Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Virus?


  • Please log in to reply
9 replies to this topic

#1 madmanjim

madmanjim

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 07 February 2012 - 04:10 AM

Just recently noticed Firefox started redirecting me to bogus search engine like sits when clicking on legitimate links (ie a legitimate result on Google, or just while browsing through a website)

My firefox is up-to-date.

I first run a quick scan on, MBAM, and it picked up a few results:

Memory Processes Detected: 3
C:\Users\Jamie.JIMWIN7P01\AppData\Roaming\C8F23\99887.exe (Trojan.Dropper.PE4) -> 4188 -> Delete on reboot.
C:\Program Files (x86)\2357F\lvvm.exe (Trojan.Dropper.PE4) -> 2060 -> Delete on reboot.
C:\Windows\Temp\_ex-68.exe (Trojan.Agent.PE5) -> 4924 -> Delete on reboot.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MozillaAgent (Trojan.Agent.PE5) -> Data: C:\Windows\Temp\_ex-68.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|018.exe (Trojan.Dropper.PE4) -> Data: C:\Program Files (x86)\LP\877C\018.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\Jamie.JIMWIN7P01\AppData\Roaming\C8F23\99887.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:60727 -> Quarantined and deleted successfully.

Files Detected: 5
C:\Users\Jamie.JIMWIN7P01\AppData\Local\Temp\ms0cfg32.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Users\Jamie.JIMWIN7P01\AppData\Roaming\C8F23\99887.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Program Files (x86)\2357F\lvvm.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Windows\Temp\_ex-68.exe (Trojan.Agent.PE5) -> Delete on reboot.
C:\Program Files (x86)\LP\877C\018.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

(end)

The problem still persisted, so I ran a Full Scan on MBAM and found this:

Files Detected: 1
C:\Program Files (x86)\LP\877C\4727.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

The problem still exists and MBAM no longer picks up any issues.

I have also noticed that MBAM is constantly popping up with little notifications regarding Blocking the firefox.exe process from accessing an external IP. EDIT: I found the logs of the blocked IPs.

109.163.226.208 (Type: outgoing, Port: 49401, Process: firefox.exe)
77.79.4.98 (Type: outgoing, Port: 49417, Process: firefox.exe)
77.79.4.98 (Type: outgoing, Port: 49446, Process: firefox.exe)
109.163.226.208 (Type: outgoing, Port: 49313, Process: firefox.exe)
109.163.226.208 (Type: outgoing, Port: 49208, Process: firefox.exe)
109.163.226.208 (Type: outgoing, Port: 49212, Process: firefox.exe)
109.163.226.208 (Type: outgoing, Port: 49443, Process: firefox.exe)
109.163.226.208 (Type: outgoing, Port: 50533, Process: firefox.exe)
109.163.226.208 (Type: outgoing, Port: 50861, Process: firefox.exe)
109.163.226.208 (Type: outgoing, Port: 50942, Process: firefox.exe)


Any help is appreciated!

Thanks,

Jamie

Edited by madmanjim, 07 February 2012 - 04:28 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:11 PM

Posted 07 February 2012 - 08:18 AM

I want you to run a FULL scan OF malwarebytes and make sure that you get a clean log

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 madmanjim

madmanjim
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 08 February 2012 - 06:21 AM

Hi narenxp,

Thanks for the response.

As for GMER, I'm running x64 - So no logs there.

MBAM Full Scan = No Detections.

TDSSKiller Log:

