Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links redirected


  • Please log in to reply
3 replies to this topic

#1 aayjay0110

aayjay0110

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 28 January 2012 - 12:16 AM

Hello folks,

Working on the wife's laptop here (Widnows 7 Ultimate, 32 bit SP1). Whenever I do any Google searches using Firefox or Chrome, I get redirected to random websites when I click a link (every so often this happens). I ran Malwarebytes in normal and safe mode but found nothing. Also, her laptop is running slower than usual (slow boot-up, slow shut down, and just slow in general). I checked the list of start-up programs and to the best of my knowledge I don't see anything that should be slowing the system down.

Do I have a virus/malware? How can I check if I'm infected?

Any help would be much appreciated!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 AM

Posted 28 January 2012 - 12:19 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report



Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

good luck

#3 aayjay0110

aayjay0110
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 29 January 2012 - 12:09 AM

Hello!

Here are the logs. Thanks for your help!



TDSSkiller log:
11:34:55.0047 3532 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
11:34:55.0452 3532 ============================================================
11:34:55.0452 3532 Current date / time: 2012/01/28 11:34:55.0452
11:34:55.0452 3532 SystemInfo:
11:34:55.0452 3532
11:34:55.0452 3532 OS Version: 6.1.7601 ServicePack: 1.0
11:34:55.0452 3532 Product type: Workstation
11:34:55.0452 3532 ComputerName: REDDEVIL
11:34:55.0452 3532 UserName: Amanda
11:34:55.0452 3532 Windows directory: C:\Windows
11:34:55.0452 3532 System windows directory: C:\Windows
11:34:55.0452 3532 Processor architecture: Intel x86
11:34:55.0452 3532 Number of processors: 2
11:34:55.0452 3532 Page size: 0x1000
11:34:55.0452 3532 Boot type: Normal boot
11:34:55.0452 3532 ============================================================
11:34:56.0809 3532 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x8730, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
11:34:57.0137 3532 Initialize success
11:35:05.0421 2052 ============================================================
11:35:05.0421 2052 Scan started
11:35:05.0421 2052 Mode: Manual; TDLFS;
11:35:05.0421 2052 ============================================================
11:35:06.0778 2052 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:35:06.0778 2052 1394ohci - ok
11:35:06.0840 2052 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:35:06.0840 2052 ACPI - ok
11:35:06.0934 2052 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:35:06.0934 2052 AcpiPmi - ok
11:35:07.0012 2052 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
11:35:07.0012 2052 adfs - ok
11:35:07.0137 2052 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:35:07.0152 2052 adp94xx - ok
11:35:07.0199 2052 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:35:07.0199 2052 adpahci - ok
11:35:07.0308 2052 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:35:07.0308 2052 adpu320 - ok
11:35:07.0386 2052 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:35:07.0386 2052 AFD - ok
11:35:07.0464 2052 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:35:07.0464 2052 agp440 - ok
11:35:07.0542 2052 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:35:07.0542 2052 aic78xx - ok
11:35:07.0667 2052 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:35:07.0683 2052 aliide - ok
11:35:07.0729 2052 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:35:07.0729 2052 amdagp - ok
11:35:07.0776 2052 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:35:07.0776 2052 amdide - ok
11:35:07.0870 2052 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:35:07.0870 2052 AmdK8 - ok
11:35:07.0932 2052 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:35:07.0932 2052 AmdPPM - ok
11:35:07.0995 2052 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:35:07.0995 2052 amdsata - ok
11:35:08.0088 2052 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:35:08.0088 2052 amdsbs - ok
11:35:08.0151 2052 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:35:08.0151 2052 amdxata - ok
11:35:08.0213 2052 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:35:08.0213 2052 AppID - ok
11:35:08.0353 2052 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:35:08.0353 2052 arc - ok
