.0713 1292 1394ohci - ok
10:03:19.0820 1292 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:03:19.0835 1292 ACPI - ok
10:03:19.0858 1292 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:03:19.0858 1292 AcpiPmi - ok
10:03:19.0933 1292 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:03:19.0968 1292 adp94xx - ok
10:03:20.0018 1292 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:03:20.0025 1292 adpahci - ok
10:03:20.0075 1292 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:03:20.0080 1292 adpu320 - ok
10:03:20.0145 1292 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:03:20.0168 1292 AFD - ok
10:03:20.0210 1292 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:03:20.0215 1292 agp440 - ok
10:03:20.0235 1292 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:03:20.0245 1292 aliide - ok
10:03:20.0378 1292 ALSysIO - ok
10:03:20.0420 1292 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:03:20.0423 1292 amdide - ok
10:03:20.0495 1292 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:03:20.0500 1292 AmdK8 - ok
10:03:20.0525 1292 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:03:20.0525 1292 AmdPPM - ok
10:03:20.0578 1292 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:03:20.0585 1292 amdsata - ok
10:03:20.0610 1292 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:03:20.0628 1292 amdsbs - ok
10:03:20.0663 1292 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:03:20.0663 1292 amdxata - ok
10:03:20.0730 1292 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:03:20.0740 1292 AppID - ok
10:03:20.0790 1292 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:03:20.0800 1292 arc - ok
10:03:20.0815 1292 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:03:20.0818 1292 arcsas - ok
10:03:20.0883 1292 Arctosa (2b0e02250a4ff9ef8c68020a7315d27b) C:\Windows\system32\drivers\Arctosa.sys
10:03:20.0888 1292 Arctosa - ok
10:03:20.0958 1292 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:03:20.0960 1292 AsyncMac - ok
10:03:21.0000 1292 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:03:21.0000 1292 atapi - ok
10:03:21.0118 1292 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:03:21.0153 1292 b06bdrv - ok
10:03:21.0195 1292 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:03:21.0200 1292 b57nd60a - ok
10:03:21.0298 1292 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:03:21.0328 1292 BCM43XX - ok
10:03:21.0340 1292 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:03:21.0340 1292 Beep - ok
10:03:21.0405 1292 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:03:21.0408 1292 blbdrive - ok
10:03:21.0435 1292 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:03:21.0438 1292 bowser - ok
10:03:21.0480 1292 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:03:21.0483 1292 BrFiltLo - ok
10:03:21.0505 1292 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:03:21.0505 1292 BrFiltUp - ok
10:03:21.0580 1292 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:03:21.0600 1292 Bridge - ok
10:03:21.0610 1292 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:03:21.0613 1292 BridgeMP - ok
10:03:21.0640 1292 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:03:21.0650 1292 Brserid - ok
10:03:21.0680 1292 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:03:21.0680 1292 BrSerWdm - ok
10:03:21.0693 1292 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:03:21.0695 1292 BrUsbMdm - ok
10:03:21.0708 1292 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:03:21.0720 1292 BrUsbSer - ok
10:03:21.0790 1292 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:03:21.0793 1292 BTHMODEM - ok
10:03:21.0875 1292 catchme - ok
10:03:21.0953 1292 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:03:21.0958 1292 cdfs - ok
10:03:22.0020 1292 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:03:22.0025 1292 cdrom - ok
10:03:22.0065 1292 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:03:22.0065 1292 circlass - ok
10:03:22.0103 1292 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:03:22.0108 1292 CLFS - ok
10:03:22.0160 1292 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:03:22.0160 1292 CmBatt - ok
10:03:22.0173 1292 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:03:22.0175 1292 cmdide - ok
10:03:22.0273 1292 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:03:22.0283 1292 CNG - ok
10:03:22.0310 1292 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:03:22.0313 1292 Compbatt - ok
10:03:22.0353 1292 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:03:22.0353 1292 CompositeBus - ok
10:03:22.0383 1292 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:03:22.0383 1292 crcdisk - ok
10:03:22.0440 1292 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:03:22.0460 1292 CSC - ok
10:03:22.0515 1292 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:03:22.0518 1292 DfsC - ok
10:03:22.0533 1292 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:03:22.0533 1292 discache - ok
10:03:22.0580 1292 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:03:22.0595 1292 Disk - ok
10:03:22.0643 1292 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:03:22.0650 1292 drmkaud - ok
10:03:22.0725 1292 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:03:22.0725 1292 dtsoftbus01 - ok