20:08:41.0263 3952	TDSS rootkit removing tool 2.7.10.0 Feb  7 2012 15:14:46
20:08:42.0698 3952	============================================================
20:08:42.0698 3952	Current date / time: 2012/02/08 20:08:42.0698
20:08:42.0698 3952	SystemInfo:
20:08:42.0698 3952	
20:08:42.0698 3952	OS Version: 6.1.7601 ServicePack: 1.0
20:08:42.0698 3952	Product type: Workstation
20:08:42.0698 3952	ComputerName: JIMWIN7P01
20:08:42.0699 3952	UserName: Jamie
20:08:42.0699 3952	Windows directory: C:\Windows
20:08:42.0699 3952	System windows directory: C:\Windows
20:08:42.0699 3952	Running under WOW64
20:08:42.0699 3952	Processor architecture: Intel x64
20:08:42.0699 3952	Number of processors: 2
20:08:42.0699 3952	Page size: 0x1000
20:08:42.0699 3952	Boot type: Normal boot
20:08:42.0699 3952	============================================================
20:08:43.0324 3952	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x50C0B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
20:08:43.0330 3952	\Device\Harddisk0\DR0:
20:08:43.0330 3952	MBR used
20:08:43.0330 3952	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:08:43.0330 3952	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
20:08:43.0349 3952	Initialize success
20:08:43.0349 3952	============================================================
20:08:59.0301 4496	============================================================
20:08:59.0301 4496	Scan started
20:08:59.0301 4496	Mode: Manual; TDLFS; 
20:08:59.0301 4496	============================================================
20:08:59.0863 4496	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:08:59.0882 4496	1394ohci - ok
20:08:59.0943 4496	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:08:59.0948 4496	ACPI - ok
20:09:00.0002 4496	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:09:00.0003 4496	AcpiPmi - ok
20:09:00.0150 4496	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:09:00.0176 4496	adp94xx - ok
20:09:00.0271 4496	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:09:00.0291 4496	adpahci - ok
20:09:00.0324 4496	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:09:00.0339 4496	adpu320 - ok
20:09:00.0437 4496	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:09:00.0461 4496	AFD - ok
20:09:00.0521 4496	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:09:00.0523 4496	agp440 - ok
20:09:01.0004 4496	ALCXWDM         (853ad8bd8ca940d0f5ac2679a6ed439b) C:\Windows\system32\drivers\RTKVAC64.SYS
20:09:01.0085 4496	ALCXWDM - ok
20:09:01.0147 4496	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:09:01.0148 4496	aliide - ok
20:09:01.0169 4496	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:09:01.0170 4496	amdide - ok
20:09:01.0215 4496	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:09:01.0227 4496	AmdK8 - ok
20:09:01.0251 4496	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:09:01.0252 4496	AmdPPM - ok
20:09:01.0290 4496	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:09:01.0291 4496	amdsata - ok
20:09:01.0315 4496	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:09:01.0319 4496	amdsbs - ok
20:09:01.0333 4496	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:09:01.0334 4496	amdxata - ok
20:09:01.0426 4496	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:09:01.0436 4496	AppID - ok
20:09:01.0494 4496	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:09:01.0496 4496	arc - ok
20:09:01.0532 4496	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:09:01.0535 4496	arcsas - ok
20:09:01.0612 4496	arusb_win7x     (ff9daef5ccdb6082c30ce151b768ea28) C:\Windows\system32\DRIVERS\arusb_win7x.sys
20:09:01.0625 4496	arusb_win7x - ok
20:09:01.0663 4496	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:01.0664 4496	AsyncMac - ok
20:09:01.0696 4496	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:09:01.0696 4496	atapi - ok
20:09:01.0799 4496	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
20:09:01.0812 4496	avgntflt - ok
20:09:01.0840 4496	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
20:09:01.0843 4496	avipbb - ok
20:09:01.0885 4496	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:09:01.0892 4496	b06bdrv - ok
20:09:01.0928 4496	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:09:01.0934 4496	b57nd60a - ok
20:09:01.0962 4496	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:09:01.0963 4496	Beep - ok
20:09:02.0022 4496	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:09:02.0024 4496	blbdrive - ok
20:09:02.0095 4496	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:09:02.0105 4496	bowser - ok
20:09:02.0124 4496	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:09:02.0125 4496	BrFiltLo - ok
20:09:02.0148 4496	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:09:02.0149 4496	BrFiltUp - ok
20:09:02.0196 4496	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:09:02.0202 4496	Brserid - ok
20:09:02.0223 4496	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:09:02.0224 4496	BrSerWdm - ok
20:09:02.0244 4496	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:09:02.0245 4496	BrUsbMdm - ok
20:09:02.0264 4496	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:09:02.0265 4496	BrUsbSer - ok
20:09:02.0303 4496	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:09:02.0306 4496	BTHMODEM - ok
20:09:02.0353 4496	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:09:02.0355 4496	cdfs - ok
20:09:02.0434 4496	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:09:02.0437 4496	cdrom - ok
20:09:02.0469 4496	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:09:02.0471 4496	circlass - ok
20:09:02.0509 4496	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:09:02.0533 4496	CLFS - ok
20:09:02.0592 4496	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:09:02.0593 4496	CmBatt - ok
20:09:02.0643 4496	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:09:02.0645 4496	cmdide - ok
20:09:02.0691 4496	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:09:02.0700 4496	CNG - ok
20:09:02.0716 4496	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:09:02.0718 4496	Compbatt - ok
20:09:02.0766 4496	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:09:02.0768 4496	CompositeBus - ok
20:09:02.0801 4496	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:09:02.0803 4496	crcdisk - ok
20:09:02.0877 4496	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:09:02.0886 4496	CSC - ok
20:09:02.0951 4496	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:09:02.0954 4496	DfsC - ok
20:09:02.0997 4496	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:09:02.0999 4496	discache - ok
20:09:03.0046 4496	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:09:03.0048 4496	Disk - ok
20:09:03.0147 4496	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:09:03.0148 4496	drmkaud - ok
20:09:03.0223 4496	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:09:03.0237 4496	DXGKrnl - ok
20:09:03.0394 4496	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:09:03.0470 4496	ebdrv - ok
20:09:03.0550 4496	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:09:03.0569 4496	elxstor - ok
20:09:03.0603 4496	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:09:03.0604 4496	ErrDev - ok
20:09:03.0640 4496	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:09:03.0644 4496	exfat - ok
20:09:03.0682 4496	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:09:03.0694 4496	fastfat - ok
20:09:03.0735 4496	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:09:03.0736 4496	fdc - ok
20:09:03.0772 4496	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:09:03.0774 4496	FileInfo - ok
20:09:03.0798 4496	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:09:03.0800 4496	Filetrace - ok
20:09:03.0822 4496	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:09:03.0824 4496	flpydisk - ok
20:09:03.0868 4496	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:09:03.0873 4496	FltMgr - ok
20:09:03.0905 4496	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:09:03.0907 4496	FsDepends - ok
20:09:03.0927 4496	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:09:03.0929 4496	Fs_Rec - ok
20:09:03.0982 4496	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:09:03.0986 4496	fvevol - ok
20:09:04.0011 4496	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:09:04.0013 4496	gagp30kx - ok
20:09:04.0062 4496	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:09:04.0064 4496	GEARAspiWDM - ok
20:09:04.0100 4496	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:09:04.0102 4496	hcw85cir - ok
20:09:04.0148 4496	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:09:04.0151 4496	HDAudBus - ok
20:09:04.0166 4496	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:09:04.0168 4496	HidBatt - ok
20:09:04.0198 4496	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:09:04.0200 4496	HidBth - ok
20:09:04.0234 4496	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:09:04.0250 4496	HidIr - ok
20:09:04.0305 4496	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:09:04.0310 4496	HidUsb - ok
20:09:04.0360 4496	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:09:04.0362 4496	HpSAMD - ok
20:09:04.0448 4496	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:09:04.0471 4496	HTTP - ok
20:09:04.0529 4496	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:09:04.0530 4496	hwpolicy - ok
20:09:04.0596 4496	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:09:04.0611 4496	i8042prt - ok
20:09:04.0653 4496	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:09:04.0660 4496	iaStorV - ok
20:09:04.0709 4496	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:09:04.0712 4496	iirsp - ok
20:09:04.0764 4496	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:09:04.0766 4496	intelide - ok
20:09:04.0805 4496	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:09:04.0807 4496	intelppm - ok
20:09:04.0878 4496	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:09:04.0893 4496	IpFilterDriver - ok
20:09:04.0943 4496	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:09:04.0946 4496	IPMIDRV - ok
20:09:04.0985 4496	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:09:04.0988 4496	IPNAT - ok
20:09:05.0047 4496	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:09:05.0048 4496	IRENUM - ok
20:09:05.0095 4496	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:09:05.0096 4496	isapnp - ok
20:09:05.0139 4496	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:09:05.0145 4496	iScsiPrt - ok
20:09:05.0186 4496	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:09:05.0188 4496	kbdclass - ok
20:09:05.0233 4496	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:09:05.0235 4496	kbdhid - ok
20:09:05.0266 4496	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:09:05.0275 4496	KSecDD - ok
20:09:05.0296 4496	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:09:05.0300 4496	KSecPkg - ok
20:09:05.0346 4496	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:09:05.0348 4496	ksthunk - ok
20:09:05.0405 4496	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:09:05.0407 4496	lltdio - ok
20:09:05.0469 4496	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:09:05.0472 4496	LSI_FC - ok
20:09:05.0507 4496	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:09:05.0523 4496	LSI_SAS - ok
20:09:05.0548 4496	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:09:05.0551 4496	LSI_SAS2 - ok
20:09:05.0581 4496	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:09:05.0583 4496	LSI_SCSI - ok
20:09:05.0620 4496	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:09:05.0622 4496	luafv - ok
20:09:05.0676 4496	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:09:05.0677 4496	MBAMProtector - ok
20:09:05.0729 4496	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:09:05.0731 4496	megasas - ok
20:09:05.0782 4496	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:09:05.0791 4496	MegaSR - ok
20:09:05.0834 4496	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:09:05.0848 4496	Modem - ok
20:09:05.0882 4496	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:09:05.0883 4496	monitor - ok
20:09:05.0926 4496	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:09:05.0936 4496	mouclass - ok
20:09:05.0964 4496	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:09:05.0966 4496	mouhid - ok
20:09:06.0012 4496	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:09:06.0015 4496	mountmgr - ok
20:09:06.0062 4496	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:09:06.0067 4496	mpio - ok
20:09:06.0092 4496	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:09:06.0094 4496	mpsdrv - ok
20:09:06.0158 4496	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:09:06.0161 4496	MRxDAV - ok
20:09:06.0209 4496	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:09:06.0212 4496	mrxsmb - ok
20:09:06.0311 4496	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:09:06.0324 4496	mrxsmb10 - ok
20:09:06.0352 4496	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:09:06.0355 4496	mrxsmb20 - ok
20:09:06.0401 4496	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:09:06.0413 4496	msahci - ok
20:09:06.0460 4496	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:09:06.0464 4496	msdsm - ok
20:09:06.0504 4496	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:09:06.0505 4496	Msfs - ok
20:09:06.0565 4496	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:09:06.0570 4496	mshidkmdf - ok
20:09:06.0611 4496	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:09:06.0612 4496	msisadrv - ok
20:09:06.0652 4496	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:09:06.0654 4496	MSKSSRV - ok
20:09:06.0669 4496	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:09:06.0670 4496	MSPCLOCK - ok
20:09:06.0679 4496	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:09:06.0681 4496	MSPQM - ok
20:09:06.0787 4496	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:09:06.0797 4496	MsRPC - ok
20:09:06.0847 4496	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:09:06.0848 4496	mssmbios - ok
20:09:06.0939 4496	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:09:06.0940 4496	MSTEE - ok
20:09:06.0969 4496	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:09:06.0970 4496	MTConfig - ok
20:09:07.0052 4496	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
20:09:07.0060 4496	MTsensor - ok
