Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects - Referral by Broni


  • This topic is locked This topic is locked
26 replies to this topic

#1 Badger17

Badger17

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 20 December 2011 - 03:39 AM

Referred here by Broni from the "Am I Infected" forum. My topic (for what it's worth) was:
http://www.bleepingcomputer.com/forums/topic433118.html

Google searches redirect when clicked, address generally changes through an intermediate one to a search on "Get Answers Fast" or "Easy A-Z" for whatever I'd searched for on Google.

Have tried the free versions of the following products in accordance with the advice on the self-help pages here, but nothing has detected/stopped this problem:
Housecall
Dr.Web CureIt
Malwarebytes Anti Malware
SUPERAntiSpyware

I also have Microsoft Security Essentials as my normal protection.

DDS log is below and "Attach" file attached, no GMER log as the instructions said not to bother if running 64 bit windows, which I think I am.

Thanks in advance for your time and help!


DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by DELL at 8:22:18 on 2011-12-20
.
============== Running Processes ===============
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Users\DELL\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{07079914-08D8-4076-AA00-592EEC9593AD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{07079914-08D8-4076-AA00-592EEC9593AD}\255616C602D4564716C6027457E637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{07079914-08D8-4076-AA00-592EEC9593AD}\35B4958353534323 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{07079914-08D8-4076-AA00-592EEC9593AD}\A46245 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C2D2D40C-1253-4FED-A4A2-663F546D374B} : DhcpNameServer = 192.168.16.20 192.168.15.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\yxytrmur.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\DELL\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\DELL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\DELL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;Bing Bar Update Service
R? cpuz130;cpuz130
R? ENTECH64;ENTECH64
R? MpNWMon;Microsoft Malware Protection Network Driver
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? TurboBoost;TurboBoost
R? WatAdminSvc;Windows Activation Technologies Service
S? !SASCORE;SAS Core Service
S? Acceler;Accelerometer Service
S? AMD External Events Utility;AMD External Events Utility
S? BBUpdate;BBUpdate
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? DockLoginService;Dock Login Service
S? MpFilter;Microsoft Malware Protection Driver
S? O2MDGRDR;O2MDGRDR
S? PxHlpa64;PxHlpa64
S? RTL8167;Realtek 8167 NT Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SftService;SoftThinks Agent Service
S? TurboB;Turbo Boost UI Monitor driver
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2011-12-20 08:20:25 -------- d-s---w- C:\ComboFix
2011-12-20 07:49:57 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B9C5398-5F9F-4001-B438-49A0C4141797}\offreg.dll
2011-12-19 08:37:16 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B9C5398-5F9F-4001-B438-49A0C4141797}\mpengine.dll
2011-12-17 18:35:47 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-17 12:37:42 -------- d-----w- C:\Users\DELL\DoctorWeb
2011-12-17 10:38:21 -------- d-----w- C:\Users\DELL\AppData\Roaming\SUPERAntiSpyware.com
2011-12-17 10:37:42 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-17 10:37:42 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-17 07:58:41 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-17 07:58:41 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-17 07:58:40 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-12-17 07:58:39 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-17 07:58:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-17 07:58:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-28 08:34:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-27 20:26:38 -------- d-----w- C:\ProgramData\AVAST Software
2011-11-27 20:26:38 -------- d-----w- C:\Program Files\AVAST Software
2011-11-27 16:25:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-26 18:35:46 -------- d-----w- C:\Windows\System32\SPReview
2011-11-21 16:13:19 -------- d-----w- C:\Windows\SysWow64\wbem\Logs
2011-11-21 13:57:16 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-11-21 13:36:46 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-21 08:45:38 -------- d-----w- C:\Users\DELL\My Backup Files
.
==================== Find3M ====================
.
2011-11-26 22:16:13 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-11-26 22:16:12 175104 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-22 12:02:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 13:57:16 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 8:29:51.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 24 December 2011 - 08:35 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Badger17

Badger17
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 25 December 2011 - 07:22 AM

Gringo,

Thanks for taking the time to help me. I've run ComboFix, no issues running it but the google redirect is still happening now. Log file is below.



