Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect problems still affecting me after removing what I think was System Check


  • Please log in to reply
9 replies to this topic

#1 dryates

dryates

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 06 January 2012 - 08:46 PM

I recently found myself with a compromised system on which all the desktop icons and start menu items where hidden from view, and my browser started redirecting me away from sites like this one.

After looking up the problem here, I traced it to the System Check rogue. I had seen a window pop up while browsing and assumed that I avoided it as I've avoided all such scams, but I must have clicked an x or cancel button that was disguised.

As recommended, I installed and ran Malwarebyte's Anti-Malware, and I also used RKILL and TDSSKILLER to try to get deeper at the root of the problem. After some trouble running them, I finally seemed to have success and everything ran as it should.

What I'm still left with, though, is a pesky redirect issue that points me from Google search results to websites like

http://schoonerinator.com/go.php?id=65bf9c9237141bffa6c6e18bfdbbc5b5&aid=589&said=direct&lastpage=BxsbH1VAQBgYGEEIAAAIAwpBDA5AHAoOHQwHUBwMAwYKARtSHxwWQg4NSQcDUgoBSRwGGwpSSRwAGh0MClIHH0keUhwWHBsKAkQMBwoMBEkNGwEoUjwKDh0MBw%3D%3D
http://schoonerinator.com/go.php?id=bae5b88d54ae82d655cc8acba48ee090&aid=589&said=direct&lastpage=BxsbH1VAQBgYGEEIAAAIAwpBDA5AHAoOHQwHUBwMAwYKARtSHxwWQg4NSQcDUgoBSRwAGh0MClIHH0keUh0EBgMDCh1JDRsBKFI8Cg4dDAc%3D
http://momsteachdaughter.com

I can eventually reach the websites after going back and forward a few times.

I'm running Vista Windows Ultimate. Not sure what else to include at this point.

I have no other idea about what to do. I have looked at my hosts file and it doesn't include anything out of the ordinary.

Any suggestions?

David

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 06 January 2012 - 09:00 PM

Hello and welcome, please do these.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please post the TDss log.. By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 19 January 2012 - 03:06 PM

Thank you so much! I'd missed this because I neglected to check the email notification box.

I'm working through all the steps suggested right now.

Update soon.

-David

#4 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 19 January 2012 - 03:09 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by David (administrator) on 19-01-2012 at 12:02:53
Microsoft® Windows Vista™ Ultimate (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com

There are 2 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

TP-LINK 150Mbps Wireless Lite N Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set interface luid=loopback_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_2 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_1 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_4 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=wireless_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Vagabond
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : vc.shawcable.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : vc.shawcable.net
Description . . . . . . . . . . . : TP-LINK 150Mbps Wireless Lite N Adapter
Physical Address. . . . . . . . . : 00-27-19-F6-3B-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:1853:a75f:1234:11f3:6ae:f445:385(Preferred)
Temporary IPv6 Address. . . . . . : 2002:1853:a75f:1234:c8fc:9c83:38ea:3892(Preferred)
Link-local IPv6 Address . . . . . : fe80::11f3:6ae:f445:385%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 19, 2012 11:17:22 AM
Lease Expires . . . . . . . . . . : Friday, January 20, 2012 11:17:22 AM
Default Gateway . . . . . . . . . : fe80::200:ff:fe00:0%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 64.59.144.90
64.59.144.91
64.59.150.134
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-22-15-24-2C-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{27F5DC7D-0F1D-4200-BB4B-78674E0342B0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:182e:97f:3f57:fe99(Preferred)
Link-local IPv6 Address . . . . . : fe80::182e:97f:3f57:fe99%9(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . : vc.shawcable.net
Description . . . . . . . . . . . : isatap.vc.shawcable.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.102%11(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 64.59.144.90
64.59.144.91
64.59.150.134
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: pd2nsc1.st.vc.shawcable.net
Address: 64.59.144.90:53

Name: google.com
Addresses: 74.125.53.104, 74.125.53.106, 74.125.53.147, 74.125.53.103
74.125.53.105, 74.125.53.99



Pinging google.com [74.125.53.104] with 32 bytes of data:



Reply from 74.125.53.104: bytes=32 time=22ms TTL=53

Reply from 74.125.53.104: bytes=32 time=21ms TTL=53



Ping statistics for 74.125.53.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 22ms, Average = 21ms

Server: pd2nsc1.st.vc.shawcable.net
Address: 64.59.144.90:53

Name: yahoo.com
Addresses: 98.137.149.56, 72.30.2.43, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=86ms TTL=52

Reply from 209.191.122.70: bytes=32 time=92ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 86ms, Maximum = 92ms, Average = 89ms

Server: pd2nsc1.st.vc.shawcable.net
Address: 64.59.144.90:53

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 27 19 f6 3b cf ...... TP-LINK 150Mbps Wireless Lite N Adapter
8 ...00 22 15 24 2c f0 ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{27F5DC7D-0F1D-4200-BB4B-78674E0342B0}
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
11 ...00 00 00 00 00 00 00 e0 isatap.vc.shawcable.net
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 281 ::/0 fe80::200:ff:fe00:0
1 306 ::1/128 On-link
9 18 2001::/32 On-link
9 266 2001:0:5ef5:79fd:182e:97f:3f57:fe99/128
On-link
10 33 2002:1853:a75f:1234::/64 On-link
10 281 2002:1853:a75f:1234:11f3:6ae:f445:385/128
On-link
10 281 2002:1853:a75f:1234:c8fc:9c83:38ea:3892/128
On-link
10 281 fe80::/64 On-link
9 266 fe80::/64 On-link
11 286 fe80::5efe:192.168.1.102/128
On-link
10 281 fe80::11f3:6ae:f445:385/128
On-link
9 266 fe80::182e:97f:3f57:fe99/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [227328] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [61952] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [78336] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [78336] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [309248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/19/2012 11:40:39 AM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 9.0.1.4371, time stamp 0x4ef15e74, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000417, fault offset 0x001de1fd,
process id 0xc84, application start time 0xfirefox.exe0.

Error: (01/19/2012 11:10:57 AM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 9.0.1.4371, time stamp 0x4ef15e74, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000417, fault offset 0x004ce1fd,
process id 0xbd8, application start time 0xfirefox.exe0.

Error: (01/19/2012 11:05:44 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4d334d98, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000417, fault offset 0x009be1fd,
process id 0xff4, application start time 0xiexplore.exe0.

Error: (01/19/2012 11:05:20 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 2.3.7.192, time stamp 0x4a1c1d44, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000417, fault offset 0x0244e1fd,
process id 0x2a0, application start time 0xiexplore.exe0.

Error: (01/19/2012 11:05:05 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 2.3.7.192, time stamp 0x4a1c1d44, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000417, fault offset 0x003ce1fd,
process id 0xe38, application start time 0xiexplore.exe0.