20:09:07.0100 4496	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:09:07.0102 4496	Mup - ok
20:09:07.0194 4496	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:09:07.0222 4496	NativeWifiP - ok
20:09:07.0435 4496	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:09:07.0471 4496	NDIS - ok
20:09:07.0568 4496	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:09:07.0594 4496	NdisCap - ok
20:09:07.0647 4496	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:09:07.0648 4496	NdisTapi - ok
20:09:07.0702 4496	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:09:07.0707 4496	Ndisuio - ok
20:09:07.0753 4496	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:09:07.0757 4496	NdisWan - ok
20:09:07.0801 4496	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:09:07.0803 4496	NDProxy - ok
20:09:07.0861 4496	Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
20:09:07.0862 4496	Netaapl - ok
20:09:07.0916 4496	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:09:07.0918 4496	NetBIOS - ok
20:09:07.0958 4496	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:09:07.0962 4496	NetBT - ok
20:09:08.0023 4496	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:09:08.0025 4496	nfrd960 - ok
20:09:08.0068 4496	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:09:08.0070 4496	Npfs - ok
20:09:08.0096 4496	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:09:08.0097 4496	nsiproxy - ok
20:09:08.0166 4496	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:09:08.0218 4496	Ntfs - ok
20:09:08.0260 4496	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:09:08.0262 4496	Null - ok
20:09:08.0317 4496	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:09:08.0324 4496	NVENETFD - ok
20:09:08.0618 4496	nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:09:08.0855 4496	nvlddmkm - ok
20:09:08.0978 4496	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:09:08.0981 4496	nvraid - ok
20:09:09.0022 4496	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:09:09.0025 4496	nvstor - ok
20:09:09.0084 4496	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:09:09.0087 4496	nv_agp - ok
20:09:09.0151 4496	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:09:09.0153 4496	ohci1394 - ok
20:09:09.0213 4496	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:09:09.0216 4496	Parport - ok
20:09:09.0256 4496	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:09:09.0258 4496	partmgr - ok
20:09:09.0298 4496	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:09:09.0303 4496	pci - ok
20:09:09.0319 4496	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:09:09.0320 4496	pciide - ok
20:09:09.0342 4496	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:09:09.0350 4496	pcmcia - ok
20:09:09.0392 4496	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:09:09.0394 4496	pcw - ok
20:09:09.0431 4496	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:09:09.0449 4496	PEAUTH - ok
20:09:09.0546 4496	Point64         (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
20:09:09.0548 4496	Point64 - ok
20:09:09.0609 4496	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:09:09.0613 4496	PptpMiniport - ok
20:09:09.0631 4496	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:09:09.0633 4496	Processor - ok
20:09:09.0686 4496	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:09:09.0689 4496	Psched - ok
20:09:09.0740 4496	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:09:09.0775 4496	ql2300 - ok
20:09:09.0801 4496	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:09:09.0804 4496	ql40xx - ok
20:09:09.0826 4496	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:09:09.0828 4496	QWAVEdrv - ok
20:09:09.0853 4496	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:09:09.0855 4496	RasAcd - ok
20:09:09.0894 4496	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:09:09.0896 4496	RasAgileVpn - ok
20:09:09.0956 4496	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:09:09.0958 4496	Rasl2tp - ok
20:09:10.0001 4496	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:09:10.0003 4496	RasPppoe - ok
20:09:10.0036 4496	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:09:10.0038 4496	RasSstp - ok
20:09:10.0095 4496	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:09:10.0100 4496	rdbss - ok
20:09:10.0125 4496	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:09:10.0125 4496	rdpbus - ok
20:09:10.0138 4496	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:09:10.0140 4496	RDPCDD - ok
20:09:10.0185 4496	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:09:10.0188 4496	RDPDR - ok
20:09:10.0196 4496	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:09:10.0200 4496	RDPENCDD - ok
20:09:10.0222 4496	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:09:10.0223 4496	RDPREFMP - ok
20:09:10.0268 4496	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:09:10.0273 4496	RDPWD - ok
20:09:10.0317 4496	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:09:10.0321 4496	rdyboost - ok
20:09:10.0372 4496	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:09:10.0374 4496	rspndr - ok
20:09:10.0409 4496	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:09:10.0411 4496	s3cap - ok
20:09:10.0477 4496	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:09:10.0480 4496	sbp2port - ok
20:09:10.0528 4496	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:09:10.0529 4496	scfilter - ok
20:09:10.0570 4496	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:09:10.0572 4496	secdrv - ok
20:09:10.0605 4496	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:09:10.0607 4496	Serenum - ok
20:09:10.0636 4496	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:09:10.0639 4496	Serial - ok
20:09:10.0684 4496	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:09:10.0686 4496	sermouse - ok
20:09:10.0750 4496	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:09:10.0752 4496	sffdisk - ok
20:09:10.0789 4496	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:09:10.0790 4496	sffp_mmc - ok
20:09:10.0832 4496	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:09:10.0833 4496	sffp_sd - ok
20:09:10.0854 4496	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:09:10.0855 4496	sfloppy - ok
20:09:10.0901 4496	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:09:10.0903 4496	SiSRaid2 - ok
20:09:10.0921 4496	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:09:10.0923 4496	SiSRaid4 - ok
20:09:10.0951 4496	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:09:10.0954 4496	Smb - ok
20:09:10.0982 4496	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:09:10.0984 4496	spldr - ok
20:09:11.0038 4496	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:09:11.0055 4496	srv - ok
20:09:11.0098 4496	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:09:11.0104 4496	srv2 - ok
20:09:11.0171 4496	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:09:11.0175 4496	srvnet - ok
20:09:11.0220 4496	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:09:11.0221 4496	stexstor - ok
20:09:11.0277 4496	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:09:11.0279 4496	storflt - ok
20:09:11.0297 4496	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:09:11.0299 4496	storvsc - ok
20:09:11.0338 4496	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:09:11.0339 4496	swenum - ok
20:09:11.0430 4496	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:09:11.0475 4496	Tcpip - ok
20:09:11.0555 4496	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:09:11.0568 4496	TCPIP6 - ok
20:09:11.0610 4496	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:09:11.0612 4496	tcpipreg - ok
20:09:11.0642 4496	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:09:11.0644 4496	TDPIPE - ok
20:09:11.0659 4496	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:09:11.0660 4496	TDTCP - ok
20:09:11.0715 4496	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:09:11.0718 4496	tdx - ok
20:09:11.0773 4496	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:09:11.0775 4496	TermDD - ok
20:09:11.0871 4496	truecrypt       (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
20:09:11.0875 4496	truecrypt - ok
20:09:11.0930 4496	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:09:11.0932 4496	tssecsrv - ok
20:09:11.0976 4496	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:09:11.0978 4496	TsUsbFlt - ok
20:09:12.0045 4496	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:09:12.0047 4496	tunnel - ok
20:09:12.0086 4496	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:09:12.0087 4496	uagp35 - ok
20:09:12.0122 4496	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:09:12.0128 4496	udfs - ok
20:09:12.0180 4496	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:09:12.0182 4496	uliagpkx - ok
20:09:12.0212 4496	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:09:12.0213 4496	umbus - ok
20:09:12.0238 4496	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:09:12.0239 4496	UmPass - ok
20:09:12.0283 4496	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:09:12.0284 4496	USBAAPL64 - ok
20:09:12.0314 4496	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:09:12.0317 4496	usbaudio - ok
20:09:12.0348 4496	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:09:12.0350 4496	usbccgp - ok
20:09:12.0383 4496	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:09:12.0386 4496	usbcir - ok
20:09:12.0426 4496	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:09:12.0427 4496	usbehci - ok
20:09:12.0471 4496	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:09:12.0477 4496	usbhub - ok
20:09:12.0506 4496	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:09:12.0507 4496	usbohci - ok
20:09:12.0532 4496	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:09:12.0533 4496	usbprint - ok
20:09:12.0566 4496	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:09:12.0568 4496	USBSTOR - ok
20:09:12.0610 4496	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:09:12.0611 4496	usbuhci - ok
20:09:12.0650 4496	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
20:09:12.0652 4496	usb_rndisx - ok
20:09:12.0696 4496	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:09:12.0698 4496	vdrvroot - ok
20:09:12.0719 4496	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:09:12.0721 4496	vga - ok
20:09:12.0742 4496	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:09:12.0744 4496	VgaSave - ok
20:09:12.0779 4496	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:09:12.0784 4496	vhdmp - ok
20:09:12.0803 4496	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:09:12.0805 4496	viaide - ok
20:09:12.0838 4496	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:09:12.0842 4496	vmbus - ok
20:09:12.0864 4496	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:09:12.0865 4496	VMBusHID - ok
20:09:12.0882 4496	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:09:12.0885 4496	volmgr - ok
20:09:12.0927 4496	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:09:12.0933 4496	volmgrx - ok
20:09:12.0969 4496	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:09:12.0975 4496	volsnap - ok
20:09:13.0000 4496	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:09:13.0004 4496	vsmraid - ok
20:09:13.0020 4496	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:09:13.0022 4496	vwifibus - ok
20:09:13.0056 4496	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:09:13.0058 4496	vwififlt - ok
20:09:13.0092 4496	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:09:13.0094 4496	WacomPen - ok
20:09:13.0124 4496	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:09:13.0125 4496	WANARP - ok
20:09:13.0132 4496	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:09:13.0133 4496	Wanarpv6 - ok
20:09:13.0182 4496	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:09:13.0184 4496	Wd - ok
20:09:13.0216 4496	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:09:13.0228 4496	Wdf01000 - ok
20:09:13.0291 4496	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:09:13.0292 4496	WfpLwf - ok
20:09:13.0326 4496	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:09:13.0328 4496	WIMMount - ok
20:09:13.0391 4496	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:09:13.0392 4496	WinUsb - ok
20:09:13.0432 4496	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:09:13.0433 4496	WmiAcpi - ok
20:09:13.0470 4496	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:09:13.0472 4496	ws2ifsl - ok
20:09:13.0516 4496	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:09:13.0519 4496	WudfPf - ok
20:09:13.0540 4496	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:09:13.0542 4496	WUDFRd - ok
20:09:13.0595 4496	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:09:13.0600 4496	yukonw7 - ok
20:09:13.0636 4496	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:09:13.0700 4496	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:09:13.0700 4496	\Device\Harddisk0\DR0 - detected TDSS File System (1)
20:09:13.0705 4496	Boot (0x1200)   (536b02dabbeb6ca09d2da9f3d57540c1) \Device\Harddisk0\DR0\Partition0
20:09:13.0706 4496	\Device\Harddisk0\DR0\Partition0 - ok
20:09:13.0734 4496	Boot (0x1200)   (86a4149eb00b184432d05a3be95f2417) \Device\Harddisk0\DR0\Partition1
20:09:13.0735 4496	\Device\Harddisk0\DR0\Partition1 - ok
20:09:13.0735 4496	============================================================
20:09:13.0735 4496	Scan finished
20:09:13.0735 4496	============================================================
20:09:13.0753 4596	Detected object count: 1
20:09:13.0753 4596	Actual detected object count: 1
20:09:29.0460 4596	\Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
20:09:29.0462 4596	\Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:09:29.0464 4596	\Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:09:29.0466 4596	\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:09:29.0469 4596	\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:09:29.0479 4596	\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:09:29.0485 4596	\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:09:29.0490 4596	\Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:09:29.0495 4596	\Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:09:29.0497 4596	\Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
20:09:29.0497 4596	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine 
20:09:35.0538 2132	Deinitialize success