11:35:08.0385 2052 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:35:08.0385 2052 arcsas - ok
11:35:08.0431 2052 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:35:08.0431 2052 AsyncMac - ok
11:35:08.0463 2052 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:35:08.0463 2052 atapi - ok
11:35:08.0603 2052 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:35:08.0603 2052 b06bdrv - ok
11:35:08.0665 2052 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:35:08.0665 2052 b57nd60x - ok
11:35:08.0759 2052 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:35:08.0759 2052 Beep - ok
11:35:08.0806 2052 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:35:08.0806 2052 blbdrive - ok
11:35:08.0915 2052 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:35:08.0915 2052 bowser - ok
11:35:08.0962 2052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:35:08.0962 2052 BrFiltLo - ok
11:35:08.0993 2052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:35:08.0993 2052 BrFiltUp - ok
11:35:09.0087 2052 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:35:09.0087 2052 Brserid - ok
11:35:09.0118 2052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:35:09.0118 2052 BrSerWdm - ok
11:35:09.0149 2052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:35:09.0149 2052 BrUsbMdm - ok
11:35:09.0196 2052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:35:09.0196 2052 BrUsbSer - ok
11:35:09.0289 2052 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
11:35:09.0289 2052 BthEnum - ok
11:35:09.0336 2052 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:35:09.0336 2052 BTHMODEM - ok
11:35:09.0367 2052 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
11:35:09.0383 2052 BthPan - ok
11:35:09.0477 2052 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
11:35:09.0477 2052 BTHPORT - ok
11:35:09.0523 2052 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
11:35:09.0523 2052 BTHUSB - ok
11:35:09.0617 2052 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:35:09.0633 2052 cdfs - ok
11:35:09.0695 2052 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
11:35:09.0695 2052 cdrom - ok
11:35:09.0804 2052 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:35:09.0820 2052 circlass - ok
11:35:09.0867 2052 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:35:09.0867 2052 CLFS - ok
11:35:10.0007 2052 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:35:10.0007 2052 CmBatt - ok
11:35:10.0054 2052 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:35:10.0054 2052 cmdide - ok
11:35:10.0101 2052 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:35:10.0101 2052 CNG - ok
11:35:10.0194 2052 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:35:10.0194 2052 Compbatt - ok
11:35:10.0257 2052 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:35:10.0257 2052 CompositeBus - ok
11:35:10.0350 2052 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:35:10.0350 2052 crcdisk - ok
11:35:10.0428 2052 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:35:10.0428 2052 CSC - ok
11:35:10.0537 2052 dc3d (90f8539fa0de4aafe4fdbe7f95d6a512) C:\Windows\system32\DRIVERS\dc3d.sys
11:35:10.0537 2052 dc3d - ok
11:35:10.0584 2052 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:35:10.0584 2052 DfsC - ok
11:35:10.0678 2052 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:35:10.0678 2052 discache - ok
11:35:10.0740 2052 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:35:10.0740 2052 Disk - ok
11:35:10.0834 2052 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
11:35:10.0834 2052 DMICall - ok
11:35:10.0896 2052 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:35:10.0896 2052 drmkaud - ok
11:35:10.0943 2052 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:35:10.0943 2052 DXGKrnl - ok
11:35:11.0146 2052 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:35:11.0224 2052 ebdrv - ok
11:35:11.0333 2052 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:35:11.0349 2052 eeCtrl - ok
11:35:11.0473 2052 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:35:11.0473 2052 elxstor - ok
11:35:11.0567 2052 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:35:11.0583 2052 EraserUtilRebootDrv - ok
11:35:11.0676 2052 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:35:11.0676 2052 ErrDev - ok
11:35:11.0754 2052 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:35:11.0754 2052 exfat - ok
11:35:11.0848 2052 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:35:11.0848 2052 fastfat - ok