Error: (01/19/2012 11:03:42 AM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 9.0.1.4371, time stamp 0x4ef15e74, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000417, fault offset 0x0014e1fd,
process id 0x27c, application start time 0xfirefox.exe0.

Error: (01/19/2012 10:47:59 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.16982, time stamp 0x4b2b5bdb, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000417, fault offset 0x0000000000ab1e10,
process id 0x608, application start time 0xiexplore.exe0.

Error: (01/19/2012 10:40:09 AM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 9.0.1.4371, time stamp 0x4ef15e74, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000417, fault offset 0x006fe1fd,
process id 0xf74, application start time 0xfirefox.exe0.

Error: (01/19/2012 10:30:34 AM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 9.0.1.4371, time stamp 0x4ef15e74, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000417, fault offset 0x007ae1fd,
process id 0xfc8, application start time 0xfirefox.exe0.

Error: (01/19/2012 10:25:04 AM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 9.0.1.4371, time stamp 0x4ef15e74, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000417, fault offset 0x00bde1fd,
process id 0xf7c, application start time 0xfirefox.exe0.


System errors:
=============
Error: (01/19/2012 11:38:14 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (01/19/2012 11:24:47 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (01/19/2012 11:19:10 AM) (Source: DCOM) (User: LOCAL SERVICE)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (01/19/2012 11:18:05 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (01/19/2012 11:17:14 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (01/19/2012 11:17:14 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (01/19/2012 11:16:11 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/19/2012 11:04:49 AM) (Source: DCOM) (User: LOCAL SERVICE)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (01/19/2012 11:04:32 AM) (Source: Service Control Manager) (User: )
Description: Beep
cdrom

Error: (01/19/2012 11:04:04 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (01/19/2012 11:40:39 AM) (Source: Application Error)(User: )
Description: firefox.exe9.0.1.43714ef15e74unknown0.0.0.000000000c0000417001de1fdc8401ccd6e238f13158

Error: (01/19/2012 11:10:57 AM) (Source: Application Error)(User: )
Description: firefox.exe9.0.1.43714ef15e74unknown0.0.0.000000000c0000417004ce1fdbd801ccd6de12b02ddb

Error: (01/19/2012 11:05:44 AM) (Source: Application Error)(User: )
Description: iexplore.exe0.0.0.04d334d98unknown0.0.0.000000000c0000417009be1fdff401ccd6dd582c50bb

Error: (01/19/2012 11:05:20 AM) (Source: Application Error)(User: )
Description: iexplore.exe2.3.7.1924a1c1d44unknown0.0.0.000000000c00004170244e1fd2a001ccd6dd49cc42fb

Error: (01/19/2012 11:05:05 AM) (Source: Application Error)(User: )
Description: iexplore.exe2.3.7.1924a1c1d44unknown0.0.0.000000000c0000417003ce1fde3801ccd6dd40f94a1b

Error: (01/19/2012 11:03:42 AM) (Source: Application Error)(User: )
Description: firefox.exe9.0.1.43714ef15e74unknown0.0.0.000000000c00004170014e1fd27c01ccd6dd0f3caf3b

Error: (01/19/2012 10:47:59 AM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.6000.169824b2b5bdbunknown0.0.0.000000000c00004170000000000ab1e1060801ccd6dadd7fe0c4

Error: (01/19/2012 10:40:09 AM) (Source: Application Error)(User: )
Description: firefox.exe9.0.1.43714ef15e74unknown0.0.0.000000000c0000417006fe1fdf7401ccd6d9c53f7e44

Error: (01/19/2012 10:30:34 AM) (Source: Application Error)(User: )
Description: firefox.exe9.0.1.43714ef15e74unknown0.0.0.000000000c0000417007ae1fdfc801ccd6d86e27841c

Error: (01/19/2012 10:25:04 AM) (Source: Application Error)(User: )
Description: firefox.exe9.0.1.43714ef15e74unknown0.0.0.000000000c000041700bde1fdf7c01ccd6d7a9138cfc


=========================== Installed Programs ============================

7-Zip 9.20
AC3Filter 1.63b (Version: 1.63b)
Acoustica Effects Pack (Version: 3.0)
Acoustica Mixcraft 5
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Any Video Converter 3.0.6
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
ATI Catalyst Install Manager (Version: 3.0.750.0)
Audacity 1.2.6
BitTorrent
Canon MX350 series MP Drivers
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.1104.959.17837)
Catalyst Control Center Graphics Full Existing (Version: 2009.1104.959.17837)
Catalyst Control Center Graphics Full New (Version: 2009.1104.959.17837)
Catalyst Control Center Graphics Light (Version: 2009.1104.959.17837)
Catalyst Control Center Graphics Previews Common (Version: 2009.1104.959.17837)
Catalyst Control Center Graphics Previews Vista (Version: 2009.1104.959.17837)
Catalyst Control Center HydraVision Full (Version: 2009.1104.959.17837)
Catalyst Control Center InstallProxy (Version: 2009.1104.959.17837)
ccc-core-static (Version: 2009.1104.959.17837)
ccc-utility64 (Version: 2009.1104.959.17837)
CCC Help English (Version: 2009.1104.0958.17837)
DAEMON Tools Toolbar (Version: 1.1.2.0185)
DivX Setup (Version: 2.1.2.2)
Dropbox (Version: 1.2.49)
EA Shared Game Component: Activation (Version: 2.2.0)
EA Shared Game Component: Activation (Version: 2.2.0.19)
eMusic Download Manager 4.1.4 (Version: 4.1.4)
ESET Online Scanner v3
Fences (Version: 1.0)
FormatFactory 2.70 (Version: 2.70)
Google Desktop (Version: 5.9.1005.12335)
Handbrake 0.9.4 (Version: 0.9.4)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
K-Lite Codec Pack 7.2.0 (Standard) (Version: 7.2.0)
LAME v3.98.2 for Audacity
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 9.0.1 (x86 en-GB) (Version: 9.0.1)
Mozilla Thunderbird 9.0.1 (x86 en-GB) (Version: 9.0.1)
MyDefrag v4.3.1 (Version: 4.0.0.0)
NoteTab Light 6 (Remove only) (Version: 6.2)
NVIDIA PhysX (Version: 9.09.0203)
OpenOffice.org 3.1 (Version: 3.1.9420)
PDF-Viewer (Version: 2.5.195.0)
PDF Settings CS5 (Version: 10.0)
Portal 2
QuickTime (Version: 7.71.80.42)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5859)
REAPER
Reason 4.0 (Version: 4.0)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
Sonic Foundry Sound Forge 5.0 (Version: 5.0.0.117)
Sony Ericsson PC Companion 2.02.002 (Version: 2.02.002)
Steam (Version: 1.0.0.0)
SumatraPDF (Version: 1.6)
SUPERAntiSpyware (Version: 5.0.1136)
System Requirements Lab CYRI (Version: 4.5.1.0)
TP-LINK Wireless Client Utility (Version: 7.0)
Traverso 0.49.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.3 (Version: 1.0.3)
Vuze (Version: 4.7)
Vuze Remote Toolbar (Version: 6.2.6.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
ZENcast Organizer