ComboFix 11-12-24.10 - DELL 25/12/2011 11:03:29.7.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4084.2780 [GMT 0:00]
Running from: c:\users\DELL\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 11:34 . 2011-12-25 11:34 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A44BFFB9-FAFE-4BCA-8DC4-D06E1CB4C9F6}\offreg.dll
2011-12-25 11:31 . 2011-12-25 11:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-25 11:31 . 2011-12-25 11:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-24 08:48 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A44BFFB9-FAFE-4BCA-8DC4-D06E1CB4C9F6}\mpengine.dll
2011-12-17 16:30 . 2011-11-21 04:21 713592 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2011-12-17 12:37 . 2011-12-17 12:56 -------- d-----w- c:\users\DELL\DoctorWeb
2011-12-17 10:38 . 2011-12-17 10:38 -------- d-----w- c:\users\DELL\AppData\Roaming\SUPERAntiSpyware.com
2011-12-17 10:37 . 2011-12-17 10:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-17 10:37 . 2011-12-17 10:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-17 07:58 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-17 07:58 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-17 07:58 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 07:58 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-17 07:58 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-17 07:58 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-28 08:34 . 2011-11-28 08:34 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-27 20:28 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-27 20:26 . 2011-11-28 08:17 -------- d-----w- c:\programdata\AVAST Software
2011-11-27 20:26 . 2011-11-27 20:26 -------- d-----w- c:\program files\AVAST Software
2011-11-27 16:25 . 2011-12-19 00:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-26 18:35 . 2011-11-26 18:35 -------- d-----w- c:\windows\system32\SPReview
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 22:16 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-26 22:16 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2011-11-22 12:02 . 2011-06-20 05:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 13:58 . 2011-11-21 13:58 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-21 13:58 . 2011-11-21 13:58 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-21 13:58 . 2011-11-21 13:58 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-21 13:58 . 2011-11-21 13:58 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-21 13:58 . 2011-11-21 13:58 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-21 13:58 . 2011-11-21 13:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-21 13:58 . 2011-11-21 13:58 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-21 13:58 . 2011-11-21 13:58 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-21 13:58 . 2011-11-21 13:58 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-21 13:58 . 2011-11-21 13:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-21 13:58 . 2011-11-21 13:58 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-21 13:58 . 2011-11-21 13:58 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-21 13:58 . 2011-11-21 13:58 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-21 13:58 . 2011-11-21 13:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-21 13:58 . 2011-11-21 13:58 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-21 13:58 . 2011-11-21 13:58 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-21 13:58 . 2011-11-21 13:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-21 13:58 . 2011-11-21 13:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-21 13:58 . 2011-11-21 13:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-21 13:58 . 2011-11-21 13:58 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-21 13:58 . 2011-11-21 13:58 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-21 13:58 . 2011-11-21 13:58 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-21 13:58 . 2011-11-21 13:58 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-21 13:58 . 2011-11-21 13:58 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-21 13:58 . 2011-11-21 13:58 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-21 13:58 . 2011-11-21 13:58 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-21 13:58 . 2011-11-21 13:58 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-21 13:58 . 2011-11-21 13:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-21 13:58 . 2011-11-21 13:58 448512 ----a-w- c:\windows\system32\html.iec
2011-11-21 13:58 . 2011-11-21 13:58 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-21 13:58 . 2011-11-21 13:58 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-21 13:58 . 2011-11-21 13:58 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-21 13:58 . 2011-11-21 13:58 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-21 13:58 . 2011-11-21 13:58 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-21 13:57 . 2011-11-21 13:57 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-11-21 13:57 . 2011-11-21 13:57 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-21 13:57 . 2011-11-21 13:57 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-11-21 13:57 . 2011-11-21 13:57 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-11-21 13:57 . 2011-11-21 13:57 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-11-21 13:57 . 2011-11-21 13:57 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-11-21 13:57 . 2011-11-21 13:57 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-11-21 13:57 . 2011-11-21 13:57 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-11-21 13:57 . 2011-11-21 13:57 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-11-21 13:57 . 2011-11-21 13:57 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-11-21 13:57 . 2011-11-21 13:57 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-11-21 13:57 . 2011-11-21 13:57 144384 ----a-w- c:\windows\system32\cdd.dll
2011-11-21 13:57 . 2011-11-21 13:57 1133568 ----a-w- c:\windows\system32\FntCache.dll
2011-11-21 13:57 . 2011-11-21 13:57 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-11-21 13:57 . 2011-11-21 13:57 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-11-21 13:57 . 2011-11-21 13:57 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-11-21 13:57 . 2011-11-21 13:57 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-11-21 13:57 . 2011-11-21 13:57 4068864 ----a-w- c:\windows\system32\mf.dll
2011-11-21 13:57 . 2011-11-21 13:57 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-11-21 13:57 . 2011-11-21 13:57 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-11-21 13:57 . 2011-11-21 13:57 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-11-21 13:57 . 2011-11-21 13:57 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-11-21 13:57 . 2011-11-21 13:57 206848 ----a-w- c:\windows\system32\mfps.dll
2011-11-21 13:57 . 2011-11-21 13:57 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-11-21 13:57 . 2011-11-21 13:57 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-11-21 13:57 . 2011-11-21 13:57 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-11-21 13:57 . 2011-11-21 13:57 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-11-21 13:57 . 2011-11-21 13:57 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-11-21 13:57 . 2011-11-21 13:57 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-11-21 11:40 . 2011-10-08 12:33 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 18:52 . 2010-03-24 22:19 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-18 18:52 . 2011-11-18 18:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-3\StartResources.dll
2011-11-18 18:52 . 2011-11-18 18:52 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-3\SpotlightResources.dll
2011-10-04 17:22 . 2011-11-18 17:00 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8F82E98-1B58-46CA-A311-7E0C725EB111}\gapaengine.dll
2011-09-29 16:24 . 2011-11-12 13:59 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-25 560128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 cpuz130;cpuz130;c:\users\DELL\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3010165857-3408107639-1201792437-1000Core.job
- c:\users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 09:09]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3010165857-3408107639-1201792437-1000UA.job
- c:\users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 09:09]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\yxytrmur.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-12-25 11:53:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-25 11:53
.
Pre-Run: 416,280,059,904 bytes free
Post-Run: 416,235,970,560 bytes free
.
- - End Of File - - A8B3E2AA248B08EF86E185AE52146C94