11:35:11.0895 2052 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:35:11.0895 2052 fdc - ok
11:35:11.0941 2052 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:35:11.0941 2052 FileInfo - ok
11:35:12.0019 2052 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:35:12.0019 2052 Filetrace - ok
11:35:12.0051 2052 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:35:12.0051 2052 flpydisk - ok
11:35:12.0097 2052 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:35:12.0097 2052 FltMgr - ok
11:35:12.0191 2052 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:35:12.0191 2052 FsDepends - ok
11:35:12.0207 2052 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:35:12.0222 2052 Fs_Rec - ok
11:35:12.0269 2052 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:35:12.0269 2052 fvevol - ok
11:35:12.0347 2052 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:35:12.0347 2052 gagp30kx - ok
11:35:12.0394 2052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:35:12.0394 2052 GEARAspiWDM - ok
11:35:12.0519 2052 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:35:12.0519 2052 hcw85cir - ok
11:35:12.0597 2052 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:35:12.0597 2052 HdAudAddService - ok
11:35:12.0690 2052 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:35:12.0690 2052 HDAudBus - ok
11:35:12.0721 2052 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:35:12.0721 2052 HidBatt - ok
11:35:12.0753 2052 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:35:12.0753 2052 HidBth - ok
11:35:12.0846 2052 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:35:12.0846 2052 HidIr - ok
11:35:12.0940 2052 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:35:12.0940 2052 HidUsb - ok
11:35:13.0033 2052 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:35:13.0033 2052 HpSAMD - ok
11:35:13.0096 2052 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:35:13.0111 2052 HTTP - ok
11:35:13.0127 2052 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:35:13.0127 2052 hwpolicy - ok
11:35:13.0236 2052 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:35:13.0236 2052 i8042prt - ok
11:35:13.0314 2052 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:35:13.0314 2052 iaStorV - ok
11:35:13.0626 2052 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:35:13.0704 2052 igfx - ok
11:35:13.0813 2052 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:35:13.0813 2052 iirsp - ok
11:35:13.0876 2052 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:35:13.0876 2052 intelide - ok
11:35:13.0969 2052 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:35:13.0969 2052 intelppm - ok
11:35:14.0001 2052 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:35:14.0001 2052 IpFilterDriver - ok
11:35:14.0047 2052 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:35:14.0047 2052 IPMIDRV - ok
11:35:14.0141 2052 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:35:14.0141 2052 IPNAT - ok
11:35:14.0203 2052 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:35:14.0203 2052 IRENUM - ok
11:35:14.0235 2052 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:35:14.0235 2052 isapnp - ok
11:35:14.0328 2052 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:35:14.0328 2052 iScsiPrt - ok
11:35:14.0391 2052 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:35:14.0391 2052 kbdclass - ok
11:35:14.0484 2052 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
11:35:14.0484 2052 kbdhid - ok
11:35:14.0531 2052 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:35:14.0531 2052 KSecDD - ok
11:35:14.0625 2052 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:35:14.0625 2052 KSecPkg - ok
11:35:14.0703 2052 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:35:14.0703 2052 lltdio - ok
11:35:14.0812 2052 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:35:14.0812 2052 LSI_FC - ok
11:35:14.0859 2052 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:35:14.0859 2052 LSI_SAS - ok
11:35:14.0905 2052 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:35:14.0905 2052 LSI_SAS2 - ok
11:35:14.0999 2052 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:35:14.0999 2052 LSI_SCSI - ok
11:35:15.0061 2052 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:35:15.0061 2052 luafv - ok
11:35:15.0139 2052 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:35:15.0139 2052 megasas - ok