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 4094.5 MB
Available physical RAM: 2688.22 MB
Total Pagefile: 8358.09 MB
Available Pagefile: 6707 MB
Total Virtual: 4095.88 MB
Available Virtual: 4000.05 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:105.93 GB) (Free:43.48 GB) NTFS
3 Drive d: () (Fixed) (Total:126.95 GB) (Free:126.83 GB) NTFS
4 Drive e: (Media) (Fixed) (Total:390.62 GB) (Free:289.05 GB) NTFS
5 Drive f: (Backup 2012) (Fixed) (Total:540.89 GB) (Free:438.49 GB) NTFS
6 Drive g: (KINGSTON) (Removable) (Total:7.45 GB) (Free:1.84 GB) FAT32

========================= Users: ========================================

User accounts for \\VAGABOND

Administrator David Guest

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini010412-01.dmp

**** End of log ****

#5 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 19 January 2012 - 03:28 PM

12:19:52.0521 4084 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
12:19:54.0096 4084 ============================================================
12:19:54.0096 4084 Current date / time: 2012/01/19 12:19:54.0096
12:19:54.0096 4084 SystemInfo:
12:19:54.0096 4084
12:19:54.0096 4084 OS Version: 6.0.6000 ServicePack: 0.0
12:19:54.0096 4084 Product type: Workstation
12:19:54.0096 4084 ComputerName: VAGABOND
12:19:54.0096 4084 UserName: David
12:19:54.0096 4084 Windows directory: C:\Windows
12:19:54.0096 4084 System windows directory: C:\Windows
12:19:54.0096 4084 Running under WOW64
12:19:54.0096 4084 Processor architecture: Intel x64
12:19:54.0096 4084 Number of processors: 4
12:19:54.0096 4084 Page size: 0x1000
12:19:54.0096 4084 Boot type: Normal boot
12:19:54.0096 4084 ============================================================
12:19:54.0923 4084 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:19:54.0923 4084 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:19:54.0970 4084 Drive \Device\Harddisk2\DR6 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:19:55.0110 4084 Initialize success
12:20:12.0972 2876 ============================================================
12:20:12.0972 2876 Scan started
12:20:12.0972 2876 Mode: Manual; SigCheck; TDLFS;
12:20:12.0972 2876 ============================================================
12:20:13.0581 2876 ACPI (a119449dd3789a1d80d9c6919d655151) C:\Windows\system32\drivers\acpi.sys
12:20:13.0674 2876 ACPI - ok
12:20:13.0752 2876 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
12:20:13.0768 2876 adp94xx - ok
12:20:13.0815 2876 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
12:20:13.0830 2876 adpahci - ok
12:20:13.0846 2876 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
12:20:13.0861 2876 adpu160m - ok
12:20:13.0893 2876 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
12:20:13.0893 2876 adpu320 - ok
12:20:13.0939 2876 AFD (db033c115415f4ef6f26901af0c5d635) C:\Windows\system32\drivers\afd.sys
12:20:14.0002 2876 AFD - ok
12:20:14.0049 2876 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
12:20:14.0049 2876 agp440 - ok
12:20:14.0080 2876 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
12:20:14.0095 2876 aic78xx - ok
12:20:14.0111 2876 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
12:20:14.0127 2876 aliide - ok
12:20:14.0142 2876 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
12:20:14.0142 2876 amdide - ok
12:20:14.0173 2876 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
12:20:14.0220 2876 AmdK8 - ok
12:20:14.0501 2876 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:20:14.0985 2876 amdkmdag - ok
12:20:15.0078 2876 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
12:20:15.0094 2876 amdkmdap - ok
12:20:15.0156 2876 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
12:20:15.0156 2876 arc - ok
12:20:15.0187 2876 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
12:20:15.0187 2876 arcsas - ok
12:20:15.0219 2876 AsyncMac (0bbc9a0044880b878c217e08d46da874) C:\Windows\system32\DRIVERS\asyncmac.sys
12:20:15.0265 2876 AsyncMac - ok
12:20:15.0297 2876 atapi (bb55c79e0595d8cfbe4a80a3c9eb77ea) C:\Windows\system32\drivers\atapi.sys
12:20:15.0297 2876 atapi - ok
12:20:15.0375 2876 athur (c0f9cb0c4c1dfd0e4266b072f34b22ca) C:\Windows\system32\DRIVERS\athurx.sys
12:20:15.0437 2876 athur - ok
12:20:15.0499 2876 AtiHdmiService (1251677c31ca7d08795a6ee939f2e605) C:\Windows\system32\drivers\AtiHdmi.sys
12:20:15.0546 2876 AtiHdmiService - ok
12:20:15.0811 2876 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:20:16.0045 2876 atikmdag - ok
12:20:16.0170 2876 Beep - ok
12:20:16.0186 2876 blbdrive - ok
12:20:16.0201 2876 bowser (1ade72a257235b9d72d72e238495e8ea) C:\Windows\system32\DRIVERS\bowser.sys
12:20:16.0264 2876 bowser - ok
12:20:16.0279 2876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
12:20:16.0342 2876 BrFiltLo - ok
12:20:16.0357 2876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
12:20:16.0404 2876 BrFiltUp - ok
12:20:16.0451 2876 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
12:20:16.0498 2876 Brserid - ok
12:20:16.0513 2876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
12:20:16.0560 2876 BrSerWdm - ok
12:20:16.0576 2876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
12:20:16.0638 2876 BrUsbMdm - ok
12:20:16.0654 2876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
12:20:16.0716 2876 BrUsbSer - ok
12:20:16.0732 2876 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
12:20:16.0794 2876 BTHMODEM - ok
12:20:16.0810 2876 catchme - ok
12:20:16.0841 2876 cdfs (a67ac5d1cf807398edcdb6d354631a2d) C:\Windows\system32\DRIVERS\cdfs.sys
12:20:16.0888 2876 cdfs - ok
12:20:16.0919 2876 cdrom (3b70b898241c890d91ecf1c8f254680a) C:\Windows\system32\DRIVERS\cdrom.sys
12:20:16.0966 2876 cdrom - ok
12:20:16.0997 2876 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
12:20:17.0044 2876 circlass - ok
12:20:17.0091 2876 CLFS (684de0791d989a03f7cff7dfae58539f) C:\Windows\system32\CLFS.sys
12:20:17.0122 2876 CLFS - ok
12:20:17.0153 2876 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
12:20:17.0169 2876 cmdide - ok
12:20:17.0200 2876 Compbatt (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
12:20:17.0200 2876 Compbatt - ok
12:20:17.0231 2876 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
12:20:17.0231 2876 crcdisk - ok