10:03:22.0848 1292 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:03:22.0860 1292 DXGKrnl - ok
10:03:23.0055 1292 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:03:23.0118 1292 ebdrv - ok
10:03:23.0163 1292 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:03:23.0170 1292 elxstor - ok
10:03:23.0235 1292 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:03:23.0238 1292 ErrDev - ok
10:03:23.0263 1292 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:03:23.0265 1292 exfat - ok
10:03:23.0295 1292 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:03:23.0300 1292 fastfat - ok
10:03:23.0338 1292 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:03:23.0340 1292 fdc - ok
10:03:23.0383 1292 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:03:23.0383 1292 FileInfo - ok
10:03:23.0403 1292 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:03:23.0405 1292 Filetrace - ok
10:03:23.0435 1292 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:03:23.0435 1292 flpydisk - ok
10:03:23.0478 1292 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:03:23.0480 1292 FltMgr - ok
10:03:23.0523 1292 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:03:23.0523 1292 FsDepends - ok
10:03:23.0545 1292 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:03:23.0545 1292 Fs_Rec - ok
10:03:23.0605 1292 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:03:23.0613 1292 fvevol - ok
10:03:23.0625 1292 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:03:23.0625 1292 gagp30kx - ok
10:03:23.0665 1292 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:03:23.0665 1292 hcw85cir - ok
10:03:23.0713 1292 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:03:23.0715 1292 HdAudAddService - ok
10:03:23.0755 1292 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:03:23.0770 1292 HDAudBus - ok
10:03:23.0805 1292 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:03:23.0828 1292 HidBatt - ok
10:03:23.0880 1292 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:03:23.0885 1292 HidBth - ok
10:03:23.0905 1292 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:03:23.0908 1292 HidIr - ok
10:03:23.0955 1292 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:03:23.0958 1292 HidUsb - ok
10:03:23.0993 1292 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:03:23.0995 1292 HpSAMD - ok
10:03:24.0083 1292 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:03:24.0100 1292 HTTP - ok
10:03:24.0143 1292 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:03:24.0143 1292 hwpolicy - ok
10:03:24.0165 1292 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:03:24.0168 1292 i8042prt - ok
10:03:24.0240 1292 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:03:24.0263 1292 iaStorV - ok
10:03:24.0295 1292 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:03:24.0298 1292 iirsp - ok
10:03:24.0423 1292 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\Windows\system32\drivers\RTKVHD64.sys
10:03:24.0438 1292 IntcAzAudAddService - ok
10:03:24.0460 1292 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:03:24.0463 1292 intelide - ok
10:03:24.0515 1292 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:03:24.0520 1292 intelppm - ok
10:03:24.0548 1292 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:03:24.0568 1292 IpFilterDriver - ok
10:03:24.0683 1292 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:03:24.0698 1292 IPMIDRV - ok
10:03:24.0760 1292 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:03:24.0765 1292 IPNAT - ok
10:03:24.0798 1292 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:03:24.0798 1292 IRENUM - ok
10:03:24.0815 1292 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:03:24.0815 1292 isapnp - ok
10:03:24.0868 1292 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:03:24.0883 1292 iScsiPrt - ok
10:03:24.0908 1292 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:03:24.0908 1292 kbdclass - ok
10:03:24.0963 1292 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:03:24.0963 1292 kbdhid - ok
10:03:24.0995 1292 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:03:25.0008 1292 KSecDD - ok
10:03:25.0065 1292 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:03:25.0068 1292 KSecPkg - ok
10:03:25.0090 1292 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:03:25.0093 1292 ksthunk - ok
10:03:25.0210 1292 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:03:25.0210 1292 LHidFilt - ok
10:03:25.0283 1292 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:03:25.0295 1292 lltdio - ok
10:03:25.0335 1292 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:03:25.0338 1292 LMouFilt - ok
10:03:25.0373 1292 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:03:25.0373 1292 LSI_FC - ok
10:03:25.0383 1292 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:03:25.0385 1292 LSI_SAS - ok
10:03:25.0393 1292 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:03:25.0408 1292 LSI_SAS2 - ok
10:03:25.0478 1292 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:03:25.0480 1292 LSI_SCSI - ok
10:03:25.0510 1292 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:03:25.0513 1292 luafv - ok
10:03:25.0550 1292 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:03:25.0553 1292 megasas - ok
10:03:25.0588 1292 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:03:25.0598 1292 MegaSR - ok