11:35:15.0202 2052 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:35:15.0202 2052 MegaSR - ok
11:35:15.0327 2052 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:35:15.0327 2052 Modem - ok
11:35:15.0373 2052 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:35:15.0373 2052 monitor - ok
11:35:15.0467 2052 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:35:15.0483 2052 mouclass - ok
11:35:15.0529 2052 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:35:15.0529 2052 mouhid - ok
11:35:15.0561 2052 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:35:15.0561 2052 mountmgr - ok
11:35:15.0654 2052 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:35:15.0654 2052 mpio - ok
11:35:15.0701 2052 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:35:15.0701 2052 mpsdrv - ok
11:35:15.0748 2052 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:35:15.0748 2052 MRxDAV - ok
11:35:15.0857 2052 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:35:15.0857 2052 mrxsmb - ok
11:35:15.0888 2052 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:35:15.0904 2052 mrxsmb10 - ok
11:35:15.0919 2052 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:35:15.0919 2052 mrxsmb20 - ok
11:35:15.0997 2052 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:35:15.0997 2052 msahci - ok
11:35:16.0060 2052 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:35:16.0060 2052 msdsm - ok
11:35:16.0185 2052 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:35:16.0185 2052 Msfs - ok
11:35:16.0216 2052 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:35:16.0216 2052 mshidkmdf - ok
11:35:16.0263 2052 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:35:16.0263 2052 msisadrv - ok
11:35:16.0356 2052 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:35:16.0372 2052 MSKSSRV - ok
11:35:16.0419 2052 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:35:16.0419 2052 MSPCLOCK - ok
11:35:16.0450 2052 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:35:16.0450 2052 MSPQM - ok
11:35:16.0465 2052 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:35:16.0465 2052 MsRPC - ok
11:35:16.0559 2052 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:35:16.0559 2052 mssmbios - ok
11:35:16.0606 2052 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:35:16.0606 2052 MSTEE - ok
11:35:16.0699 2052 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:35:16.0699 2052 MTConfig - ok
11:35:16.0731 2052 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:35:16.0731 2052 Mup - ok
11:35:16.0777 2052 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:35:16.0793 2052 NativeWifiP - ok
11:35:16.0902 2052 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120121.009\NAVENG.SYS
11:35:16.0902 2052 NAVENG - ok
11:35:16.0965 2052 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120121.009\NAVEX15.SYS
11:35:16.0980 2052 NAVEX15 - ok
11:35:17.0089 2052 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:35:17.0105 2052 NDIS - ok
11:35:17.0214 2052 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:35:17.0214 2052 NdisCap - ok
11:35:17.0277 2052 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:35:17.0277 2052 NdisTapi - ok
11:35:17.0308 2052 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:35:17.0308 2052 Ndisuio - ok
11:35:17.0401 2052 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:35:17.0401 2052 NdisWan - ok
11:35:17.0433 2052 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:35:17.0433 2052 NDProxy - ok
11:35:17.0526 2052 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:35:17.0526 2052 NetBIOS - ok
11:35:17.0573 2052 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:35:17.0573 2052 NetBT - ok
11:35:17.0791 2052 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
11:35:17.0838 2052 netw5v32 - ok
11:35:17.0932 2052 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:35:17.0932 2052 nfrd960 - ok
11:35:17.0979 2052 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:35:17.0979 2052 Npfs - ok
11:35:17.0994 2052 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:35:17.0994 2052 nsiproxy - ok
11:35:18.0119 2052 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:35:18.0119 2052 Ntfs - ok
11:35:18.0213 2052 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:35:18.0213 2052 Null - ok
11:35:18.0259 2052 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:35:18.0259 2052 nvraid - ok
11:35:18.0322 2052 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:35:18.0322 2052 nvstor - ok