12:20:17.0278 2876 CSC (da746a7d466105b816e8b523dfe616b6) C:\Windows\system32\drivers\csc.sys
12:20:17.0293 2876 CSC - ok
12:20:17.0325 2876 DfsC (1d411153baad367c7c32572e7fccdf5d) C:\Windows\system32\Drivers\dfsc.sys
12:20:17.0387 2876 DfsC - ok
12:20:17.0418 2876 disk (f0357b772621b2c86cf11c62e8ea9e9d) C:\Windows\system32\drivers\disk.sys
12:20:17.0418 2876 disk - ok
12:20:17.0481 2876 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
12:20:17.0527 2876 drmkaud - ok
12:20:17.0574 2876 DXGKrnl (3e466f88e30a96780fb80789d59c48ab) C:\Windows\System32\drivers\dxgkrnl.sys
12:20:17.0621 2876 DXGKrnl - ok
12:20:17.0668 2876 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
12:20:17.0715 2876 E1G60 - ok
12:20:17.0746 2876 Ecache (ff4ccc4524368b30b4c1ff799f578661) C:\Windows\system32\drivers\ecache.sys
12:20:17.0746 2876 Ecache - ok
12:20:17.0793 2876 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
12:20:17.0808 2876 elxstor - ok
12:20:17.0855 2876 fastfat (e04eb42ea1a665fb28b94250af319208) C:\Windows\system32\drivers\fastfat.sys
12:20:17.0902 2876 fastfat - ok
12:20:17.0917 2876 fdc (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
12:20:17.0980 2876 fdc - ok
12:20:17.0995 2876 FileInfo (94052ea1440f2eb1ab795f48cc856b4e) C:\Windows\system32\drivers\fileinfo.sys
12:20:18.0011 2876 FileInfo - ok
12:20:18.0027 2876 Filetrace (181a5c68f7578e673c16d1ca8403bbc2) C:\Windows\system32\drivers\filetrace.sys
12:20:18.0073 2876 Filetrace - ok
12:20:18.0089 2876 flpydisk (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
12:20:18.0136 2876 flpydisk - ok
12:20:18.0151 2876 FltMgr (7f33ba7661379cc9eaceb8cb66b77941) C:\Windows\system32\drivers\fltmgr.sys
12:20:18.0167 2876 FltMgr - ok
12:20:18.0198 2876 Fs_Rec (91baf86514f21dd7b781216c7cf3ca69) C:\Windows\system32\drivers\Fs_Rec.sys
12:20:18.0214 2876 Fs_Rec - ok
12:20:18.0229 2876 fvevol (9f26005577011ff0489a86493e12a333) C:\Windows\system32\DRIVERS\fvevol.sys
12:20:18.0245 2876 fvevol - ok
12:20:18.0276 2876 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
12:20:18.0276 2876 gagp30kx - ok
12:20:18.0323 2876 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
12:20:18.0323 2876 ggflt - ok
12:20:18.0339 2876 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
12:20:18.0354 2876 ggsemc - ok
12:20:18.0417 2876 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
12:20:18.0463 2876 HdAudAddService - ok
12:20:18.0495 2876 HDAudBus (a7e13e4a58e72276084ee092998de901) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:20:18.0510 2876 HDAudBus - ok
12:20:18.0526 2876 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
12:20:18.0573 2876 HidBth - ok
12:20:18.0697 2876 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
12:20:18.0744 2876 HidIr - ok
12:20:18.0807 2876 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
12:20:18.0853 2876 HidUsb - ok
12:20:18.0885 2876 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
12:20:18.0885 2876 HpCISSs - ok
12:20:18.0931 2876 HTTP (2edceb595e31e6dffc00dfa464c3dd33) C:\Windows\system32\drivers\HTTP.sys
12:20:18.0978 2876 HTTP - ok
12:20:18.0994 2876 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
12:20:19.0009 2876 i2omp - ok
12:20:19.0041 2876 i8042prt (51363d487ca91f1704742b989642c6b3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:20:19.0072 2876 i8042prt - ok
12:20:19.0103 2876 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
12:20:19.0103 2876 iaStorV - ok
12:20:19.0134 2876 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
12:20:19.0134 2876 iirsp - ok
12:20:19.0228 2876 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
12:20:19.0290 2876 IntcAzAudAddService - ok
12:20:19.0368 2876 intelide (36a266c673812878996f72b200203fbb) C:\Windows\system32\drivers\intelide.sys
12:20:19.0368 2876 intelide - ok
12:20:19.0384 2876 intelppm (cd802075728e514548841dcc3f8b0220) C:\Windows\system32\DRIVERS\intelppm.sys
12:20:19.0431 2876 intelppm - ok
12:20:19.0477 2876 IpFilterDriver (cacce18cff8b572898bbb5f21a8ddc08) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:20:19.0524 2876 IpFilterDriver - ok
12:20:19.0540 2876 IpInIp - ok
12:20:19.0571 2876 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
12:20:19.0618 2876 IPMIDRV - ok
12:20:19.0633 2876 IPNAT (e8e8eb01af36f61830f0e89ca2bc533a) C:\Windows\system32\DRIVERS\ipnat.sys
12:20:19.0696 2876 IPNAT - ok
12:20:19.0711 2876 IRENUM (cceab60b7fa1b1eef32376c31d2541ac) C:\Windows\system32\drivers\irenum.sys
12:20:19.0758 2876 IRENUM - ok
12:20:19.0789 2876 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
12:20:19.0805 2876 isapnp - ok
12:20:19.0821 2876 iScsiPrt (73b31746c9b103688799dfb20cd7b09a) C:\Windows\system32\DRIVERS\msiscsi.sys
12:20:19.0836 2876 iScsiPrt - ok
12:20:19.0852 2876 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
12:20:19.0867 2876 iteatapi - ok
12:20:19.0899 2876 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
12:20:19.0899 2876 iteraid - ok
12:20:19.0930 2876 kbdclass (ac1ba7446d5343dfd4267a6e0d4fc0af) C:\Windows\system32\DRIVERS\kbdclass.sys
12:20:19.0930 2876 kbdclass - ok
12:20:19.0945 2876 kbdhid (2bd825d29261ca26eee4d7d055eadf7f) C:\Windows\system32\DRIVERS\kbdhid.sys
12:20:19.0961 2876 kbdhid - ok
12:20:20.0008 2876 KSecDD (778effd6d35d73b0cb5f648f7f8a6c45) C:\Windows\system32\Drivers\ksecdd.sys
12:20:20.0039 2876 KSecDD - ok
12:20:20.0055 2876 ksthunk (f2010505c81ea6b954fc9f0a382eaf73) C:\Windows\system32\drivers\ksthunk.sys
12:20:20.0101 2876 ksthunk - ok
12:20:20.0133 2876 lltdio (7dd2e7717ba759c6685f52d27553fb2e) C:\Windows\system32\DRIVERS\lltdio.sys
12:20:20.0211 2876 lltdio - ok
12:20:20.0242 2876 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
12:20:20.0257 2876 LSI_FC - ok
12:20:20.0273 2876 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
12:20:20.0273 2876 LSI_SAS - ok
12:20:20.0289 2876 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
12:20:20.0289 2876 LSI_SCSI - ok
12:20:20.0304 2876 luafv (af0e4e902425d9a7dcf848e8e6e51ec0) C:\Windows\system32\drivers\luafv.sys
12:20:20.0351 2876 luafv - ok
12:20:20.0382 2876 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
12:20:20.0382 2876 megasas - ok
12:20:20.0398 2876 Modem (709061fcf89ad99340e3f313a80ba191) C:\Windows\system32\drivers\modem.sys