aswMBR Log:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-08 20:12:00
-----------------------------
20:12:00.865    OS Version: Windows x64 6.1.7601 Service Pack 1
20:12:00.865    Number of processors: 2 586 0x2B01
20:12:00.868    ComputerName: JIMWIN7P01  UserName: Jamie
20:12:02.452    Initialize success
20:22:16.381    AVAST engine defs: 12020701
20:24:46.672    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:24:46.677    Disk 0 Vendor: ST3320620AS 3.AAJ Size: 305245MB BusType: 3
20:24:46.693    Disk 0 MBR read successfully
20:24:46.696    Disk 0 MBR scan
20:24:46.703    Disk 0 Windows 7 default MBR code
20:24:46.712    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:24:46.724    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305143 MB offset 206848
20:24:46.732    Service scanning
20:24:49.101    Modules scanning
20:24:49.106    Disk 0 trace - called modules:
20:24:49.117    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
20:24:49.122    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd3430]
20:24:49.126    3 CLASSPNP.SYS[fffff8800197943f] -> nt!IofCallDriver -> [0xfffffa80046f2520]
20:24:49.134    5 ACPI.sys[fffff88000ea77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80046ee680]
20:24:50.289    AVAST engine scan C:\Windows
20:24:53.413    AVAST engine scan C:\Windows\system32
20:29:38.220    AVAST engine scan C:\Windows\system32\drivers
20:30:01.520    AVAST engine scan C:\Users\Jamie.JIMWIN7P01
20:57:35.126    AVAST engine scan C:\ProgramData
20:58:22.338    Scan finished successfully
21:00:13.700    Disk 0 MBR has been saved successfully to "C:\MBR.dat"
21:00:13.707    The log file has been saved successfully to "C:\aswMBR.txt"