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 25 December 2011 - 09:17 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Badger17

Badger17
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 25 December 2011 - 10:18 AM

Don't think it found anything. Google still redirecting. Report below:

14:51:56.0687 5536 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:51:56.0807 5536 ============================================================
14:51:56.0807 5536 Current date / time: 2011/12/25 14:51:56.0807
14:51:56.0807 5536 SystemInfo:
14:51:56.0807 5536
14:51:56.0807 5536 OS Version: 6.1.7600 ServicePack: 0.0
14:51:56.0807 5536 Product type: Workstation
14:51:56.0807 5536 ComputerName: JAMESFORDHAM
14:51:56.0807 5536 UserName: DELL
14:51:56.0807 5536 Windows directory: C:\Windows
14:51:56.0807 5536 System windows directory: C:\Windows
14:51:56.0807 5536 Running under WOW64
14:51:56.0807 5536 Processor architecture: Intel x64
14:51:56.0807 5536 Number of processors: 8
14:51:56.0807 5536 Page size: 0x1000
14:51:56.0807 5536 Boot type: Normal boot
14:51:56.0807 5536 ============================================================
14:51:59.0307 5536 Initialize success
15:08:45.0695 4588 ============================================================
15:08:45.0695 4588 Scan started
15:08:45.0695 4588 Mode: Manual;
15:08:45.0695 4588 ============================================================
15:08:46.0455 4588 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
15:08:46.0455 4588 1394ohci - ok
15:08:46.0495 4588 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
15:08:46.0495 4588 Acceler - ok
15:08:46.0545 4588 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
15:08:46.0545 4588 ACPI - ok
15:08:46.0585 4588 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
15:08:46.0585 4588 AcpiPmi - ok
15:08:46.0635 4588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:08:46.0645 4588 adp94xx - ok
15:08:46.0675 4588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:08:46.0685 4588 adpahci - ok
15:08:46.0715 4588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:08:46.0715 4588 adpu320 - ok
15:08:46.0785 4588 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
15:08:46.0795 4588 AFD - ok
15:08:46.0825 4588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:08:46.0835 4588 agp440 - ok
15:08:46.0875 4588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:08:46.0875 4588 aliide - ok
15:08:46.0915 4588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:08:46.0915 4588 amdide - ok
15:08:46.0935 4588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:08:46.0945 4588 AmdK8 - ok
15:08:46.0965 4588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:08:46.0965 4588 AmdPPM - ok
15:08:47.0015 4588 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
15:08:47.0025 4588 amdsata - ok
15:08:47.0055 4588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:08:47.0055 4588 amdsbs - ok
15:08:47.0075 4588 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
15:08:47.0075 4588 amdxata - ok
15:08:47.0115 4588 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:08:47.0125 4588 AppID - ok
15:08:47.0175 4588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:08:47.0175 4588 arc - ok
15:08:47.0195 4588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:08:47.0205 4588 arcsas - ok
15:08:47.0235 4588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:08:47.0235 4588 AsyncMac - ok
15:08:47.0265 4588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:08:47.0265 4588 atapi - ok
15:08:47.0305 4588 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
15:08:47.0305 4588 AtiHdmiService - ok
15:08:47.0455 4588 atikmdag (74813bcd647b441dc9c9c0db2833781d) C:\Windows\system32\DRIVERS\atikmdag.sys
15:08:47.0585 4588 atikmdag - ok
15:08:47.0625 4588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:08:47.0625 4588 b06bdrv - ok
15:08:47.0685 4588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:08:47.0685 4588 b57nd60a - ok
15:08:47.0765 4588 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
15:08:47.0765 4588 BCM42RLY - ok
15:08:47.0875 4588 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:08:47.0935 4588 BCM43XX - ok
15:08:47.0965 4588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:08:47.0965 4588 Beep - ok
15:08:48.0005 4588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:08:48.0005 4588 blbdrive - ok
15:08:48.0035 4588 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:08:48.0045 4588 bowser - ok
15:08:48.0085 4588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:08:48.0085 4588 BrFiltLo - ok
15:08:48.0105 4588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:08:48.0105 4588 BrFiltUp - ok
15:08:48.0145 4588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:08:48.0145 4588 Brserid - ok
15:08:48.0165 4588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:08:48.0165 4588 BrSerWdm - ok
15:08:48.0195 4588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:08:48.0195 4588 BrUsbMdm - ok
15:08:48.0215 4588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:08:48.0215 4588 BrUsbSer - ok
15:08:48.0245 4588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:08:48.0245 4588 BTHMODEM - ok
15:08:48.0375 4588 catchme - ok
15:08:48.0395 4588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:08:48.0405 4588 cdfs - ok
15:08:48.0455 4588 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:08:48.0465 4588 cdrom - ok
15:08:48.0505 4588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:08:48.0505 4588 circlass - ok