12:20:20.0460 2876 Modem - ok
12:20:20.0491 2876 monitor (6f7e338a173e75f2034aacf88217840a) C:\Windows\system32\DRIVERS\monitor.sys
12:20:20.0507 2876 monitor - ok
12:20:20.0538 2876 mouclass (b17d9c235b6cf778a12b4b1dc26352ea) C:\Windows\system32\DRIVERS\mouclass.sys
12:20:20.0538 2876 mouclass - ok
12:20:20.0554 2876 mouhid (328f5836f55ccd1e92377873f646288c) C:\Windows\system32\DRIVERS\mouhid.sys
12:20:20.0569 2876 mouhid - ok
12:20:20.0569 2876 MountMgr (2d18036b7bc1d48fa647ab5779126b85) C:\Windows\system32\drivers\mountmgr.sys
12:20:20.0585 2876 MountMgr - ok
12:20:20.0616 2876 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
12:20:20.0632 2876 mpio - ok
12:20:20.0663 2876 mpsdrv (97461590b5e6d54143f8b40cc32a586c) C:\Windows\system32\drivers\mpsdrv.sys
12:20:20.0663 2876 mpsdrv - ok
12:20:20.0694 2876 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
12:20:20.0694 2876 Mraid35x - ok
12:20:20.0725 2876 MRxDAV (2d43b4e2e7de034a464781083b33e224) C:\Windows\system32\drivers\mrxdav.sys
12:20:20.0741 2876 MRxDAV - ok
12:20:20.0772 2876 mrxsmb (5514d9c92960d7d5fd7f6635d1aa1e84) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:20:20.0788 2876 mrxsmb - ok
12:20:20.0788 2876 mrxsmb10 (81f9878a20eaf416c05471f46471b708) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:20:20.0803 2876 mrxsmb10 - ok
12:20:20.0819 2876 mrxsmb20 (a1fdc044b889dd3a1a0b86da8db6dd1a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:20:20.0835 2876 mrxsmb20 - ok
12:20:20.0850 2876 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
12:20:20.0866 2876 msahci - ok
12:20:20.0897 2876 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
12:20:20.0897 2876 msdsm - ok
12:20:20.0913 2876 Msfs (a81cc14ca1a8f78dc6a1c24551b75b3c) C:\Windows\system32\drivers\Msfs.sys
12:20:20.0975 2876 Msfs - ok
12:20:20.0991 2876 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
12:20:20.0991 2876 MSHUSBVideo - ok
12:20:21.0022 2876 msisadrv (30f76c7c471fe6c966509452d208027f) C:\Windows\system32\drivers\msisadrv.sys
12:20:21.0037 2876 msisadrv - ok
12:20:21.0053 2876 MSKSSRV (daba2eb45c279d946b8b7576c6ae55cf) C:\Windows\system32\drivers\MSKSSRV.sys
12:20:21.0115 2876 MSKSSRV - ok
12:20:21.0131 2876 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
12:20:21.0178 2876 MSPCLOCK - ok
12:20:21.0209 2876 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
12:20:21.0271 2876 MSPQM - ok
12:20:21.0287 2876 MsRPC (2f552dece589634b6e44e6ea64cad1cd) C:\Windows\system32\drivers\MsRPC.sys
12:20:21.0303 2876 MsRPC - ok
12:20:21.0318 2876 mssmbios (e14ac9007e84d5686a52ca29149157d9) C:\Windows\system32\DRIVERS\mssmbios.sys
12:20:21.0334 2876 mssmbios - ok
12:20:21.0365 2876 MSTEE (ddb2acb496ea9c3f433f29984f1eb32d) C:\Windows\system32\drivers\MSTEE.sys
12:20:21.0412 2876 MSTEE - ok
12:20:21.0443 2876 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
12:20:21.0443 2876 MTsensor - ok
12:20:21.0459 2876 Mup (97fca426c100cdf99495fdb2aaeb89f7) C:\Windows\system32\Drivers\mup.sys
12:20:21.0474 2876 Mup - ok
12:20:21.0521 2876 NativeWifiP (4df5c8bead7352b387526173c1588d3d) C:\Windows\system32\DRIVERS\nwifi.sys
12:20:21.0521 2876 NativeWifiP - ok
12:20:21.0568 2876 NDIS (cca69c9493a13af86dcf0ae272afbb72) C:\Windows\system32\drivers\ndis.sys
12:20:21.0615 2876 NDIS - ok
12:20:21.0661 2876 NdisTapi (4894641b2a903a6362e3360e053987bb) C:\Windows\system32\DRIVERS\ndistapi.sys
12:20:21.0677 2876 NdisTapi - ok
12:20:21.0708 2876 Ndisuio (2a0d036cd66bf7b373ddb6ac45db7ca1) C:\Windows\system32\DRIVERS\ndisuio.sys
12:20:21.0755 2876 Ndisuio - ok
12:20:21.0771 2876 NdisWan (88b1b6954daf6e106ab0da4880253329) C:\Windows\system32\DRIVERS\ndiswan.sys
12:20:21.0817 2876 NdisWan - ok
12:20:21.0849 2876 NDProxy (9e6b2151e815a7c2e942b77dc9c474dd) C:\Windows\system32\drivers\NDProxy.sys
12:20:21.0849 2876 NDProxy - ok
12:20:21.0880 2876 NetBIOS (09eae6cf2113a9ccfe92275a29c184cc) C:\Windows\system32\DRIVERS\netbios.sys
12:20:21.0927 2876 NetBIOS - ok
12:20:21.0958 2876 netbt (5e733eb829b56156a37c45ab56ae8ed9) C:\Windows\system32\DRIVERS\netbt.sys
12:20:22.0005 2876 netbt - ok
12:20:22.0036 2876 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
12:20:22.0051 2876 nfrd960 - ok
12:20:22.0051 2876 Npfs (359384f52fa7e7e078248564f35e5265) C:\Windows\system32\drivers\Npfs.sys
12:20:22.0114 2876 Npfs - ok
12:20:22.0129 2876 nsiproxy (a8bfc9aaf72e427d96c2b9a83fa01843) C:\Windows\system32\drivers\nsiproxy.sys
12:20:22.0192 2876 nsiproxy - ok
12:20:22.0254 2876 Ntfs (e6c330fcf62257b645d853ffc829aef8) C:\Windows\system32\drivers\Ntfs.sys
12:20:22.0348 2876 Ntfs - ok
12:20:22.0426 2876 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
12:20:22.0473 2876 Null - ok
12:20:22.0519 2876 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
12:20:22.0535 2876 nvraid - ok
12:20:22.0551 2876 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
12:20:22.0566 2876 nvstor - ok
12:20:22.0582 2876 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
12:20:22.0582 2876 nv_agp - ok
12:20:22.0597 2876 NwlnkFlt - ok
12:20:22.0613 2876 NwlnkFwd - ok
12:20:22.0644 2876 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
12:20:22.0691 2876 ohci1394 - ok
12:20:22.0722 2876 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
12:20:22.0769 2876 Parport - ok
12:20:22.0785 2876 partmgr (dc0308051c8adedcfdf98d60c40e17e6) C:\Windows\system32\drivers\partmgr.sys
12:20:22.0785 2876 partmgr - ok
12:20:22.0800 2876 pci (6b548f2e0b623d0f0fa16200b6d32d43) C:\Windows\system32\drivers\pci.sys
12:20:22.0816 2876 pci - ok
12:20:22.0863 2876 pciide (83e7946c3e6e09272c04ad67fe2f96af) C:\Windows\system32\drivers\pciide.sys
12:20:22.0863 2876 pciide - ok
12:20:22.0894 2876 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
12:20:22.0894 2876 pcmcia - ok
12:20:22.0941 2876 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
12:20:23.0019 2876 PEAUTH - ok
12:20:23.0065 2876 PptpMiniport (ffef1b833e3660fed2bf3415a406dc50) C:\Windows\system32\DRIVERS\raspptp.sys
12:20:23.0112 2876 PptpMiniport - ok
12:20:23.0128 2876 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\DRIVERS\processr.sys
12:20:23.0190 2876 Processor - ok
12:20:23.0237 2876 PSched (9baa99f18827a04d77a243d2b9791f7f) C:\Windows\system32\DRIVERS\pacer.sys
12:20:23.0237 2876 PSched - ok