10:03:25.0698 1292 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:03:25.0700 1292 Modem - ok
10:03:25.0778 1292 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:03:25.0780 1292 monitor - ok
10:03:25.0835 1292 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:03:25.0835 1292 mouclass - ok
10:03:25.0885 1292 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:03:25.0900 1292 mouhid - ok
10:03:25.0993 1292 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:03:25.0998 1292 mountmgr - ok
10:03:26.0058 1292 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:03:26.0063 1292 mpio - ok
10:03:26.0105 1292 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:03:26.0110 1292 mpsdrv - ok
10:03:26.0150 1292 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:03:26.0155 1292 MRxDAV - ok
10:03:26.0188 1292 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:03:26.0190 1292 mrxsmb - ok
10:03:26.0233 1292 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:03:26.0245 1292 mrxsmb10 - ok
10:03:26.0273 1292 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:03:26.0273 1292 mrxsmb20 - ok
10:03:26.0323 1292 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:03:26.0323 1292 msahci - ok
10:03:26.0360 1292 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:03:26.0365 1292 msdsm - ok
10:03:26.0420 1292 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:03:26.0430 1292 Msfs - ok
10:03:26.0480 1292 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:03:26.0483 1292 mshidkmdf - ok
10:03:26.0535 1292 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:03:26.0538 1292 msisadrv - ok
10:03:26.0595 1292 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:03:26.0598 1292 MSKSSRV - ok
10:03:26.0620 1292 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:03:26.0623 1292 MSPCLOCK - ok
10:03:26.0633 1292 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:03:26.0635 1292 MSPQM - ok
10:03:26.0695 1292 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:03:26.0703 1292 MsRPC - ok
10:03:26.0725 1292 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:03:26.0725 1292 mssmbios - ok
10:03:26.0735 1292 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:03:26.0738 1292 MSTEE - ok
10:03:26.0758 1292 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:03:26.0758 1292 MTConfig - ok
10:03:26.0850 1292 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
10:03:26.0855 1292 MTsensor - ok
10:03:26.0903 1292 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:03:26.0903 1292 Mup - ok
10:03:26.0958 1292 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:03:26.0965 1292 NativeWifiP - ok
10:03:27.0040 1292 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:03:27.0063 1292 NDIS - ok
10:03:27.0078 1292 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:03:27.0078 1292 NdisCap - ok
10:03:27.0103 1292 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:03:27.0103 1292 NdisTapi - ok
10:03:27.0133 1292 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:03:27.0138 1292 Ndisuio - ok
10:03:27.0168 1292 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:03:27.0183 1292 NdisWan - ok
10:03:27.0240 1292 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:03:27.0243 1292 NDProxy - ok
10:03:27.0255 1292 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:03:27.0258 1292 NetBIOS - ok
10:03:27.0290 1292 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:03:27.0310 1292 NetBT - ok
10:03:27.0380 1292 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:03:27.0383 1292 nfrd960 - ok
10:03:27.0423 1292 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:03:27.0423 1292 Npfs - ok
10:03:27.0473 1292 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:03:27.0485 1292 nsiproxy - ok
10:03:27.0553 1292 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:03:27.0598 1292 Ntfs - ok
10:03:27.0638 1292 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:03:27.0638 1292 Null - ok
10:03:28.0270 1292 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:03:28.0328 1292 nvlddmkm - ok
10:03:28.0463 1292 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:03:28.0468 1292 nvraid - ok
10:03:28.0513 1292 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:03:28.0518 1292 nvstor - ok
10:03:28.0580 1292 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:03:28.0588 1292 nv_agp - ok
10:03:28.0625 1292 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:03:28.0628 1292 ohci1394 - ok
10:03:28.0698 1292 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:03:28.0700 1292 Parport - ok
10:03:28.0745 1292 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:03:28.0745 1292 partmgr - ok
10:03:28.0770 1292 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:03:28.0773 1292 pci - ok
10:03:28.0790 1292 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:03:28.0790 1292 pciide - ok
10:03:28.0815 1292 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:03:28.0833 1292 pcmcia - ok
10:03:28.0863 1292 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:03:28.0865 1292 pcw - ok
10:03:28.0945 1292 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:03:28.0968 1292 PEAUTH - ok
10:03:29.0080 1292 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:03:29.0080 1292 PptpMiniport - ok