15:08:48.0545 4588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:08:48.0545 4588 CLFS - ok
15:08:48.0585 4588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:08:48.0595 4588 CmBatt - ok
15:08:48.0625 4588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:08:48.0625 4588 cmdide - ok
15:08:48.0695 4588 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:08:48.0715 4588 CNG - ok
15:08:48.0745 4588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:08:48.0745 4588 Compbatt - ok
15:08:48.0795 4588 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
15:08:48.0795 4588 CompositeBus - ok
15:08:48.0895 4588 cpuz130 - ok
15:08:48.0915 4588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:08:48.0925 4588 crcdisk - ok
15:08:48.0965 4588 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:08:48.0975 4588 CtClsFlt - ok
15:08:49.0015 4588 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:08:49.0015 4588 DfsC - ok
15:08:49.0035 4588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:08:49.0045 4588 discache - ok
15:08:49.0085 4588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:08:49.0085 4588 Disk - ok
15:08:49.0155 4588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:08:49.0155 4588 drmkaud - ok
15:08:49.0205 4588 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:08:49.0225 4588 DXGKrnl - ok
15:08:49.0315 4588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:08:49.0385 4588 ebdrv - ok
15:08:49.0445 4588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:08:49.0455 4588 elxstor - ok
15:08:49.0495 4588 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
15:08:49.0515 4588 ENTECH64 - ok
15:08:49.0605 4588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:08:49.0615 4588 ErrDev - ok
15:08:49.0665 4588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:08:49.0665 4588 exfat - ok
15:08:49.0695 4588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:08:49.0695 4588 fastfat - ok
15:08:49.0725 4588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:08:49.0725 4588 fdc - ok
15:08:49.0765 4588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:08:49.0765 4588 FileInfo - ok
15:08:49.0785 4588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:08:49.0785 4588 Filetrace - ok
15:08:49.0805 4588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:08:49.0815 4588 flpydisk - ok
15:08:49.0865 4588 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:08:49.0865 4588 FltMgr - ok
15:08:49.0905 4588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:08:49.0905 4588 FsDepends - ok
15:08:49.0925 4588 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:08:49.0925 4588 Fs_Rec - ok
15:08:49.0945 4588 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
15:08:49.0945 4588 fvevol - ok
15:08:49.0965 4588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:08:49.0975 4588 gagp30kx - ok
15:08:50.0015 4588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:08:50.0025 4588 hcw85cir - ok
15:08:50.0075 4588 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
15:08:50.0085 4588 HDAudBus - ok
15:08:50.0105 4588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:08:50.0115 4588 HidBatt - ok
15:08:50.0125 4588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:08:50.0135 4588 HidBth - ok
15:08:50.0165 4588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:08:50.0165 4588 HidIr - ok
15:08:50.0215 4588 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
15:08:50.0225 4588 HidUsb - ok
15:08:50.0275 4588 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
15:08:50.0275 4588 HpSAMD - ok
15:08:50.0325 4588 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:08:50.0345 4588 HTTP - ok
15:08:50.0365 4588 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:08:50.0375 4588 hwpolicy - ok
15:08:50.0415 4588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:08:50.0415 4588 i8042prt - ok
15:08:50.0465 4588 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
15:08:50.0475 4588 iaStorV - ok
15:08:50.0515 4588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:08:50.0515 4588 iirsp - ok
15:08:50.0555 4588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:08:50.0565 4588 intelide - ok
15:08:50.0595 4588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:08:50.0595 4588 intelppm - ok
15:08:50.0635 4588 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:08:50.0645 4588 IpFilterDriver - ok
15:08:50.0685 4588 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
15:08:50.0695 4588 IPMIDRV - ok
15:08:50.0715 4588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:08:50.0725 4588 IPNAT - ok
15:08:50.0745 4588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:08:50.0745 4588 IRENUM - ok
15:08:50.0785 4588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:08:50.0785 4588 isapnp - ok
15:08:50.0815 4588 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
15:08:50.0815 4588 iScsiPrt - ok
15:08:50.0845 4588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:08:50.0855 4588 kbdclass - ok
15:08:50.0905 4588 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
15:08:50.0905 4588 kbdhid - ok
15:08:50.0955 4588 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:08:50.0955 4588 KSecDD - ok
15:08:50.0995 4588 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
15:08:50.0995 4588 KSecPkg - ok
15:08:51.0015 4588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:08:51.0015 4588 ksthunk - ok
15:08:51.0075 4588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:08:51.0085 4588 lltdio - ok