12:20:23.0268 2876 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
12:20:23.0284 2876 PSI - ok
12:20:23.0331 2876 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
12:20:23.0362 2876 ql2300 - ok
12:20:23.0393 2876 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
12:20:23.0409 2876 ql40xx - ok
12:20:23.0424 2876 QWAVEdrv (79a50ee6cbb917f84c0a090c4541ce2f) C:\Windows\system32\drivers\qwavedrv.sys
12:20:23.0440 2876 QWAVEdrv - ok
12:20:23.0455 2876 RasAcd (88e0a5690f4829d9360623e92cabeee6) C:\Windows\system32\DRIVERS\rasacd.sys
12:20:23.0502 2876 RasAcd - ok
12:20:23.0533 2876 Rasl2tp (cb4e01d7cd006a433ae66d7f4e93895b) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:20:23.0580 2876 Rasl2tp - ok
12:20:23.0596 2876 RasPppoe (fc393505fd692b864ac178a300757fe6) C:\Windows\system32\DRIVERS\raspppoe.sys
12:20:23.0643 2876 RasPppoe - ok
12:20:23.0674 2876 rdbss (32f9164a1f34a6a821521d6ad35db9c0) C:\Windows\system32\DRIVERS\rdbss.sys
12:20:23.0721 2876 rdbss - ok
12:20:23.0736 2876 RDPCDD (db1fd8420182a4a3311e2cd24ec5b715) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:20:23.0783 2876 RDPCDD - ok
12:20:23.0861 2876 rdpdr (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\DRIVERS\rdpdr.sys
12:20:23.0923 2876 rdpdr - ok
12:20:23.0923 2876 RDPENCDD (385596159676563f8b431fce0b0887c7) C:\Windows\system32\drivers\rdpencdd.sys
12:20:23.0986 2876 RDPENCDD - ok
12:20:24.0001 2876 RDPWD (d289a455fc34395720f2fcdc35ddbb79) C:\Windows\system32\drivers\RDPWD.sys
12:20:24.0064 2876 RDPWD - ok
12:20:24.0111 2876 rspndr (9231beb14fcd1d989fd1ffa213be462d) C:\Windows\system32\DRIVERS\rspndr.sys
12:20:24.0157 2876 rspndr - ok
12:20:24.0189 2876 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
12:20:24.0204 2876 RTL8169 - ok
12:20:24.0267 2876 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:20:24.0267 2876 SASDIFSV - ok
12:20:24.0267 2876 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:20:24.0282 2876 SASKUTIL - ok
12:20:24.0298 2876 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
12:20:24.0313 2876 sbp2port - ok
12:20:24.0345 2876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:20:24.0391 2876 secdrv - ok
12:20:24.0407 2876 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\DRIVERS\serenum.sys
12:20:24.0469 2876 Serenum - ok
12:20:24.0485 2876 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\DRIVERS\serial.sys
12:20:24.0532 2876 Serial - ok
12:20:24.0563 2876 sermouse (c1f7f07af6b20d92da202b7f60f703a8) C:\Windows\system32\drivers\sermouse.sys
12:20:24.0579 2876 sermouse - ok
12:20:24.0610 2876 sfdrv01 (4fcace92bb0345d58bb96adbd69f5237) C:\Windows\system32\drivers\sfdrv01.sys
12:20:24.0625 2876 sfdrv01 - ok
12:20:24.0641 2876 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
12:20:24.0703 2876 sffdisk - ok
12:20:24.0719 2876 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
12:20:24.0766 2876 sffp_mmc - ok
12:20:24.0781 2876 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
12:20:24.0828 2876 sffp_sd - ok
12:20:24.0844 2876 sfhlp02 (17f6bd95bf04b924f4c05ce78bef8ae6) C:\Windows\system32\drivers\sfhlp02.sys
12:20:24.0859 2876 sfhlp02 - ok
12:20:24.0875 2876 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
12:20:24.0922 2876 sfloppy - ok
12:20:24.0937 2876 sfsync04 (758d7842a48fe194be08baaf095285be) C:\Windows\system32\drivers\sfsync04.sys
12:20:24.0937 2876 sfsync04 - ok
12:20:24.0953 2876 sfvfs02 (f3b72568a6fa36e5d63d30b8186d1c48) C:\Windows\system32\drivers\sfvfs02.sys
12:20:24.0969 2876 sfvfs02 - ok
12:20:24.0984 2876 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
12:20:24.0984 2876 SiSRaid2 - ok
12:20:25.0015 2876 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
12:20:25.0031 2876 SiSRaid4 - ok
12:20:25.0047 2876 Smb (9a6e3a90649549bb89bf2b7fe11134cc) C:\Windows\system32\DRIVERS\smb.sys
12:20:25.0109 2876 Smb - ok
12:20:25.0125 2876 spldr (c74b22ce56bcd4337e429d31521a40d3) C:\Windows\system32\drivers\spldr.sys
12:20:25.0140 2876 spldr - ok
12:20:25.0171 2876 srv (b3cd8070364fd5187296a9bcfe75d2ce) C:\Windows\system32\DRIVERS\srv.sys
12:20:25.0203 2876 srv - ok
12:20:25.0234 2876 srv2 (e2b5b646d7947fd88041c1ccf2cdc47a) C:\Windows\system32\DRIVERS\srv2.sys
12:20:25.0249 2876 srv2 - ok
12:20:25.0249 2876 srvnet (a511e1653ff461333decf1daf0aa4044) C:\Windows\system32\DRIVERS\srvnet.sys
12:20:25.0265 2876 srvnet - ok
12:20:25.0296 2876 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
12:20:25.0296 2876 swenum - ok
12:20:25.0327 2876 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
12:20:25.0343 2876 Symc8xx - ok
12:20:25.0359 2876 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
12:20:25.0374 2876 Sym_hi - ok
12:20:25.0390 2876 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
12:20:25.0390 2876 Sym_u3 - ok
12:20:25.0452 2876 Tcpip (396cf3fd8d2a4fdf55570c01894db9df) C:\Windows\system32\drivers\tcpip.sys
12:20:25.0499 2876 Tcpip - ok
12:20:25.0530 2876 Tcpip6 (396cf3fd8d2a4fdf55570c01894db9df) C:\Windows\system32\DRIVERS\tcpip.sys
12:20:25.0561 2876 Tcpip6 - ok
12:20:25.0593 2876 tcpipreg (472ce5efa30901d3dca3041d2add27d9) C:\Windows\system32\drivers\tcpipreg.sys
12:20:25.0639 2876 tcpipreg - ok
12:20:25.0655 2876 TDPIPE (1e06142d972c24bf7669588f78a43048) C:\Windows\system32\drivers\tdpipe.sys
12:20:25.0717 2876 TDPIPE - ok
12:20:25.0733 2876 TDTCP (38b3af56ec954458d478c988c9d602fa) C:\Windows\system32\drivers\tdtcp.sys
12:20:25.0780 2876 TDTCP - ok
12:20:25.0795 2876 tdx (1aa3d753141ee71c23bf6eb484e95883) C:\Windows\system32\DRIVERS\tdx.sys
12:20:25.0858 2876 tdx - ok
12:20:25.0873 2876 TermDD (cb4c00702c4d7812ae02d9056f8f5e64) C:\Windows\system32\DRIVERS\termdd.sys
12:20:25.0873 2876 TermDD - ok
12:20:25.0905 2876 tssecsrv (9bb4e08294b3094875f46b2bcbfe7884) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:20:25.0951 2876 tssecsrv - ok
12:20:25.0983 2876 tunmp (09bb43975d3dc652279507f0dfc1c0fd) C:\Windows\system32\DRIVERS\tunmp.sys
12:20:25.0983 2876 tunmp - ok
12:20:26.0014 2876 tunnel (57c7c079ad16ba6e01f0c7830e88d62e) C:\Windows\system32\DRIVERS\tunnel.sys
12:20:26.0029 2876 tunnel - ok
12:20:26.0061 2876 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
12:20:26.0061 2876 uagp35 - ok
12:20:26.0092 2876 udfs (46b22ae265031cbff894b30391e1d31c) C:\Windows\system32\DRIVERS\udfs.sys