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:11 PM

Posted 08 February 2012 - 08:24 AM

I want you to run TDSSkiller once and post the log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Let me know if you still face redirects

#5 madmanjim

madmanjim
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 09 February 2012 - 11:53 PM

ESET Log:

C:\Program Files (x86)\LP\877C\F198.exe	a variant of Win32/Kryptik.ZXC trojan	cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_20.08.42\tdlfs0000\tsk0003.dta	Win32/Olmarik.AFK trojan	cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_20.08.42\tdlfs0000\tsk0004.dta	Win64/Olmarik.K trojan	cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_20.08.42\tdlfs0000\tsk0005.dta	Win32/Olmarik.ALK trojan	cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_20.08.42\tdlfs0000\tsk0006.dta	Win64/Olmarik.K trojan	cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_20.08.42\tdlfs0000\tsk0007.dta	Win32/Olmarik.ADZ trojan	cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.02.2012_20.08.42\tdlfs0000\tsk0008.dta	Win64/Olmarik.A trojan	cleaned by deleting - quarantined

Toolbox Result:

MiniToolBox by Farbar  Version: 18-01-2012
Ran by Jamie (administrator) on 10-02-2012 at 14:50:36
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost








































































































































































































109.163.226.208 www.google-analytics.com.
109.163.226.208 ad-emea.doubleclick.net.
109.163.226.208 www.statcounter.com.
67.215.245.19 www.google-analytics.com.
67.215.245.19 ad-emea.doubleclick.net.
67.215.245.19 www.statcounter.com.