15:08:51.0125 4588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:08:51.0125 4588 LSI_FC - ok
15:08:51.0145 4588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:08:51.0155 4588 LSI_SAS - ok
15:08:51.0175 4588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:08:51.0175 4588 LSI_SAS2 - ok
15:08:51.0195 4588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:08:51.0205 4588 LSI_SCSI - ok
15:08:51.0225 4588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:08:51.0225 4588 luafv - ok
15:08:51.0255 4588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:08:51.0255 4588 megasas - ok
15:08:51.0285 4588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:08:51.0295 4588 MegaSR - ok
15:08:51.0315 4588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:08:51.0315 4588 Modem - ok
15:08:51.0345 4588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:08:51.0345 4588 monitor - ok
15:08:51.0385 4588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:08:51.0395 4588 mouclass - ok
15:08:51.0425 4588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:08:51.0425 4588 mouhid - ok
15:08:51.0445 4588 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:08:51.0445 4588 mountmgr - ok
15:08:51.0495 4588 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:08:51.0505 4588 MpFilter - ok
15:08:51.0555 4588 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
15:08:51.0555 4588 mpio - ok
15:08:51.0655 4588 MpKsl6197af04 (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5EA9612-0BFD-4442-B51C-96FF429C2C8E}\MpKsl6197af04.sys
15:08:51.0655 4588 MpKsl6197af04 - ok
15:08:51.0675 4588 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:08:51.0675 4588 MpNWMon - ok
15:08:51.0705 4588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:08:51.0715 4588 mpsdrv - ok
15:08:51.0755 4588 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:08:51.0755 4588 MRxDAV - ok
15:08:51.0795 4588 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:08:51.0795 4588 mrxsmb - ok
15:08:51.0845 4588 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:08:51.0855 4588 mrxsmb10 - ok
15:08:51.0875 4588 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:08:51.0875 4588 mrxsmb20 - ok
15:08:51.0915 4588 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
15:08:51.0915 4588 msahci - ok
15:08:51.0975 4588 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
15:08:51.0975 4588 msdsm - ok
15:08:52.0005 4588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:08:52.0005 4588 Msfs - ok
15:08:52.0035 4588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:08:52.0035 4588 mshidkmdf - ok
15:08:52.0075 4588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:08:52.0075 4588 msisadrv - ok
15:08:52.0115 4588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:08:52.0115 4588 MSKSSRV - ok
15:08:52.0145 4588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:08:52.0145 4588 MSPCLOCK - ok
15:08:52.0175 4588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:08:52.0175 4588 MSPQM - ok
15:08:52.0205 4588 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:08:52.0215 4588 MsRPC - ok
15:08:52.0285 4588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:08:52.0285 4588 mssmbios - ok
15:08:52.0325 4588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:08:52.0325 4588 MSTEE - ok
15:08:52.0345 4588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:08:52.0345 4588 MTConfig - ok
15:08:52.0375 4588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:08:52.0375 4588 Mup - ok
15:08:52.0425 4588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:08:52.0435 4588 NativeWifiP - ok
15:08:52.0495 4588 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:08:52.0525 4588 NDIS - ok
15:08:52.0545 4588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:08:52.0555 4588 NdisCap - ok
15:08:52.0585 4588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:08:52.0585 4588 NdisTapi - ok
15:08:52.0615 4588 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:08:52.0615 4588 Ndisuio - ok
15:08:52.0635 4588 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:08:52.0645 4588 NdisWan - ok
15:08:52.0655 4588 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:08:52.0665 4588 NDProxy - ok
15:08:52.0685 4588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:08:52.0685 4588 NetBIOS - ok
15:08:52.0715 4588 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:08:52.0725 4588 NetBT - ok
15:08:52.0775 4588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:08:52.0775 4588 nfrd960 - ok
15:08:52.0825 4588 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:08:52.0835 4588 NisDrv - ok
15:08:52.0865 4588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:08:52.0865 4588 Npfs - ok
15:08:52.0885 4588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:08:52.0885 4588 nsiproxy - ok
15:08:52.0945 4588 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
15:08:52.0985 4588 Ntfs - ok
15:08:53.0005 4588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:08:53.0005 4588 Null - ok
15:08:53.0055 4588 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
15:08:53.0055 4588 nvraid - ok
15:08:53.0105 4588 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
15:08:53.0115 4588 nvstor - ok
15:08:53.0155 4588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:08:53.0155 4588 nv_agp - ok
15:08:53.0215 4588 O2MDGRDR (1b2e099223f16aab166e9602f7a5ecd4) C:\Windows\system32\DRIVERS\o2mdgx64.sys
15:08:53.0215 4588 O2MDGRDR - ok
15:08:53.0255 4588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:08:53.0265 4588 ohci1394 - ok