10:03:29.0105 1292 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:03:29.0120 1292 Processor - ok
10:03:29.0198 1292 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:03:29.0203 1292 Psched - ok
10:03:29.0275 1292 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:03:29.0340 1292 ql2300 - ok
10:03:29.0375 1292 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:03:29.0380 1292 ql40xx - ok
10:03:29.0403 1292 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:03:29.0415 1292 QWAVEdrv - ok
10:03:29.0453 1292 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:03:29.0455 1292 RasAcd - ok
10:03:29.0490 1292 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:03:29.0493 1292 RasAgileVpn - ok
10:03:29.0550 1292 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:03:29.0553 1292 Rasl2tp - ok
10:03:29.0600 1292 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:03:29.0600 1292 RasPppoe - ok
10:03:29.0620 1292 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:03:29.0628 1292 RasSstp - ok
10:03:29.0683 1292 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:03:29.0688 1292 rdbss - ok
10:03:29.0708 1292 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:03:29.0710 1292 rdpbus - ok
10:03:29.0723 1292 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:03:29.0723 1292 RDPCDD - ok
10:03:29.0773 1292 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:03:29.0783 1292 RDPDR - ok
10:03:29.0848 1292 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:03:29.0850 1292 RDPENCDD - ok
10:03:29.0873 1292 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:03:29.0875 1292 RDPREFMP - ok
10:03:29.0925 1292 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:03:29.0930 1292 RDPWD - ok
10:03:29.0983 1292 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:03:29.0998 1292 rdyboost - ok
10:03:30.0043 1292 RimUsb - ok
10:03:30.0108 1292 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
10:03:30.0118 1292 RimVSerPort - ok
10:03:30.0155 1292 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
10:03:30.0158 1292 ROOTMODEM - ok
10:03:30.0233 1292 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:03:30.0235 1292 rspndr - ok
10:03:30.0303 1292 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:03:30.0305 1292 RTL8167 - ok
10:03:30.0335 1292 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:03:30.0335 1292 s3cap - ok
10:03:30.0503 1292 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:03:30.0503 1292 SASDIFSV - ok
10:03:30.0518 1292 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:03:30.0518 1292 SASKUTIL - ok
10:03:30.0583 1292 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:03:30.0588 1292 sbp2port - ok
10:03:30.0620 1292 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:03:30.0623 1292 scfilter - ok
10:03:30.0730 1292 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:03:30.0733 1292 secdrv - ok
10:03:30.0770 1292 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:03:30.0770 1292 Serenum - ok
10:03:30.0790 1292 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:03:30.0790 1292 Serial - ok
10:03:30.0820 1292 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:03:30.0820 1292 sermouse - ok
10:03:30.0873 1292 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:03:30.0888 1292 sffdisk - ok
10:03:30.0935 1292 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:03:30.0938 1292 sffp_mmc - ok
10:03:30.0958 1292 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:03:30.0958 1292 sffp_sd - ok
10:03:30.0983 1292 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:03:30.0983 1292 sfloppy - ok
10:03:31.0023 1292 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:03:31.0038 1292 SiSRaid2 - ok
10:03:31.0060 1292 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:03:31.0063 1292 SiSRaid4 - ok
10:03:31.0115 1292 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:03:31.0133 1292 Smb - ok
10:03:31.0170 1292 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:03:31.0170 1292 spldr - ok
10:03:31.0248 1292 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:03:31.0268 1292 srv - ok
10:03:31.0295 1292 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:03:31.0300 1292 srv2 - ok
10:03:31.0313 1292 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:03:31.0315 1292 srvnet - ok
10:03:31.0378 1292 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:03:31.0378 1292 stexstor - ok
10:03:31.0425 1292 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:03:31.0425 1292 storflt - ok
10:03:31.0443 1292 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:03:31.0445 1292 storvsc - ok
10:03:31.0468 1292 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:03:31.0468 1292 swenum - ok
10:03:31.0775 1292 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:03:31.0810 1292 Tcpip - ok
10:03:31.0858 1292 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:03:31.0868 1292 TCPIP6 - ok
10:03:31.0913 1292 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:03:31.0925 1292 tcpipreg - ok
10:03:31.0978 1292 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:03:31.0988 1292 TDPIPE - ok
10:03:32.0015 1292 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:03:32.0018 1292 TDTCP - ok
10:03:32.0075 1292 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:03:32.0078 1292 tdx - ok