127.0.0.1       localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = NIC 1 - Local Area Connection (Connected)
Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller = NIC 2- DISABLED (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : JIMWIN7P01
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dmz1.robslab.com.au

Ethernet adapter NIC 1 - Local Area Connection:

   Connection-specific DNS Suffix  . : dmz1.robslab.com.au
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-E0-18-99-88-77
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.17.17.105(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, 10 February 2012 2:40:20 PM
   Lease Expires . . . . . . . . . . : Saturday, 11 February 2012 2:40:20 AM
   Default Gateway . . . . . . . . . : 10.17.17.254
   DHCP Server . . . . . . . . . . . : 10.17.17.254
   DNS Servers . . . . . . . . . . . : 10.17.17.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter NIC 2- DISABLED:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-15-F2-94-E1-65
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  hicr-rtr04.dmz1.robslab.com.au
Address:  10.17.17.254

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com.com.au
Address:  174.122.148.154


Pinging google.com [173.194.38.114] with 32 bytes of data:
Reply from 173.194.38.114: bytes=32 time=142ms TTL=54
Reply from 173.194.38.114: bytes=32 time=140ms TTL=54

Ping statistics for 173.194.38.114:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 140ms, Maximum = 142ms, Average = 141ms
Server:  hicr-rtr04.dmz1.robslab.com.au
Address:  10.17.17.254

DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com.com.au
Address:  174.122.148.154


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=329ms TTL=46
Reply from 98.139.183.24: bytes=32 time=252ms TTL=46

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 252ms, Maximum = 329ms, Average = 290ms
Server:  hicr-rtr04.dmz1.robslab.com.au
Address:  10.17.17.254

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    bleepingcomputer.com
Address:  208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=7ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 7ms, Average = 4ms
===========================================================================
Interface List
 10...00 e0 18 99 88 77 ......NVIDIA nForce Networking Controller
 11...00 15 f2 94 e1 65 ......Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.17.17.254     10.17.17.105     20
       10.17.17.0    255.255.255.0         On-link      10.17.17.105    276
     10.17.17.105  255.255.255.255         On-link      10.17.17.105    276
     10.17.17.255  255.255.255.255         On-link      10.17.17.105    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      10.17.17.105    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      10.17.17.105    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/10/2012 02:40:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/10/2012 02:40:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/09/2012 11:34:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6422

Error: (02/09/2012 11:34:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6422

Error: (02/09/2012 11:34:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2012 11:34:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4359

Error: (02/09/2012 11:34:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4359

Error: (02/09/2012 11:34:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2012 11:34:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2188

Error: (02/09/2012 11:34:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2188


System errors:
=============
Error: (02/10/2012 02:40:42 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vsmraid

Error: (02/09/2012 03:46:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vsmraid

Error: (02/08/2012 04:08:02 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vsmraid

Error: (02/08/2012 04:07:35 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:05:13 PM on ?8/?02/?2012 was unexpected.

Error: (02/08/2012 03:36:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vsmraid

Error: (02/07/2012 05:06:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vsmraid

Error: (02/07/2012 03:55:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vsmraid

Error: (02/06/2012 06:36:21 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vsmraid

Error: (02/06/2012 03:52:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vsmraid

Error: (02/05/2012 01:25:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vsmraid


Microsoft Office Sessions:
=========================
Error: (02/10/2012 02:40:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/10/2012 02:40:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/09/2012 11:34:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6422

Error: (02/09/2012 11:34:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6422

Error: (02/09/2012 11:34:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2012 11:34:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4359

Error: (02/09/2012 11:34:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4359

Error: (02/09/2012 11:34:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2012 11:34:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2188

Error: (02/09/2012 11:34:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2188


=========================== Installed Programs ============================

Active@ ZDelete (Version: 6.0.22)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
µTorrent (Version: 2.2.0)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.704)
Bonjour (Version: 3.0.0.10)
ConvertXtoDVD 4.1.10.348 (Version: 4.1.10.348)
CopyTrans Suite Remove Only (Version: 2.27)
D3DX10 (Version: 15.4.2368.0902)
DVD Shrink 3.2
e-tax 2011 (Version: 7.1.617)
ESET Online Scanner v3
FileZilla Client 3.5.0 (Version: 3.5.0)
foobar2000 v1.1.1 (Version: 1.1.1)
FrostWire 4.21.8 (Version: 4.21.8.0)
FrostWire 5.1.4 (Version: 5.1.4.0)
iCloud (Version: 1.0.1.29)
ImgBurn (Version: 2.5.5.0)
iPhoneBrowser (Version: 1.9.3)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220)
Java(TM) 6 Update 30 (Version: 6.0.300)
Java(TM) SE Development Kit 6 Update 22 (64-bit) (Version: 1.6.0.220)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.0 (Version: 8.01.249.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIRC (Version: 7.17)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 10.0 (x86 en-US) (Version: 10.0)
MSVCRT (Version: 15.4.2862.0708)
NewsLeecher v4.0 Final
PDFCreator (Version: 1.1.0)
Pod to PC 4.012
QuickPar 0.9 (Version: 0.9)
QuickTime (Version: 7.71.80.42)
Realtek AC'97 Audio (Version: 5.37)
Samsung AllShare (Version: 2.1.0.11123_8)
TeamViewer 6 (Version: 6.0.9895)
The Sims™ 2 Double Deluxe
TP-LINK Wireless Client Utility (Version: 2.0)
TrueCrypt (Version: 7.0a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
VirtualDJ Home FREE (Version: 7.0.5)
VLC media player 1.1.10 (Version: 1.1.10)
WhiteCap (Version: 5.7.1)
Windows 7 USB/DVD Download Tool (Version: 1.0.24.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinRAR 4.00 beta 2 (64-bit) (Version: 4.00.2)

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 4095.29 MB
Available physical RAM: 2679.99 MB
Total Pagefile: 8188.77 MB
Available Pagefile: 6506.66 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.21 MB

========================= Partitions: =====================================

2 Drive c: (SYSTEM) (Fixed) (Total:297.99 GB) (Free:183.45 GB) NTFS

========================= Users: ========================================

User accounts for \\JIMWIN7P01

Guest                    Jamie                    LocalAdmin               


**** End of log ****

Still have redirects, and MBAM alerts regarding suspicious outgoing activity.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:11 PM

Posted 10 February 2012 - 12:07 AM

I want you to run TDSSkiller once again and post the latest log located in C drive

Did you run MBAM -Full scan?

Post mbam log too

#7 madmanjim

madmanjim
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 10 February 2012 - 04:03 AM