15:08:53.0325 4588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:08:53.0325 4588 Parport - ok
15:08:53.0355 4588 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:08:53.0355 4588 partmgr - ok
15:08:53.0405 4588 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
15:08:53.0405 4588 pci - ok
15:08:53.0435 4588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:08:53.0435 4588 pciide - ok
15:08:53.0455 4588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:08:53.0465 4588 pcmcia - ok
15:08:53.0485 4588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:08:53.0495 4588 pcw - ok
15:08:53.0525 4588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:08:53.0545 4588 PEAUTH - ok
15:08:53.0635 4588 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:08:53.0635 4588 PptpMiniport - ok
15:08:53.0655 4588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:08:53.0665 4588 Processor - ok
15:08:53.0695 4588 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:08:53.0705 4588 Psched - ok
15:08:53.0755 4588 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:08:53.0755 4588 PxHlpa64 - ok
15:08:53.0825 4588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:08:53.0865 4588 ql2300 - ok
15:08:53.0895 4588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:08:53.0895 4588 ql40xx - ok
15:08:53.0925 4588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:08:53.0925 4588 QWAVEdrv - ok
15:08:53.0965 4588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:08:53.0965 4588 RasAcd - ok
15:08:54.0005 4588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:08:54.0005 4588 RasAgileVpn - ok
15:08:54.0035 4588 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:08:54.0045 4588 Rasl2tp - ok
15:08:54.0075 4588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:08:54.0085 4588 RasPppoe - ok
15:08:54.0115 4588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:08:54.0115 4588 RasSstp - ok
15:08:54.0145 4588 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:08:54.0155 4588 rdbss - ok
15:08:54.0175 4588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:08:54.0175 4588 rdpbus - ok
15:08:54.0205 4588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:08:54.0205 4588 RDPCDD - ok
15:08:54.0235 4588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:08:54.0235 4588 RDPENCDD - ok
15:08:54.0255 4588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:08:54.0265 4588 RDPREFMP - ok
15:08:54.0285 4588 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:08:54.0295 4588 RDPWD - ok
15:08:54.0325 4588 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:08:54.0325 4588 rdyboost - ok
15:08:54.0365 4588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:08:54.0365 4588 rspndr - ok
15:08:54.0405 4588 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:08:54.0405 4588 RTL8167 - ok
15:08:54.0485 4588 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:08:54.0485 4588 SASDIFSV - ok
15:08:54.0515 4588 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:08:54.0515 4588 SASKUTIL - ok
15:08:54.0545 4588 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
15:08:54.0555 4588 sbp2port - ok
15:08:54.0595 4588 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:08:54.0595 4588 scfilter - ok
15:08:54.0655 4588 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\drivers\sdbus.sys
15:08:54.0655 4588 sdbus - ok
15:08:54.0695 4588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:08:54.0695 4588 secdrv - ok
15:08:54.0745 4588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:08:54.0745 4588 Serenum - ok
15:08:54.0785 4588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:08:54.0785 4588 Serial - ok
15:08:54.0815 4588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:08:54.0825 4588 sermouse - ok
15:08:54.0865 4588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:08:54.0865 4588 sffdisk - ok
15:08:54.0885 4588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:08:54.0885 4588 sffp_mmc - ok
15:08:54.0905 4588 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys
15:08:54.0905 4588 sffp_sd - ok
15:08:54.0945 4588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:08:54.0945 4588 sfloppy - ok
15:08:54.0995 4588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:08:55.0005 4588 SiSRaid2 - ok
15:08:55.0025 4588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:08:55.0035 4588 SiSRaid4 - ok
15:08:55.0055 4588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:08:55.0065 4588 Smb - ok
15:08:55.0095 4588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:08:55.0105 4588 spldr - ok
15:08:55.0165 4588 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:08:55.0185 4588 srv - ok
15:08:55.0215 4588 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:08:55.0215 4588 srv2 - ok
15:08:55.0245 4588 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:08:55.0255 4588 srvnet - ok
15:08:55.0295 4588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:08:55.0305 4588 stexstor - ok
15:08:55.0345 4588 STHDA (c79f5cbc47b19a068d8936df8332e3e6) C:\Windows\system32\DRIVERS\stwrt64.sys
15:08:55.0365 4588 STHDA - ok
15:08:55.0415 4588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:08:55.0415 4588 swenum - ok
15:08:55.0455 4588 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
15:08:55.0455 4588 SynTP - ok
15:08:55.0575 4588 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:08:55.0605 4588 Tcpip - ok
15:08:55.0665 4588 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:08:55.0675 4588 TCPIP6 - ok