10:03:32.0103 1292 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:03:32.0105 1292 TermDD - ok
10:03:32.0200 1292 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:03:32.0213 1292 tssecsrv - ok
10:03:32.0238 1292 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:03:32.0240 1292 TsUsbFlt - ok
10:03:32.0315 1292 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:03:32.0318 1292 tunnel - ok
10:03:32.0335 1292 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:03:32.0338 1292 uagp35 - ok
10:03:32.0378 1292 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:03:32.0388 1292 udfs - ok
10:03:32.0415 1292 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:03:32.0415 1292 uliagpkx - ok
10:03:32.0450 1292 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:03:32.0465 1292 umbus - ok
10:03:32.0498 1292 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:03:32.0500 1292 UmPass - ok
10:03:32.0588 1292 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:03:32.0593 1292 usbccgp - ok
10:03:32.0645 1292 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:03:32.0648 1292 usbcir - ok
10:03:32.0655 1292 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:03:32.0658 1292 usbehci - ok
10:03:32.0768 1292 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:03:32.0775 1292 usbhub - ok
10:03:32.0813 1292 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:03:32.0818 1292 usbohci - ok
10:03:32.0860 1292 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:03:32.0863 1292 usbprint - ok
10:03:32.0963 1292 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:03:33.0005 1292 usbscan - ok
10:03:33.0068 1292 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:03:33.0080 1292 USBSTOR - ok
10:03:33.0218 1292 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:03:33.0220 1292 usbuhci - ok
10:03:33.0295 1292 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:03:33.0295 1292 vdrvroot - ok
10:03:33.0390 1292 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:03:33.0408 1292 vga - ok
10:03:33.0453 1292 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:03:33.0455 1292 VgaSave - ok
10:03:33.0498 1292 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:03:33.0510 1292 vhdmp - ok
10:03:33.0540 1292 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:03:33.0540 1292 viaide - ok
10:03:33.0555 1292 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:03:33.0558 1292 vmbus - ok
10:03:33.0590 1292 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:03:33.0590 1292 VMBusHID - ok
10:03:33.0615 1292 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:03:33.0618 1292 volmgr - ok
10:03:33.0653 1292 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:03:33.0658 1292 volmgrx - ok
10:03:33.0680 1292 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:03:33.0683 1292 volsnap - ok
10:03:33.0708 1292 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:03:33.0718 1292 vsmraid - ok
10:03:33.0748 1292 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:03:33.0748 1292 vwifibus - ok
10:03:33.0793 1292 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:03:33.0795 1292 vwififlt - ok
10:03:33.0833 1292 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:03:33.0835 1292 vwifimp - ok
10:03:33.0868 1292 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:03:33.0868 1292 WacomPen - ok
10:03:33.0905 1292 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:03:33.0913 1292 WANARP - ok
10:03:33.0928 1292 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:03:33.0928 1292 Wanarpv6 - ok
10:03:34.0028 1292 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:03:34.0030 1292 Wd - ok
10:03:34.0073 1292 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:03:34.0093 1292 Wdf01000 - ok
10:03:34.0130 1292 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:03:34.0130 1292 WfpLwf - ok
10:03:34.0185 1292 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:03:34.0190 1292 WIMMount - ok
10:03:34.0288 1292 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
10:03:34.0290 1292 WinUSB - ok
10:03:34.0368 1292 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:03:34.0368 1292 WmiAcpi - ok
10:03:34.0398 1292 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:03:34.0398 1292 ws2ifsl - ok
10:03:34.0468 1292 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:03:34.0483 1292 WudfPf - ok
10:03:34.0533 1292 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:03:34.0538 1292 WUDFRd - ok
10:03:34.0588 1292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:03:34.0645 1292 \Device\Harddisk0\DR0 - ok
10:03:34.0665 1292 Boot (0x1200) (2640a72ea75d8c595fa6ac472d803651) \Device\Harddisk0\DR0\Partition0
10:03:34.0680 1292 \Device\Harddisk0\DR0\Partition0 - ok
10:03:34.0713 1292 Boot (0x1200) (4f37b77a79ea4cd31181dc7ecac05997) \Device\Harddisk0\DR0\Partition1
10:03:34.0715 1292 \Device\Harddisk0\DR0\Partition1 - ok
10:03:34.0745 1292 Boot (0x1200) (6b8f1fad23a2d896f06d93f6de532629) \Device\Harddisk0\DR0\Partition2
10:03:34.0745 1292 \Device\Harddisk0\DR0\Partition2 - ok
10:03:34.0748 1292 ============================================================
10:03:34.0748 1292 Scan finished
10:03:34.0748 1292 ============================================================
10:03:34.0765 2180 Detected object count: 0
10:03:34.0765 2180 Actual detected object count: 0