11:35:18.0400 2052 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:35:18.0415 2052 nv_agp - ok
11:35:18.0478 2052 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:35:18.0478 2052 ohci1394 - ok
11:35:18.0618 2052 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:35:18.0618 2052 Parport - ok
11:35:18.0665 2052 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:35:18.0665 2052 partmgr - ok
11:35:18.0759 2052 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:35:18.0759 2052 Parvdm - ok
11:35:18.0805 2052 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:35:18.0805 2052 pci - ok
11:35:18.0837 2052 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:35:18.0837 2052 pciide - ok
11:35:18.0930 2052 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:35:18.0930 2052 pcmcia - ok
11:35:18.0961 2052 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:35:18.0961 2052 pcw - ok
11:35:18.0993 2052 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:35:18.0993 2052 PEAUTH - ok
11:35:19.0149 2052 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:35:19.0149 2052 PptpMiniport - ok
11:35:19.0180 2052 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:35:19.0180 2052 Processor - ok
11:35:19.0305 2052 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:35:19.0305 2052 Psched - ok
11:35:19.0383 2052 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:35:19.0414 2052 ql2300 - ok
11:35:19.0507 2052 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:35:19.0507 2052 ql40xx - ok
11:35:19.0554 2052 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:35:19.0554 2052 QWAVEdrv - ok
11:35:19.0585 2052 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:35:19.0585 2052 RasAcd - ok
11:35:19.0663 2052 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:35:19.0663 2052 RasAgileVpn - ok
11:35:19.0710 2052 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:35:19.0710 2052 Rasl2tp - ok
11:35:19.0819 2052 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:35:19.0819 2052 RasPppoe - ok
11:35:19.0851 2052 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:35:19.0851 2052 RasSstp - ok
11:35:19.0882 2052 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:35:19.0882 2052 rdbss - ok
11:35:19.0960 2052 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:35:19.0960 2052 rdpbus - ok
11:35:19.0991 2052 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:35:19.0991 2052 RDPCDD - ok
11:35:20.0038 2052 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:35:20.0038 2052 RDPDR - ok
11:35:20.0131 2052 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:35:20.0131 2052 RDPENCDD - ok
11:35:20.0178 2052 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:35:20.0178 2052 RDPREFMP - ok
11:35:20.0287 2052 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:35:20.0303 2052 RdpVideoMiniport - ok
11:35:20.0365 2052 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
11:35:20.0365 2052 RDPWD - ok
11:35:20.0475 2052 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:35:20.0475 2052 rdyboost - ok
11:35:20.0537 2052 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
11:35:20.0537 2052 RFCOMM - ok
11:35:20.0646 2052 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:35:20.0646 2052 rspndr - ok
11:35:20.0693 2052 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:35:20.0693 2052 s3cap - ok
11:35:20.0740 2052 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:35:20.0740 2052 sbp2port - ok
11:35:20.0833 2052 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:35:20.0833 2052 scfilter - ok
11:35:20.0896 2052 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
11:35:20.0896 2052 sdbus - ok
11:35:20.0989 2052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:35:20.0989 2052 secdrv - ok
11:35:21.0052 2052 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:35:21.0052 2052 Serenum - ok
11:35:21.0130 2052 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:35:21.0130 2052 Serial - ok
11:35:21.0177 2052 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:35:21.0177 2052 sermouse - ok
11:35:21.0301 2052 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
11:35:21.0301 2052 SFEP - ok
11:35:21.0348 2052 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:35:21.0348 2052 sffdisk - ok
11:35:21.0364 2052 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:35:21.0364 2052 sffp_mmc - ok
11:35:21.0457 2052 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:35:21.0457 2052 sffp_sd - ok