15:08:55.0715 4588 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:08:55.0715 4588 tcpipreg - ok
15:08:55.0735 4588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:08:55.0735 4588 TDPIPE - ok
15:08:55.0765 4588 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:08:55.0765 4588 TDTCP - ok
15:08:55.0785 4588 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:08:55.0795 4588 tdx - ok
15:08:55.0835 4588 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
15:08:55.0835 4588 TermDD - ok
15:08:55.0895 4588 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:08:55.0905 4588 tssecsrv - ok
15:08:55.0945 4588 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:08:55.0945 4588 tunnel - ok
15:08:55.0985 4588 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
15:08:56.0005 4588 TurboB - ok
15:08:56.0035 4588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:08:56.0035 4588 uagp35 - ok
15:08:56.0065 4588 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:08:56.0075 4588 udfs - ok
15:08:56.0135 4588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:08:56.0135 4588 uliagpkx - ok
15:08:56.0175 4588 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
15:08:56.0175 4588 umbus - ok
15:08:56.0205 4588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:08:56.0205 4588 UmPass - ok
15:08:56.0245 4588 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\drivers\usbccgp.sys
15:08:56.0245 4588 usbccgp - ok
15:08:56.0295 4588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:08:56.0295 4588 usbcir - ok
15:08:56.0335 4588 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
15:08:56.0335 4588 usbehci - ok
15:08:56.0375 4588 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
15:08:56.0385 4588 usbhub - ok
15:08:56.0405 4588 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
15:08:56.0405 4588 usbohci - ok
15:08:56.0425 4588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:08:56.0435 4588 usbprint - ok
15:08:56.0475 4588 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:08:56.0475 4588 USBSTOR - ok
15:08:56.0495 4588 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
15:08:56.0505 4588 usbuhci - ok
15:08:56.0565 4588 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\System32\Drivers\usbvideo.sys
15:08:56.0575 4588 usbvideo - ok
15:08:56.0615 4588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:08:56.0615 4588 vdrvroot - ok
15:08:56.0655 4588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:08:56.0655 4588 vga - ok
15:08:56.0675 4588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:08:56.0685 4588 VgaSave - ok
15:08:56.0705 4588 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
15:08:56.0715 4588 vhdmp - ok
15:08:56.0755 4588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:08:56.0765 4588 viaide - ok
15:08:56.0815 4588 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
15:08:56.0825 4588 volmgr - ok
15:08:56.0855 4588 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:08:56.0865 4588 volmgrx - ok
15:08:56.0895 4588 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
15:08:56.0905 4588 volsnap - ok
15:08:56.0935 4588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:08:56.0935 4588 vsmraid - ok
15:08:56.0965 4588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:08:56.0975 4588 vwifibus - ok
15:08:57.0005 4588 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:08:57.0005 4588 vwififlt - ok
15:08:57.0035 4588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:08:57.0035 4588 WacomPen - ok
15:08:57.0075 4588 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:08:57.0075 4588 WANARP - ok
15:08:57.0095 4588 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:08:57.0095 4588 Wanarpv6 - ok
15:08:57.0155 4588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:08:57.0155 4588 Wd - ok
15:08:57.0195 4588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:08:57.0225 4588 Wdf01000 - ok
15:08:57.0275 4588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:08:57.0275 4588 WfpLwf - ok
15:08:57.0305 4588 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:08:57.0305 4588 WimFltr - ok
15:08:57.0335 4588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:08:57.0335 4588 WIMMount - ok
15:08:57.0405 4588 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:08:57.0405 4588 WinUsb - ok
15:08:57.0465 4588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:08:57.0465 4588 WmiAcpi - ok
15:08:57.0515 4588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:08:57.0515 4588 ws2ifsl - ok
15:08:57.0545 4588 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:08:57.0545 4588 WudfPf - ok
15:08:57.0575 4588 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:08:57.0575 4588 WUDFRd - ok
15:08:57.0625 4588 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:08:57.0695 4588 \Device\Harddisk0\DR0 - ok
15:08:57.0695 4588 Boot (0x1200) (1a8696c67b754625a98970190581a51f) \Device\Harddisk0\DR0\Partition0
15:08:57.0705 4588 \Device\Harddisk0\DR0\Partition0 - ok
15:08:57.0715 4588 Boot (0x1200) (5eda801ec6de65cf567d70b70bc776f5) \Device\Harddisk0\DR0\Partition1
15:08:57.0715 4588 \Device\Harddisk0\DR0\Partition1 - ok
15:08:57.0715 4588 ============================================================
15:08:57.0715 4588 Scan finished
15:08:57.0715 4588 ============================================================
15:08:57.0725 5600 Detected object count: 0
15:08:57.0725 5600 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 25 December 2011 - 02:39 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Badger17