12:20:26.0154 2876 udfs - ok
12:20:26.0170 2876 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
12:20:26.0185 2876 uliagpkx - ok
12:20:26.0217 2876 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
12:20:26.0217 2876 uliahci - ok
12:20:26.0248 2876 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
12:20:26.0263 2876 UlSata - ok
12:20:26.0279 2876 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
12:20:26.0295 2876 ulsata2 - ok
12:20:26.0310 2876 umbus (95131c32eed0bb4eb3f2ab069794469a) C:\Windows\system32\DRIVERS\umbus.sys
12:20:26.0357 2876 umbus - ok
12:20:26.0404 2876 usbaudio (1a479212d7c2864772b04bb82a2b63be) C:\Windows\system32\drivers\usbaudio.sys
12:20:26.0466 2876 usbaudio - ok
12:20:26.0497 2876 usbccgp (897186b6f85cea7f6837cc606fdf0b0d) C:\Windows\system32\DRIVERS\usbccgp.sys
12:20:26.0529 2876 usbccgp - ok
12:20:26.0529 2876 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
12:20:26.0591 2876 usbcir - ok
12:20:26.0607 2876 usbehci (cdfb574932e75fe56f6f8c4748833cd1) C:\Windows\system32\DRIVERS\usbehci.sys
12:20:26.0622 2876 usbehci - ok
12:20:26.0638 2876 usbhub (72a62140540a944f11a34089126debb3) C:\Windows\system32\DRIVERS\usbhub.sys
12:20:26.0653 2876 usbhub - ok
12:20:26.0669 2876 usbohci (8cde39a67ee3c160390d1acadb62c3ca) C:\Windows\system32\DRIVERS\usbohci.sys
12:20:26.0685 2876 usbohci - ok
12:20:26.0700 2876 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\DRIVERS\usbprint.sys
12:20:26.0747 2876 usbprint - ok
12:20:26.0778 2876 USBSTOR (35d9d46986c2650979154e1780d04104) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:20:26.0794 2876 USBSTOR - ok
12:20:26.0809 2876 usbuhci (7bf55d2538740b25936e93553e5d190d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:20:26.0856 2876 usbuhci - ok
12:20:26.0903 2876 usbvideo (9bd84037d525f259bae5956e3079de6c) C:\Windows\system32\Drivers\usbvideo.sys
12:20:26.0965 2876 usbvideo - ok
12:20:26.0997 2876 vga (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
12:20:27.0059 2876 vga - ok
12:20:27.0075 2876 VgaSave (05209e4303b7fe58923bba1bcea704f7) C:\Windows\System32\drivers\vga.sys
12:20:27.0121 2876 VgaSave - ok
12:20:27.0153 2876 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
12:20:27.0153 2876 viaide - ok
12:20:27.0168 2876 volmgr (4b85769e627efc0dcaaae46dc83108f8) C:\Windows\system32\drivers\volmgr.sys
12:20:27.0184 2876 volmgr - ok
12:20:27.0199 2876 volmgrx (1c2b6dabd8e60c67e3a6d5d4cdb65d64) C:\Windows\system32\drivers\volmgrx.sys
12:20:27.0215 2876 volmgrx - ok
12:20:27.0246 2876 volsnap (edabf7608de65545eaf36a5736f72beb) C:\Windows\system32\drivers\volsnap.sys
12:20:27.0246 2876 volsnap - ok
12:20:27.0277 2876 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
12:20:27.0277 2876 vsmraid - ok
12:20:27.0309 2876 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
12:20:27.0355 2876 WacomPen - ok
12:20:27.0387 2876 Wanarp (df94f678885c955f6bc02bf8eaf5f13c) C:\Windows\system32\DRIVERS\wanarp.sys
12:20:27.0402 2876 Wanarp - ok
12:20:27.0402 2876 Wanarpv6 (df94f678885c955f6bc02bf8eaf5f13c) C:\Windows\system32\DRIVERS\wanarp.sys
12:20:27.0418 2876 Wanarpv6 - ok
12:20:27.0433 2876 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
12:20:27.0449 2876 Wd - ok
12:20:27.0496 2876 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
12:20:27.0527 2876 Wdf01000 - ok
12:20:27.0605 2876 WmiAcpi (2391ee935491a7872f647bd7ca5c03b1) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:20:27.0605 2876 WmiAcpi - ok
12:20:27.0652 2876 WpdUsb (bd35a7b93d562b10263a80aa9dc082a4) C:\Windows\system32\DRIVERS\wpdusb.sys
12:20:27.0714 2876 WpdUsb - ok
12:20:27.0730 2876 ws2ifsl (c4ee49db7eadc812dbc0eccf2e7fb929) C:\Windows\system32\drivers\ws2ifsl.sys
12:20:27.0777 2876 ws2ifsl - ok
12:20:27.0823 2876 WSDPrintDevice (5b2c2bb5778c12f7f37e68b0a07d9bd3) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:20:27.0870 2876 WSDPrintDevice - ok
12:20:27.0886 2876 WSDScan (ac513fd7978e3a9437e3cb8f8a152a9e) C:\Windows\system32\DRIVERS\WSDScan.sys
12:20:27.0948 2876 WSDScan - ok
12:20:27.0979 2876 WUDFRd (55c83733ec1c7992c81b91c29b3a6e74) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:20:28.0026 2876 WUDFRd - ok
12:20:28.0057 2876 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:20:28.0104 2876 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
12:20:28.0104 2876 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
12:20:28.0135 2876 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:20:28.0135 2876 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:20:28.0135 2876 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
12:20:28.0338 2876 \Device\Harddisk1\DR1 - ok
12:20:28.0338 2876 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR6
12:20:29.0056 2876 \Device\Harddisk2\DR6 - ok
12:20:29.0071 2876 Boot (0x1200) (a91d3ff74032beedfdf80de05ab60f5b) \Device\Harddisk0\DR0\Partition0
12:20:29.0071 2876 \Device\Harddisk0\DR0\Partition0 - ok
12:20:29.0087 2876 Boot (0x1200) (47d38e3cdff5e3f46971e025bd5d43a2) \Device\Harddisk0\DR0\Partition1
12:20:29.0087 2876 \Device\Harddisk0\DR0\Partition1 - ok
12:20:29.0118 2876 Boot (0x1200) (0138968aeac56ce0904905684e4e7cbd) \Device\Harddisk1\DR1\Partition0
12:20:29.0118 2876 \Device\Harddisk1\DR1\Partition0 - ok
12:20:29.0118 2876 Boot (0x1200) (6c5f0d856c28a38899e2acc61da3dcb9) \Device\Harddisk1\DR1\Partition1
12:20:29.0118 2876 \Device\Harddisk1\DR1\Partition1 - ok
12:20:29.0134 2876 Boot (0x1200) (c84b3ad8a7616720246c22e149bd7eb1) \Device\Harddisk2\DR6\Partition0
12:20:29.0134 2876 \Device\Harddisk2\DR6\Partition0 - ok
12:20:29.0134 2876 ============================================================
12:20:29.0134 2876 Scan finished
12:20:29.0134 2876 ============================================================
12:20:29.0134 2772 Detected object count: 2
12:20:29.0134 2772 Actual detected object count: 2
12:21:48.0741 2772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
12:21:48.0741 2772 \Device\Harddisk0\DR0 - ok
12:21:48.0741 2772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
12:21:48.0741 2772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:21:48.0741 2772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:21:51.0252 3984 Deinitialize success