11:35:21.0504 2052 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:35:21.0504 2052 sfloppy - ok
11:35:21.0551 2052 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:35:21.0551 2052 sisagp - ok
11:35:21.0660 2052 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:35:21.0660 2052 SiSRaid2 - ok
11:35:21.0707 2052 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:35:21.0707 2052 SiSRaid4 - ok
11:35:21.0769 2052 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:35:21.0769 2052 Smb - ok
11:35:21.0910 2052 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
11:35:21.0910 2052 SPBBCDrv - ok
11:35:22.0003 2052 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:35:22.0003 2052 spldr - ok
11:35:22.0066 2052 SRTSP (b36f8d6a02ff2b3a53e250a629782f29) C:\Windows\system32\Drivers\SRTSP.SYS
11:35:22.0066 2052 SRTSP - ok
11:35:22.0159 2052 SRTSPL (e99bd98ac171a29fc1ba9376be87ae73) C:\Windows\system32\Drivers\SRTSPL.SYS
11:35:22.0159 2052 SRTSPL - ok
11:35:22.0206 2052 SRTSPX (1af34729898063e9b7df8d149d767e07) C:\Windows\system32\Drivers\SRTSPX.SYS
11:35:22.0206 2052 SRTSPX - ok
11:35:22.0300 2052 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:35:22.0300 2052 srv - ok
11:35:22.0331 2052 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:35:22.0347 2052 srv2 - ok
11:35:22.0440 2052 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:35:22.0440 2052 SrvHsfHDA - ok
11:35:22.0503 2052 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:35:22.0518 2052 SrvHsfV92 - ok
11:35:22.0596 2052 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:35:22.0612 2052 SrvHsfWinac - ok
11:35:22.0705 2052 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:35:22.0705 2052 srvnet - ok
11:35:22.0768 2052 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:35:22.0768 2052 stexstor - ok
11:35:22.0861 2052 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:35:22.0861 2052 storflt - ok
11:35:22.0924 2052 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:35:22.0924 2052 storvsc - ok
11:35:22.0955 2052 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:35:22.0955 2052 swenum - ok
11:35:23.0064 2052 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\Windows\system32\Drivers\SYMEVENT.SYS
11:35:23.0080 2052 SymEvent - ok
11:35:23.0127 2052 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
11:35:23.0127 2052 SYMREDRV - ok
11:35:23.0158 2052 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
11:35:23.0158 2052 SYMTDI - ok
11:35:23.0236 2052 Synth3dVsc - ok
11:35:23.0283 2052 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
11:35:23.0283 2052 SynTP - ok
11:35:23.0361 2052 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:35:23.0376 2052 Tcpip - ok
11:35:23.0517 2052 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:35:23.0532 2052 TCPIP6 - ok
11:35:23.0626 2052 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:35:23.0626 2052 tcpipreg - ok
11:35:23.0673 2052 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:35:23.0673 2052 TDPIPE - ok
11:35:23.0688 2052 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
11:35:23.0688 2052 TDTCP - ok
11:35:23.0782 2052 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:35:23.0782 2052 tdx - ok
11:35:23.0813 2052 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:35:23.0813 2052 TermDD - ok
11:35:23.0875 2052 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:35:23.0875 2052 tssecsrv - ok
11:35:23.0969 2052 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:35:23.0969 2052 TsUsbFlt - ok
11:35:24.0000 2052 tsusbhub - ok
11:35:24.0063 2052 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:35:24.0063 2052 tunnel - ok
11:35:24.0141 2052 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:35:24.0141 2052 uagp35 - ok
11:35:24.0203 2052 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:35:24.0219 2052 udfs - ok
11:35:24.0343 2052 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:35:24.0343 2052 uliagpkx - ok
11:35:24.0437 2052 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:35:24.0437 2052 umbus - ok
11:35:24.0499 2052 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:35:24.0499 2052 UmPass - ok
11:35:24.0577 2052 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
11:35:24.0577 2052 USBAAPL - ok
11:35:24.0624 2052 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:35:24.0624 2052 usbccgp - ok
11:35:24.0702 2052 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:35:24.0702 2052 usbcir - ok