#7 Griwa

Griwa
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 November 2011 - 02:38 PM

Google still redirecting :-/

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 12 November 2011 - 02:40 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Griwa

Griwa
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 November 2011 - 03:20 PM

I don't know if these programs activate something, but again i had pop ups while scanning.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-12 12:07:15
-----------------------------
12:07:15.002 OS Version: Windows x64 6.1.7601 Service Pack 1
12:07:15.002 Number of processors: 4 586 0x402
12:07:15.003 ComputerName: GOD UserName:
12:07:17.106 Initialize success
12:08:04.405 AVAST engine defs: 11111201
12:08:39.518 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:08:39.522 Disk 0 Vendor: WDC_WD10EACS-65ZJB0 01.01B01 Size: 953869MB BusType: 3
12:08:41.557 Disk 0 MBR read successfully
12:08:41.562 Disk 0 MBR scan
12:08:41.570 Disk 0 MBR:Alureon-I [Rtk]
12:08:41.576 Disk 0 TDL4@MBR code has been found
12:08:41.582 Disk 0 Windows 7 default MBR code found via API
12:08:41.589 Disk 0 MBR hidden
12:08:41.595 Disk 0 MBR [TDL4] **ROOTKIT**
12:08:41.603 Service scanning
12:08:42.923 Modules scanning
12:08:42.932 Disk 0 trace - called modules:
12:08:42.941 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a65334]<<
12:08:42.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a52060]
12:08:42.957 3 CLASSPNP.SYS[fffff8800199843f] -> nt!IofCallDriver -> [0xfffffa8003af0520]
12:08:42.962 5 ACPI.sys[fffff88000ee57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003af3060]
12:08:42.967 \Driver\atapi[0xfffffa8003ad2b00] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a65334
12:08:45.859 AVAST engine scan C:\Windows
12:08:50.153 AVAST engine scan C:\Windows\system32
12:10:26.614 AVAST engine scan C:\Windows\system32\drivers
12:10:37.254 AVAST engine scan C:\Users\Grigori
12:15:33.562 AVAST engine scan C:\ProgramData
12:16:48.865 Scan finished successfully
12:18:08.597 Disk 0 MBR has been saved successfully to "C:\Users\Grigori\Desktop\MBR.dat"
12:18:08.602 The log file has been saved successfully to "C:\Users\Grigori\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 12 November 2011 - 03:56 PM