Badger17
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 25 December 2011 - 03:25 PM

OK, so that was a bit more eventful, but probably all my fault...

Went to run aswMBR, first time I ran it lots of red came up on the screen, at about the same time as my Microsoft Security Essentials popped up saying it had detected a threat. Thought that maybe MSE was interfering with aswMBR like it says it can with ComboFix, so turned MSE off and started aswMBR again. Ran ok, saved the log as instructed, then as I did so I got a full screen saying something about the police detecting my computer being used for illegal purposes and demanding payment of a fine to unlock my computer. Figured that must be malware, control-alt-delete didn't give me the option of task manager, tried logging off then back in again, still had the screen, then finally two attempts of powering it off then on again and finally I could click on the start menu and turn on MSE again. Little bit emotional!

Anyway, the log is posted below, although this was obviously from before any of the symptoms showed of the police fine demand thing happening. Google still redirecting too!


aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-25 20:04:43
-----------------------------
20:04:43.416 OS Version: Windows x64 6.1.7600
20:04:43.416 Number of processors: 8 586 0x1E05
20:04:43.416 ComputerName: JAMESFORDHAM UserName: DELL
20:04:45.054 Initialize success
20:04:47.862 AVAST engine defs: 11122501
20:04:52.043 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:04:52.058 Disk 0 Vendor: ST9500420AS 0004SDM1 Size: 476940MB BusType: 11
20:04:54.227 Disk 0 MBR read successfully
20:04:54.242 Disk 0 MBR scan
20:04:54.242 Disk 0 Windows VISTA default MBR code
20:04:54.258 Disk 0 MBR hidden
20:04:54.258 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:04:54.274 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
20:04:54.305 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
20:04:54.336 Disk 0 Partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 0 MB offset 976771120
20:04:54.352 Disk 0 Partition 4 **INFECTED** MBR:Alureon-K [Rtk]
20:04:54.367 Service scanning
20:04:55.038 Service MpKsl6197af04 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5EA9612-0BFD-4442-B51C-96FF429C2C8E}\MpKsl6197af04.sys **LOCKED** 32
20:04:55.054 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:04:55.631 Modules scanning
20:04:55.631 Disk 0 trace - called modules:
20:04:55.678 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004e01334]<<
20:04:55.693 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dee060]
20:04:55.693 3 CLASSPNP.SYS[fffff8800190143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b12060]
20:04:55.709 \Driver\atapi[0xfffffa8004ad6410] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004e01334
20:04:56.879 AVAST engine scan C:\Windows
20:04:59.952 AVAST engine scan C:\Windows\system32
20:06:29.059 AVAST engine scan C:\Windows\system32\drivers
20:06:40.198 AVAST engine scan C:\Users\DELL
20:07:07.529 Disk 0 MBR has been saved successfully to "C:\Users\DELL\Desktop\MBR.dat"
20:07:07.545 The log file has been saved successfully to "C:\Users\DELL\Desktop\aswMBRlog.txt"

#8 Badger17

Badger17
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 25 December 2011 - 03:35 PM

OK, MSE is now saying it's detected 7 potential threats and is asking for my permission to Remove/Disinfect them as appropriate. Are you happy for me to go ahead and do this? Can supply more details if you want, but sadly it doesn't seem to let me copy-paste the details so can't do it so easily.

#9 Badger17

Badger17
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 25 December 2011 - 03:47 PM

Sorry to keep adding small messages... I think MSE just decided on its own to deal with those threats, as all bar one of them now say "Disinfected" or "Removed". The only one that doesn't is "Trojan:DOS/Alureon.E" which it says was "Allowed". I didn't do that but the time correlates with when I turned MSE off to run aswMBR. Sorry!

Thanks for your patience in bearing with me on this!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 25 December 2011 - 06:06 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Badger17

Badger17
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 25 December 2011 - 07:57 PM

fixTDSS said it found an infection and successfully fixed it. On restarting my computer, windows won't boot. Gives me the option of trying to boot normally, which fails, or entering startup repair. The latter then gives me the option of system restore - guessing that would be bad as the infection would still be on the computer, so haven't used it yet. System restore then tries to fix my computer for ages but eventually dies, saying it has shut down to prevent system damage. "Technical information: *** Stop: 0x0000001E (0x0000000000000000, 0x0000000000000000, 0x000000000000000, 0x000000000000000)". Writing this from my phone!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 25 December 2011 - 08:34 PM

Hello


during start up I want you to press F10 and tell me what you see



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Badger17

Badger17
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 26 December 2011 - 04:44 AM

Sorry for the slow reply. Left the automatic repair thing running overnight, still couldn't fix it, have the problem details it supplied if you want them.

Anyway, pressed F10 during startup as instructed and I see:

Edit boot options for: Windows 7
Path: \Windows\system32\winload.exe
Partition: 3
Hard Disk: 1d420b36

[ /NOEXECUTE=OPTIN /MININT ]

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 26 December 2011 - 11:38 AM

Hello


boot into f10 again - remove this /MININT

let the computer start up and when you get into windows

press the start orb

in the search field type CMD

right click on CMD and select run as admin

copy and paste the following into the window

bcdedit /set {current} winpe no

press enter


restart the computer and let me know if its boots normally

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Badger17

Badger17
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 26 December 2011 - 12:14 PM

You're a genius! I didn't even know that deleting just those few letters would let it boot. I've done what you instructed, booted normally on the restart except for one thing - I got an error box saying "RunDLL There was a problem starting C:\Users\DELL\AppData\Local\Temp\0.06562555987251806.exe Access is denied." Guessing that doesn't matter but thought I'd tell you anyway!

Not going to touch anything else until you tell me it's ok! Thankyou so much for all your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users