11:35:24.0765 2052 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:35:24.0765 2052 usbehci - ok
11:35:24.0811 2052 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:35:24.0811 2052 usbhub - ok
11:35:24.0874 2052 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:35:24.0874 2052 usbohci - ok
11:35:24.0936 2052 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:35:24.0936 2052 usbprint - ok
11:35:24.0999 2052 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
11:35:24.0999 2052 usbscan - ok
11:35:25.0061 2052 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:35:25.0061 2052 USBSTOR - ok
11:35:25.0108 2052 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:35:25.0108 2052 usbuhci - ok
11:35:25.0155 2052 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
11:35:25.0155 2052 usbvideo - ok
11:35:25.0217 2052 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
11:35:25.0217 2052 VClone - ok
11:35:25.0295 2052 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:35:25.0295 2052 vdrvroot - ok
11:35:25.0342 2052 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:35:25.0342 2052 vga - ok
11:35:25.0420 2052 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:35:25.0420 2052 VgaSave - ok
11:35:25.0482 2052 VGPU - ok
11:35:25.0513 2052 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:35:25.0513 2052 vhdmp - ok
11:35:25.0623 2052 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:35:25.0623 2052 viaagp - ok
11:35:25.0701 2052 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:35:25.0701 2052 ViaC7 - ok
11:35:25.0779 2052 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:35:25.0779 2052 viaide - ok
11:35:25.0857 2052 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:35:25.0857 2052 vmbus - ok
11:35:25.0903 2052 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:35:25.0903 2052 VMBusHID - ok
11:35:25.0966 2052 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:35:25.0981 2052 volmgr - ok
11:35:26.0013 2052 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:35:26.0013 2052 volmgrx - ok
11:35:26.0075 2052 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:35:26.0075 2052 volsnap - ok
11:35:26.0137 2052 vpnva - ok
11:35:26.0200 2052 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:35:26.0200 2052 vsmraid - ok
11:35:26.0262 2052 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:35:26.0262 2052 vwifibus - ok
11:35:26.0356 2052 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:35:26.0356 2052 WacomPen - ok
11:35:26.0418 2052 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:35:26.0418 2052 WANARP - ok
11:35:26.0434 2052 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:35:26.0434 2052 Wanarpv6 - ok
11:35:26.0559 2052 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:35:26.0559 2052 Wd - ok
11:35:26.0621 2052 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:35:26.0621 2052 Wdf01000 - ok
11:35:26.0746 2052 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:35:26.0746 2052 WfpLwf - ok
11:35:26.0777 2052 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:35:26.0777 2052 WIMMount - ok
11:35:26.0902 2052 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:35:26.0917 2052 WinUsb - ok
11:35:26.0964 2052 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:35:26.0964 2052 WmiAcpi - ok
11:35:27.0058 2052 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:35:27.0073 2052 ws2ifsl - ok
11:35:27.0120 2052 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:35:27.0120 2052 WudfPf - ok
11:35:27.0198 2052 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:35:27.0198 2052 WUDFRd - ok
11:35:27.0276 2052 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
11:35:27.0276 2052 yukonw7 - ok
11:35:27.0323 2052 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:35:27.0463 2052 \Device\Harddisk0\DR0 - ok
11:35:27.0463 2052 Boot (0x1200) (3f730cbf57481bb956857d5bc266a6db) \Device\Harddisk0\DR0\Partition0
11:35:27.0463 2052 \Device\Harddisk0\DR0\Partition0 - ok
11:35:27.0495 2052 Boot (0x1200) (74feed7c0125360a721c592bf7a2095f) \Device\Harddisk0\DR0\Partition1
11:35:27.0495 2052 \Device\Harddisk0\DR0\Partition1 - ok
11:35:27.0495 2052 ============================================================
11:35:27.0495 2052 Scan finished
11:35:27.0495 2052 ============================================================
11:35:27.0510 4068 Detected object count: 0
11:35:27.0510 4068 Actual detected object count: 0



GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-28 11:25:40
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542525K9SA00 rev.BBFOC3BP
Running: xj202epe.exe; Driver: C:\Users\Amanda\AppData\Local\Temp\uxlirpob.sys


---- System - GMER 1.0.15 ----

SSDT 8648E848 ZwAlertResumeThread
SSDT 864B70B0 ZwAlertThread
SSDT 8648E540 ZwAllocateVirtualMemory
SSDT 86443AC0 ZwConnectPort
SSDT 864ED378 ZwCreateMutant
SSDT 8645B2B0 ZwCreateThread
SSDT 864F70C0 ZwFreeVirtualMemory
SSDT 86513BA8 ZwImpersonateAnonymousToken
SSDT 86505638 ZwImpersonateThread
SSDT 8648EB48 ZwMapViewOfSection
SSDT 8651F748 ZwOpenEvent
SSDT 86454170 ZwOpenProcessToken
SSDT 863EF2C0 ZwOpenThreadToken
SSDT 86458728 ZwResumeThread
SSDT 864AFDD8 ZwSetContextThread
SSDT 864B7F18 ZwSetInformationProcess
SSDT 864CD780 ZwSetInformationThread
SSDT 86504AA8 ZwSuspendProcess
SSDT 863E7AA0 ZwSuspendThread
SSDT 8649CE38 ZwTerminateProcess
SSDT 864B7B10 ZwTerminateThread
SSDT 8649C418 ZwUnmapViewOfSection
SSDT 86513DD8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E4D369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E86D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82E8DD90 8 Bytes CALL F39963DD
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E8DDA8 4 Bytes [40, E5, 48, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82E8DE48 4 Bytes [C0, 3A, 44, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82E8DE84 4 Bytes [78, D3, 4E, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82E8DEB8 4 Bytes [B0, B2, 45, 86]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!LdrLoadDll 7798223E 4 Bytes JMP 6402B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3740] USER32.dll!SetWindowLongA 75ED8BA3 5 Bytes JMP 64403A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3740] USER32.dll!SetWindowLongW 75EE4449 5 Bytes JMP 64403A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3740] USER32.dll!GetWindowInfo 75EE4B5E 5 Bytes JMP 641AC909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3740] USER32.dll!TrackPopupMenu 75EF2228 5 Bytes JMP 641ACEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000081 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\BTHUSB \Device\0000007f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f539b90
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214f539b90 (not active ControlSet)

---- EOF - GMER 1.0.15 ----




aswMBR log:
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 11:36:50
-----------------------------
11:36:50.050 OS Version: Windows 6.1.7601 Service Pack 1
11:36:50.050 Number of processors: 2 586 0xF0D
11:36:50.050 ComputerName: REDDEVIL UserName: Amanda
11:36:51.548 Initialize success
11:37:29.434 AVAST engine defs: 12012800
11:37:31.821 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:37:31.836 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC3BP Size: 238475MB BusType: 11
11:37:32.039 Disk 0 MBR read successfully
11:37:32.039 Disk 0 MBR scan
11:37:32.039 Disk 0 Windows 7 default MBR code
11:37:32.148 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:37:32.335 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
11:37:32.429 Disk 0 scanning sectors +488394752
11:37:33.193 Disk 0 scanning C:\Windows\system32\drivers
11:40:34.060 Service scanning
11:40:35.417 Modules scanning
11:44:59.416 Disk 0 trace - called modules:
11:44:59.510 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
11:44:59.510 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a3ac8]
11:44:59.510 3 CLASSPNP.SYS[8afd859e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85252908]
11:45:01.008 AVAST engine scan C:\Windows
11:50:07.486 AVAST engine scan C:\Windows\system32
12:40:18.073 AVAST engine scan C:\Windows\system32\drivers
12:48:37.898 AVAST engine scan C:\Users\Amanda
20:38:37.945 AVAST engine scan C:\ProgramData
20:55:52.321 Scan finished successfully
21:05:13.734 Disk 0 MBR has been saved successfully to "C:\Users\Amanda\Desktop\MBR.dat"
21:05:13.734 The log file has been saved successfully to "C:\Users\Amanda\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 AM

Posted 29 January 2012 - 08:46 AM

Download

Goored Fix

Launch it(For vista &7,right-click and select Run As Administrator)
When prompted to run the scan, click Yes.
Please post the log in your next reply

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users