Hello

I want you to rerun ASWmbr and run the fix below

aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Griwa

Griwa
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 November 2011 - 04:27 PM

I haven't closed MBR yet so I just pressed fix..

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-12 12:07:15
-----------------------------
12:07:15.002 OS Version: Windows x64 6.1.7601 Service Pack 1
12:07:15.002 Number of processors: 4 586 0x402
12:07:15.003 ComputerName: GOD UserName:
12:07:17.106 Initialize success
12:08:04.405 AVAST engine defs: 11111201
12:08:39.518 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:08:39.522 Disk 0 Vendor: WDC_WD10EACS-65ZJB0 01.01B01 Size: 953869MB BusType: 3
12:08:41.557 Disk 0 MBR read successfully
12:08:41.562 Disk 0 MBR scan
12:08:41.570 Disk 0 MBR:Alureon-I [Rtk]
12:08:41.576 Disk 0 TDL4@MBR code has been found
12:08:41.582 Disk 0 Windows 7 default MBR code found via API
12:08:41.589 Disk 0 MBR hidden
12:08:41.595 Disk 0 MBR [TDL4] **ROOTKIT**
12:08:41.603 Service scanning
12:08:42.923 Modules scanning
12:08:42.932 Disk 0 trace - called modules:
12:08:42.941 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a65334]<<
12:08:42.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a52060]
12:08:42.957 3 CLASSPNP.SYS[fffff8800199843f] -> nt!IofCallDriver -> [0xfffffa8003af0520]
12:08:42.962 5 ACPI.sys[fffff88000ee57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003af3060]
12:08:42.967 \Driver\atapi[0xfffffa8003ad2b00] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a65334
12:08:45.859 AVAST engine scan C:\Windows
12:08:50.153 AVAST engine scan C:\Windows\system32
12:10:26.614 AVAST engine scan C:\Windows\system32\drivers
12:10:37.254 AVAST engine scan C:\Users\Grigori
12:15:33.562 AVAST engine scan C:\ProgramData
12:16:48.865 Scan finished successfully
12:18:08.597 Disk 0 MBR has been saved successfully to "C:\Users\Grigori\Desktop\MBR.dat"
12:18:08.602 The log file has been saved successfully to "C:\Users\Grigori\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-12 12:07:15
-----------------------------
12:07:15.002 OS Version: Windows x64 6.1.7601 Service Pack 1
12:07:15.002 Number of processors: 4 586 0x402
12:07:15.003 ComputerName: GOD UserName:
12:07:17.106 Initialize success
12:08:04.405 AVAST engine defs: 11111201
12:08:39.518 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:08:39.522 Disk 0 Vendor: WDC_WD10EACS-65ZJB0 01.01B01 Size: 953869MB BusType: 3
12:08:41.557 Disk 0 MBR read successfully
12:08:41.562 Disk 0 MBR scan
12:08:41.570 Disk 0 MBR:Alureon-I [Rtk]
12:08:41.576 Disk 0 TDL4@MBR code has been found
12:08:41.582 Disk 0 Windows 7 default MBR code found via API
12:08:41.589 Disk 0 MBR hidden
12:08:41.595 Disk 0 MBR [TDL4] **ROOTKIT**
12:08:41.603 Service scanning
12:08:42.923 Modules scanning
12:08:42.932 Disk 0 trace - called modules:
12:08:42.941 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a65334]<<
12:08:42.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a52060]
12:08:42.957 3 CLASSPNP.SYS[fffff8800199843f] -> nt!IofCallDriver -> [0xfffffa8003af0520]
12:08:42.962 5 ACPI.sys[fffff88000ee57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003af3060]
12:08:42.967 \Driver\atapi[0xfffffa8003ad2b00] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a65334
12:08:45.859 AVAST engine scan C:\Windows
12:08:50.153 AVAST engine scan C:\Windows\system32
12:10:26.614 AVAST engine scan C:\Windows\system32\drivers
12:10:37.254 AVAST engine scan C:\Users\Grigori
12:15:33.562 AVAST engine scan C:\ProgramData
12:16:48.865 Scan finished successfully
12:18:08.597 Disk 0 MBR has been saved successfully to "C:\Users\Grigori\Desktop\MBR.dat"
12:18:08.602 The log file has been saved successfully to "C:\Users\Grigori\Desktop\aswMBR.txt"
13:25:00.078 Disk 0 MBR read successfully
13:25:00.096 Disk 0 MBR:Alureon-I [Rtk]
13:25:00.106 Disk 0 TDL4@MBR code has been found
13:25:00.117 Disk 0 fixing MBR ...
13:25:10.139 Verifying
13:25:22.141 Disk 0 Windows 601 MBR fixed successfully
13:25:38.173 Disk 0 MBR has been saved successfully to "C:\Users\Grigori\Desktop\MBR.dat"
13:25:38.178 The log file has been saved successfully to "C:\Users\Grigori\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 12 November 2011 - 04:49 PM