#6 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 19 January 2012 - 03:37 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:29 on 19/01/2012 (David)
Firefox version 9.0.1 (en-GB)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [17:59 14/05/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:25 23/12/2011]

C:\Users\David\Application Data\Mozilla\Firefox\Profiles\kfu1s5gy.default\extensions\
DeviceDetection@logitech.com [04:04 17/08/2011]
DTToolbar@toolbarnet.com [19:59 28/04/2011]
engine@conduit.com [01:47 26/03/2011]
foxmarks@kei.com [17:11 30/09/2011]
{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [04:04 17/08/2011]
{ba14329e-9550-4989-b3f2-9732e92d17cc} [00:36 30/12/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [13:37 12/01/2010]

-=E.O.F=-

I had to run TDSSkiller again in order to generate the log, and I'm wondering if that, combined with earlier steps, solved things. I can now access Firefox, and redirects aren't happening at the moment.

I'll continue down the list, however.

#7 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 19 January 2012 - 03:44 PM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.04

Windows Vista x64 NTFS
Internet Explorer 7.0.6000.16982
David :: VAGABOND [administrator]

Protection: Disabled

1/19/2012 12:36:13 PM
mbam-log-2012-01-19 (12-36-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193929
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 19 January 2012 - 04:26 PM

OK ,good scas .. This was the likely redirect culprit. You did reboot?
12:20:29.0134 2772 Detected object count: 2
12:20:29.0134 2772 Actual detected object count: 2
12:21:48.0741 2772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
12:21:48.0741 2772 \Device\Harddisk0\DR0 - ok
12:21:48.0741 2772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure


Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 20 January 2012 - 12:00 AM

I recognize everything in the hosts file, so I think I'm actually cured! Hooray! Thank you SO much for your help!

If it seems like the problem is lingering in anyway, I'll revisit the hosts file, not to mention continuing to scan my system occasionally and keeping a tighter eye on my own surfing habits.

Thanks!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 20 January 2012 - 09:11 PM

If you stil redirect run the online scan.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users