19:00:53.0452 3696	TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
19:00:54.0296 3696	============================================================
19:00:54.0296 3696	Current date / time: 2012/02/10 19:00:54.0296
19:00:54.0296 3696	SystemInfo:
19:00:54.0296 3696	
19:00:54.0296 3696	OS Version: 6.1.7601 ServicePack: 1.0
19:00:54.0296 3696	Product type: Workstation
19:00:54.0296 3696	ComputerName: JIMWIN7P01
19:00:54.0296 3696	UserName: Jamie
19:00:54.0296 3696	Windows directory: C:\Windows
19:00:54.0296 3696	System windows directory: C:\Windows
19:00:54.0296 3696	Running under WOW64
19:00:54.0296 3696	Processor architecture: Intel x64
19:00:54.0296 3696	Number of processors: 2
19:00:54.0296 3696	Page size: 0x1000
19:00:54.0296 3696	Boot type: Normal boot
19:00:54.0296 3696	============================================================
19:00:54.0781 3696	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x50C0B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
19:00:54.0796 3696	\Device\Harddisk0\DR0:
19:00:54.0796 3696	MBR used
19:00:54.0796 3696	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:00:54.0796 3696	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
19:00:54.0812 3696	Initialize success
19:00:54.0812 3696	============================================================
19:01:00.0007 3412	============================================================
19:01:00.0007 3412	Scan started
19:01:00.0007 3412	Mode: Manual; TDLFS; 
19:01:00.0007 3412	============================================================
19:01:00.0541 3412	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:01:00.0541 3412	1394ohci - ok
19:01:00.0588 3412	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:01:00.0604 3412	ACPI - ok
19:01:00.0651 3412	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:01:00.0651 3412	AcpiPmi - ok
19:01:00.0745 3412	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:01:00.0760 3412	adp94xx - ok
19:01:00.0807 3412	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:01:00.0807 3412	adpahci - ok
19:01:00.0838 3412	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:01:00.0838 3412	adpu320 - ok
19:01:00.0901 3412	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:01:00.0901 3412	AFD - ok
19:01:00.0963 3412	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:01:00.0963 3412	agp440 - ok
19:01:01.0088 3412	ALCXWDM         (853ad8bd8ca940d0f5ac2679a6ed439b) C:\Windows\system32\drivers\RTKVAC64.SYS
19:01:01.0166 3412	ALCXWDM - ok
19:01:01.0213 3412	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:01:01.0213 3412	aliide - ok
19:01:01.0263 3412	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:01:01.0263 3412	amdide - ok
19:01:01.0341 3412	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:01:01.0341 3412	AmdK8 - ok
19:01:01.0357 3412	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:01:01.0357 3412	AmdPPM - ok
19:01:01.0451 3412	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:01:01.0451 3412	amdsata - ok
19:01:01.0482 3412	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:01:01.0482 3412	amdsbs - ok
19:01:01.0513 3412	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:01:01.0513 3412	amdxata - ok
19:01:01.0591 3412	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:01:01.0591 3412	AppID - ok
19:01:01.0763 3412	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:01:01.0794 3412	arc - ok
19:01:01.0919 3412	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:01:01.0919 3412	arcsas - ok
19:01:01.0998 3412	arusb_win7x     (ff9daef5ccdb6082c30ce151b768ea28) C:\Windows\system32\DRIVERS\arusb_win7x.sys
19:01:01.0998 3412	arusb_win7x - ok
19:01:02.0060 3412	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:01:02.0060 3412	AsyncMac - ok
19:01:02.0107 3412	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:01:02.0107 3412	atapi - ok
19:01:02.0216 3412	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
19:01:02.0216 3412	avgntflt - ok
19:01:02.0232 3412	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
19:01:02.0232 3412	avipbb - ok
19:01:02.0311 3412	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:01:02.0327 3412	b06bdrv - ok
19:01:02.0390 3412	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:01:02.0390 3412	b57nd60a - ok
19:01:02.0437 3412	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:01:02.0437 3412	Beep - ok
19:01:02.0484 3412	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:01:02.0484 3412	blbdrive - ok
19:01:02.0656 3412	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:01:02.0656 3412	bowser - ok
19:01:02.0671 3412	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:01:02.0671 3412	BrFiltLo - ok
19:01:02.0703 3412	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:01:02.0703 3412	BrFiltUp - ok
19:01:02.0765 3412	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:01:02.0765 3412	Brserid - ok
19:01:02.0781 3412	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:01:02.0781 3412	BrSerWdm - ok
19:01:02.0812 3412	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:01:02.0812 3412	BrUsbMdm - ok
19:01:02.0828 3412	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:01:02.0843 3412	BrUsbSer - ok
19:01:02.0859 3412	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:01:02.0875 3412	BTHMODEM - ok
19:01:02.0906 3412	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:01:02.0906 3412	cdfs - ok
19:01:02.0953 3412	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:01:02.0953 3412	cdrom - ok
19:01:03.0000 3412	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:01:03.0015 3412	circlass - ok
19:01:03.0062 3412	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:01:03.0062 3412	CLFS - ok
19:01:03.0140 3412	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:01:03.0140 3412	CmBatt - ok
19:01:03.0234 3412	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:01:03.0234 3412	cmdide - ok
19:01:03.0298 3412	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:01:03.0298 3412	CNG - ok
19:01:03.0330 3412	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:01:03.0330 3412	Compbatt - ok
19:01:03.0376 3412	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:01:03.0376 3412	CompositeBus - ok
19:01:03.0423 3412	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:01:03.0423 3412	crcdisk - ok
19:01:03.0501 3412	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:01:03.0533 3412	CSC - ok
19:01:03.0595 3412	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:01:03.0595 3412	DfsC - ok
19:01:03.0626 3412	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:01:03.0626 3412	discache - ok
19:01:03.0673 3412	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:01:03.0673 3412	Disk - ok
19:01:03.0736 3412	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:01:03.0736 3412	drmkaud - ok
19:01:03.0798 3412	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:01:03.0830 3412	DXGKrnl - ok
19:01:03.0908 3412	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:01:03.0986 3412	ebdrv - ok
19:01:04.0033 3412	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:01:04.0048 3412	elxstor - ok
19:01:04.0080 3412	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:01:04.0080 3412	ErrDev - ok
19:01:04.0126 3412	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:01:04.0126 3412	exfat - ok
19:01:04.0142 3412	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:01:04.0158 3412	fastfat - ok
19:01:04.0173 3412	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:01:04.0173 3412	fdc - ok
19:01:04.0205 3412	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:01:04.0205 3412	FileInfo - ok
19:01:04.0220 3412	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:01:04.0220 3412	Filetrace - ok
19:01:04.0251 3412	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:01:04.0251 3412	flpydisk - ok
19:01:04.0331 3412	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:01:04.0346 3412	FltMgr - ok
19:01:04.0424 3412	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:01:04.0424 3412	FsDepends - ok
19:01:04.0440 3412	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:01:04.0440 3412	Fs_Rec - ok
19:01:04.0502 3412	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:01:04.0502 3412	fvevol - ok
19:01:04.0549 3412	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:01:04.0549 3412	gagp30kx - ok
19:01:04.0643 3412	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:01:04.0643 3412	GEARAspiWDM - ok
19:01:04.0706 3412	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:01:04.0721 3412	hcw85cir - ok
19:01:04.0799 3412	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:01:04.0815 3412	HDAudBus - ok
19:01:04.0862 3412	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:01:04.0862 3412	HidBatt - ok
19:01:04.0893 3412	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:01:04.0893 3412	HidBth - ok
19:01:04.0924 3412	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:01:04.0924 3412	HidIr - ok
19:01:04.0971 3412	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:01:04.0987 3412	HidUsb - ok
19:01:05.0034 3412	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:01:05.0049 3412	HpSAMD - ok
19:01:05.0143 3412	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:01:05.0174 3412	HTTP - ok
19:01:05.0221 3412	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:01:05.0221 3412	hwpolicy - ok
19:01:05.0299 3412	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:01:05.0299 3412	i8042prt - ok
19:01:05.0331 3412	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:01:05.0346 3412	iaStorV - ok
19:01:05.0377 3412	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:01:05.0377 3412	iirsp - ok
19:01:05.0393 3412	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:01:05.0393 3412	intelide - ok
19:01:05.0424 3412	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:01:05.0424 3412	intelppm - ok
19:01:05.0456 3412	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:01:05.0456 3412	IpFilterDriver - ok
19:01:05.0502 3412	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:01:05.0502 3412	IPMIDRV - ok
19:01:05.0549 3412	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:01:05.0549 3412	IPNAT - ok
19:01:05.0596 3412	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:01:05.0596 3412	IRENUM - ok
19:01:05.0643 3412	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:01:05.0643 3412	isapnp - ok
19:01:05.0690 3412	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:01:05.0690 3412	iScsiPrt - ok
19:01:05.0721 3412	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:01:05.0721 3412	kbdclass - ok
19:01:05.0752 3412	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:01:05.0752 3412	kbdhid - ok
19:01:05.0799 3412	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:01:05.0815 3412	KSecDD - ok
19:01:05.0846 3412	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:01:05.0846 3412	KSecPkg - ok
19:01:05.0956 3412	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:01:05.0956 3412	ksthunk - ok
19:01:06.0096 3412	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:01:06.0096 3412	lltdio - ok
19:01:06.0190 3412	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:01:06.0190 3412	LSI_FC - ok
19:01:06.0237 3412	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:01:06.0237 3412	LSI_SAS - ok
19:01:06.0284 3412	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:01:06.0284 3412	LSI_SAS2 - ok
19:01:06.0356 3412	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:01:06.0359 3412	LSI_SCSI - ok
19:01:06.0403 3412	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:01:06.0404 3412	luafv - ok
19:01:06.0442 3412	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:01:06.0442 3412	MBAMProtector - ok
19:01:06.0489 3412	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:01:06.0489 3412	megasas - ok
19:01:06.0520 3412	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:01:06.0520 3412	MegaSR - ok
19:01:06.0536 3412	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:01:06.0551 3412	Modem - ok
19:01:06.0567 3412	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:01:06.0567 3412	monitor - ok
19:01:06.0614 3412	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
19:01:06.0614 3412	mouclass - ok
19:01:06.0645 3412	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:01:06.0645 3412	mouhid - ok
19:01:06.0676 3412	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:01:06.0676 3412	mountmgr - ok
19:01:06.0801 3412	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:01:06.0817 3412	mpio - ok
19:01:07.0020 3412	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:01:07.0020 3412	mpsdrv - ok
19:01:07.0239 3412	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:01:07.0239 3412	MRxDAV - ok
19:01:07.0270 3412	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:01:07.0270 3412	mrxsmb - ok
19:01:07.0318 3412	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:01:07.0318 3412	mrxsmb10 - ok
19:01:07.0349 3412	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:01:07.0349 3412	mrxsmb20 - ok
19:01:07.0380 3412	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:01:07.0380 3412	msahci - ok
19:01:07.0412 3412	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:01:07.0427 3412	msdsm - ok
19:01:07.0458 3412	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:01:07.0458 3412	Msfs - ok
19:01:07.0505 3412	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:01:07.0505 3412	mshidkmdf - ok
19:01:07.0537 3412	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:01:07.0537 3412	msisadrv - ok
19:01:07.0583 3412	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:01:07.0583 3412	MSKSSRV - ok
19:01:07.0599 3412	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:01:07.0599 3412	MSPCLOCK - ok
19:01:07.0615 3412	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:01:07.0615 3412	MSPQM - ok
19:01:07.0646 3412	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:01:07.0662 3412	MsRPC - ok
19:01:07.0677 3412	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:01:07.0677 3412	mssmbios - ok
19:01:07.0693 3412	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:01:07.0693 3412	MSTEE - ok
19:01:07.0724 3412	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:01:07.0724 3412	MTConfig - ok
19:01:07.0771 3412	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
19:01:07.0771 3412	MTsensor - ok
19:01:07.0802 3412	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:01:07.0802 3412	Mup - ok
19:01:07.0896 3412	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:01:07.0896 3412	NativeWifiP - ok
19:01:07.0958 3412	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:01:07.0974 3412	NDIS - ok
19:01:08.0021 3412	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:01:08.0021 3412	NdisCap - ok