restart the computer and run just the scan again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Griwa

Griwa
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 November 2011 - 06:45 PM

Restarted and redid it...

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-12 15:09:07
-----------------------------
15:09:07.919 OS Version: Windows x64 6.1.7601 Service Pack 1
15:09:07.919 Number of processors: 4 586 0x402
15:09:07.919 ComputerName: GOD UserName:
15:09:11.507 Initialize success
15:09:17.731 AVAST engine defs: 11111201
15:09:18.870 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:09:18.886 Disk 0 Vendor: WDC_WD10EACS-65ZJB0 01.01B01 Size: 953869MB BusType: 3
15:09:20.914 Disk 0 MBR read successfully
15:09:20.914 Disk 0 MBR scan
15:09:20.929 Disk 0 Windows 7 default MBR code
15:09:20.945 Disk 0 MBR hidden
15:09:20.945 Service scanning
15:09:22.396 Modules scanning
15:09:22.396 Disk 0 trace - called modules:
15:09:22.411 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a47334]<<
15:09:22.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a34060]
15:09:22.427 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800395ed10]
15:09:22.427 5 ACPI.sys[fffff88000f537a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003af5060]
15:09:22.443 \Driver\atapi[0xfffffa8003ad8790] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a47334
15:09:25.968 AVAST engine scan C:\Windows
15:09:28.870 AVAST engine scan C:\Windows\system32
15:11:13.140 AVAST engine scan C:\Windows\system32\drivers
15:11:25.464 AVAST engine scan C:\Users\Grigori
15:17:08.837 AVAST engine scan C:\ProgramData
15:18:23.966 Scan finished successfully
15:28:46.751 Verifying
15:28:56.798 Disk 0 Windows 601 MBR fixed successfully
15:43:54.816 Disk 0 MBR has been saved successfully to "C:\Users\Grigori\Desktop\MBR.dat"
15:43:54.816 The log file has been saved successfully to "C:\Users\Grigori\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 12 November 2011 - 08:57 PM

How is the computer doing now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Griwa

Griwa
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 13 November 2011 - 12:38 AM

iexplorer.exe still running within tasks
I haven't had any pop ups.
Opera and Chrome still redirect in google.
:(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users