19:01:08.0052 3412	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:01:08.0052 3412	NdisTapi - ok
19:01:08.0083 3412	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:01:08.0083 3412	Ndisuio - ok
19:01:08.0115 3412	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:01:08.0130 3412	NdisWan - ok
19:01:08.0162 3412	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:01:08.0162 3412	NDProxy - ok
19:01:08.0224 3412	Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
19:01:08.0224 3412	Netaapl - ok
19:01:08.0255 3412	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:01:08.0255 3412	NetBIOS - ok
19:01:08.0302 3412	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:01:08.0302 3412	NetBT - ok
19:01:08.0349 3412	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:01:08.0365 3412	nfrd960 - ok
19:01:08.0380 3412	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:01:08.0380 3412	Npfs - ok
19:01:08.0427 3412	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:01:08.0427 3412	nsiproxy - ok
19:01:08.0505 3412	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:01:08.0552 3412	Ntfs - ok
19:01:08.0583 3412	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:01:08.0583 3412	Null - ok
19:01:08.0615 3412	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
19:01:08.0630 3412	NVENETFD - ok
19:01:08.0927 3412	nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:01:09.0162 3412	nvlddmkm - ok
19:01:09.0458 3412	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:01:09.0458 3412	nvraid - ok
19:01:09.0505 3412	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:01:09.0521 3412	nvstor - ok
19:01:09.0552 3412	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:01:09.0568 3412	nv_agp - ok
19:01:09.0599 3412	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:01:09.0599 3412	ohci1394 - ok
19:01:09.0662 3412	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:01:09.0662 3412	Parport - ok
19:01:09.0693 3412	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:01:09.0693 3412	partmgr - ok
19:01:09.0740 3412	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:01:09.0740 3412	pci - ok
19:01:09.0755 3412	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:01:09.0755 3412	pciide - ok
19:01:09.0787 3412	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:01:09.0787 3412	pcmcia - ok
19:01:09.0818 3412	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:01:09.0833 3412	pcw - ok
19:01:09.0865 3412	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:01:09.0880 3412	PEAUTH - ok
19:01:10.0021 3412	Point64         (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
19:01:10.0021 3412	Point64 - ok
19:01:10.0099 3412	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:01:10.0099 3412	PptpMiniport - ok
19:01:10.0115 3412	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:01:10.0115 3412	Processor - ok
19:01:10.0193 3412	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:01:10.0193 3412	Psched - ok
19:01:10.0271 3412	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:01:10.0302 3412	ql2300 - ok
19:01:10.0349 3412	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:01:10.0349 3412	ql40xx - ok
19:01:10.0396 3412	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:01:10.0396 3412	QWAVEdrv - ok
19:01:10.0458 3412	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:01:10.0458 3412	RasAcd - ok
19:01:10.0490 3412	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:01:10.0490 3412	RasAgileVpn - ok
19:01:10.0537 3412	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:01:10.0537 3412	Rasl2tp - ok
19:01:10.0568 3412	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:01:10.0568 3412	RasPppoe - ok
19:01:10.0583 3412	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:01:10.0583 3412	RasSstp - ok
19:01:10.0630 3412	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:01:10.0646 3412	rdbss - ok
19:01:10.0662 3412	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:01:10.0662 3412	rdpbus - ok
19:01:10.0677 3412	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:01:10.0677 3412	RDPCDD - ok
19:01:10.0740 3412	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:01:10.0740 3412	RDPDR - ok
19:01:10.0755 3412	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:01:10.0771 3412	RDPENCDD - ok
19:01:10.0802 3412	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:01:10.0802 3412	RDPREFMP - ok
19:01:10.0849 3412	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:01:10.0849 3412	RDPWD - ok
19:01:10.0880 3412	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:01:10.0880 3412	rdyboost - ok
19:01:10.0943 3412	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:01:10.0943 3412	rspndr - ok
19:01:10.0990 3412	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:01:10.0990 3412	s3cap - ok
19:01:11.0052 3412	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:01:11.0052 3412	sbp2port - ok
19:01:11.0099 3412	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:01:11.0099 3412	scfilter - ok
19:01:11.0130 3412	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:01:11.0146 3412	secdrv - ok
19:01:11.0177 3412	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:01:11.0177 3412	Serenum - ok
19:01:11.0193 3412	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:01:11.0193 3412	Serial - ok
19:01:11.0240 3412	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:01:11.0240 3412	sermouse - ok
19:01:11.0302 3412	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:01:11.0302 3412	sffdisk - ok
19:01:11.0318 3412	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:01:11.0318 3412	sffp_mmc - ok
19:01:11.0333 3412	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:01:11.0349 3412	sffp_sd - ok
19:01:11.0365 3412	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:01:11.0365 3412	sfloppy - ok
19:01:11.0427 3412	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:01:11.0427 3412	SiSRaid2 - ok
19:01:11.0458 3412	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:01:11.0458 3412	SiSRaid4 - ok
19:01:11.0490 3412	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:01:11.0490 3412	Smb - ok
19:01:11.0521 3412	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:01:11.0521 3412	spldr - ok
19:01:11.0568 3412	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:01:11.0583 3412	srv - ok
19:01:11.0630 3412	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:01:11.0630 3412	srv2 - ok
19:01:11.0662 3412	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:01:11.0662 3412	srvnet - ok
19:01:11.0708 3412	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:01:11.0708 3412	stexstor - ok
19:01:11.0755 3412	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:01:11.0755 3412	storflt - ok
19:01:11.0802 3412	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:01:11.0802 3412	storvsc - ok
19:01:11.0833 3412	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:01:11.0833 3412	swenum - ok
19:01:11.0943 3412	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:01:11.0974 3412	Tcpip - ok
19:01:12.0068 3412	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:01:12.0083 3412	TCPIP6 - ok
19:01:12.0146 3412	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:01:12.0146 3412	tcpipreg - ok
19:01:12.0177 3412	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:01:12.0177 3412	TDPIPE - ok
19:01:12.0224 3412	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:01:12.0224 3412	TDTCP - ok
19:01:12.0287 3412	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:01:12.0287 3412	tdx - ok
19:01:12.0349 3412	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:01:12.0349 3412	TermDD - ok
19:01:12.0458 3412	truecrypt       (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
19:01:12.0458 3412	truecrypt - ok
19:01:12.0505 3412	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:01:12.0505 3412	tssecsrv - ok
19:01:12.0552 3412	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:01:12.0568 3412	TsUsbFlt - ok
19:01:12.0615 3412	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:01:12.0630 3412	tunnel - ok
19:01:12.0662 3412	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:01:12.0662 3412	uagp35 - ok
19:01:12.0724 3412	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:01:12.0724 3412	udfs - ok
19:01:12.0787 3412	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:01:12.0787 3412	uliagpkx - ok
19:01:12.0818 3412	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:01:12.0818 3412	umbus - ok
19:01:12.0849 3412	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:01:12.0849 3412	UmPass - ok
19:01:12.0912 3412	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:01:12.0912 3412	USBAAPL64 - ok
19:01:12.0974 3412	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:01:12.0990 3412	usbaudio - ok
19:01:13.0037 3412	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:01:13.0037 3412	usbccgp - ok
19:01:13.0083 3412	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:01:13.0083 3412	usbcir - ok
19:01:13.0130 3412	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:01:13.0130 3412	usbehci - ok
19:01:13.0177 3412	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:01:13.0177 3412	usbhub - ok
19:01:13.0193 3412	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:01:13.0193 3412	usbohci - ok
19:01:13.0224 3412	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:01:13.0224 3412	usbprint - ok
19:01:13.0255 3412	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:01:13.0255 3412	USBSTOR - ok
19:01:13.0271 3412	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:01:13.0271 3412	usbuhci - ok
19:01:13.0334 3412	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
19:01:13.0334 3412	usb_rndisx - ok
19:01:13.0366 3412	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:01:13.0381 3412	vdrvroot - ok
19:01:13.0397 3412	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:01:13.0413 3412	vga - ok
19:01:13.0428 3412	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:01:13.0428 3412	VgaSave - ok
19:01:13.0475 3412	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:01:13.0475 3412	vhdmp - ok
19:01:13.0491 3412	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:01:13.0491 3412	viaide - ok
19:01:13.0522 3412	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:01:13.0522 3412	vmbus - ok
19:01:13.0569 3412	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:01:13.0569 3412	VMBusHID - ok
19:01:13.0600 3412	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:01:13.0600 3412	volmgr - ok
19:01:13.0631 3412	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:01:13.0647 3412	volmgrx - ok
19:01:13.0694 3412	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:01:13.0694 3412	volsnap - ok
19:01:13.0741 3412	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:01:13.0741 3412	vsmraid - ok
19:01:13.0772 3412	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:01:13.0772 3412	vwifibus - ok
19:01:13.0803 3412	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:01:13.0803 3412	vwififlt - ok
19:01:13.0850 3412	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:01:13.0850 3412	WacomPen - ok
19:01:13.0881 3412	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:01:13.0881 3412	WANARP - ok
19:01:13.0897 3412	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:01:13.0897 3412	Wanarpv6 - ok
19:01:13.0959 3412	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:01:13.0959 3412	Wd - ok
19:01:13.0991 3412	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:01:14.0006 3412	Wdf01000 - ok
19:01:14.0053 3412	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:01:14.0053 3412	WfpLwf - ok
19:01:14.0084 3412	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:01:14.0084 3412	WIMMount - ok
19:01:14.0163 3412	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:01:14.0163 3412	WinUsb - ok
19:01:14.0194 3412	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:01:14.0194 3412	WmiAcpi - ok
19:01:14.0241 3412	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:01:14.0241 3412	ws2ifsl - ok
19:01:14.0288 3412	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:01:14.0288 3412	WudfPf - ok
19:01:14.0319 3412	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:01:14.0319 3412	WUDFRd - ok
19:01:14.0366 3412	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
19:01:14.0381 3412	yukonw7 - ok
19:01:14.0428 3412	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:01:14.0491 3412	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:01:14.0491 3412	\Device\Harddisk0\DR0 - detected TDSS File System (1)
19:01:14.0491 3412	Boot (0x1200)   (536b02dabbeb6ca09d2da9f3d57540c1) \Device\Harddisk0\DR0\Partition0
19:01:14.0491 3412	\Device\Harddisk0\DR0\Partition0 - ok
19:01:14.0522 3412	Boot (0x1200)   (86a4149eb00b184432d05a3be95f2417) \Device\Harddisk0\DR0\Partition1
19:01:14.0522 3412	\Device\Harddisk0\DR0\Partition1 - ok
19:01:14.0522 3412	============================================================
19:01:14.0522 3412	Scan finished
19:01:14.0522 3412	============================================================
19:01:14.0538 3460	Detected object count: 1
19:01:14.0538 3460	Actual detected object count: 1
19:01:17.0131 3460	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:01:17.0131 3460	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
19:01:18.0553 3408	Deinitialize success

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jamie :: JIMWIN7P01 [administrator]

Protection: Enabled

8/02/2012 7:02:30 PM
mbam-log-2012-02-08 (19-02-30).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 396122
Time elapsed: 52 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:11 PM

Posted 10 February 2012 - 08:50 AM

Hi

Run TDSSkiller once again and make sure to select DELETE for TDSSFilesystem

Your HOSTS file has been hijacked,download hosts fix

http://go.microsoft.com/?linkid=9668866

Run the fixit,restart the PC

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot


Let me know if you still face redirects

good luck

Edited by narenxp, 10 February 2012 - 08:51 AM.


#9 madmanjim

madmanjim
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 12 February 2012 - 06:21 AM

Done all 3 as you posted above.

Still have redirects, and the toolbox still shows those hijacked entries in the hosts file.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:11 PM

Posted 12 February 2012 - 01:26 PM

Hi

Yes,sometimes microsoft fixit doesnt work,lets try another way

I want you to follow the steps given here on editing hosts file with clean copy

http://en.kioskea.net/faq/15289-google-nginx-404-error

Make sure to run the commands as instructed

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users