Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijacker 'Buzzcrazy'


  • This topic is locked This topic is locked
4 replies to this topic

#1 ilan.highton

ilan.highton

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 09 February 2012 - 10:18 AM

Hi all,

I cannot get rid of the browser hijacker that has infected my computer recently. My whole computer has slowed right down, and I keep getting redirects to a webpage called buzzcrazy.

Anyhow, I am currently running Win 7, on a fairly new AMD computer. I have run all the usual spyware ie Ad-aware, Terminator, etc but to no avail. I did check my Firefox proxy settings and they were routing through 127.0.0.1 but I turned proxy settings off. It keeps coming back.

Any suggestions?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:46 AM

Posted 09 February 2012 - 11:04 AM

Hello and welcome. Please rin these,posts the logs and update me on performance.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ilan.highton

ilan.highton
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 11 February 2012 - 12:55 AM

I tried to reply last night but the website seemed to be down.

Yes I do use firefox. Yes I am on a router, but haven't been using been experiencing redirects on the other computer which is a macbook.

When I ran minitoolbox.exe I got several errors ie nslookup.exe - ordinal not found.

Thanks so much for your help!! It is really appreciated!!!!!

Ilan.


MiniToolBox by Farbar Version: 18-01-2012
Ran by Main (administrator) on 10-02-2012 at 21:27:33
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 50061
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Main-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gv.shawcable.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gv.shawcable.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-25-22-C9-92-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::977:52d7:2451:9411%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : February-09-12 5:00:05 PM
Lease Expires . . . . . . . . . . : February-11-12 9:24:47 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890530
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-34-C3-64-00-25-22-C9-92-35
DNS Servers . . . . . . . . . . . : 64.59.160.13
64.59.160.15
64.59.161.68
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gv.shawcable.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.127.147] with 32 bytes of data:
Reply from 74.125.127.147: bytes=32 time=38ms TTL=53
Reply from 74.125.127.147: bytes=32 time=19ms TTL=53

Ping statistics for 74.125.127.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 38ms, Average = 28ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=106ms TTL=49
Reply from 98.139.183.24: bytes=32 time=106ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 106ms, Maximum = 106ms, Average = 106ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 25 22 c9 92 35 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.107 276
192.168.1.107 255.255.255.255 On-link 192.168.1.107 276
192.168.1.255 255.255.255.255 On-link 192.168.1.107 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.107 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.107 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::977:52d7:2451:9411/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 mswsock.dll [File Not found] ()
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 mswsock.dll [File Not found] ()
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/10/2012 06:27:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1968

Error: (02/10/2012 06:27:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1968

Error: (02/10/2012 06:27:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2012 05:56:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt> with error: The specified server cannot perform the requested operation.
.

Error: (02/10/2012 05:56:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt> with error: This operation returned because the timeout period expired.
.

Error: (02/10/2012 07:33:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (02/10/2012 00:18:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5047

Error: (02/10/2012 00:18:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5047

Error: (02/10/2012 00:18:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2012 00:18:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1985


System errors:
=============
Error: (02/10/2012 09:27:37 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2012 09:24:48 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2012 09:24:42 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2012 07:53:44 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2012 06:27:37 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2012 05:14:10 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2012 07:46:22 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2012 07:13:36 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/10/2012 00:18:58 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (02/09/2012 10:15:58 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (02/10/2012 06:27:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1968

Error: (02/10/2012 06:27:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1968

Error: (02/10/2012 06:27:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2012 05:56:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crtThe specified server cannot perform the requested operation.

Error: (02/10/2012 05:56:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crtThis operation returned because the timeout period expired.

Error: (02/10/2012 07:33:57 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (02/10/2012 00:18:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5047

Error: (02/10/2012 00:18:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5047

Error: (02/10/2012 00:18:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2012 00:18:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1985


=========================== Installed Programs ============================

Ad-Aware (Version: 9.0.7)
Adobe AIR (Version: 2.6.0.19140)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Photoshop Elements 10 (Version: 10.0)
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD Catalyst Install Manager (Version: 3.0.855.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2011.1109.2212.39826)
AMD Media Foundation Decoders (Version: 1.0.61109.2218)
AMD VISION Engine Control Center (Version: 2011.1109.2212.39826)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bazooka Scanner
Bonjour (Version: 3.0.0.10)
Bulletstorm (Version: 1.0.0000.130)
Canon MP250 series MP Drivers
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2212.39826)
Catalyst Control Center InstallProxy (Version: 2011.1109.2212.39826)
ccc-utility64 (Version: 2011.1109.2212.39826)
CCC Help English (Version: 2011.1109.2211.39826)
CPUID CPU-Z 1.58
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.41.3.0173)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Disney Universe (Version: 1.00.0000)
Elements 10 Organizer (Version: 10.0)
eReg (Version: 1.20.138.34)
Evernote v. 4.5.2 (Version: 4.5.2.5904)
ffdshow [rev 3154] [2009-12-09] (Version: 1.0)
Foxit Reader 5.1 (Version: 5.1.0.1021)
GetDiz (Version: 4.6)
Google Chrome (Version: 16.0.912.77)
iCloud (Version: 1.0.2.17)
Image Resizer for Windows (64 bit) (Version: 3.0.4319.33193)
Image Resizer for Windows (Version: 3.0.4319.33193)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mavis Beacon Platinum - 25th Anniv. Ed. (Version: 21.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Minecraft Cracked
mkv2vob (Version: 2.4.9)
Mobile Mouse Server (Version: 2.6.4)
Mozilla Firefox 10.0 (x86 en-GB) (Version: 10.0)
MSVCRT (Version: 15.4.2862.0708)
NewsLeecher v4.0 Final
Nuance OmniPage 18 (Version: 18.1.0000)
NVIDIA PhysX (Version: 9.11.1107)
Platform (Version: 1.34)
Portal
PSE10 STI Installer (Version: 10.0)
QuickPar 0.9 (Version: 0.9)
QuickTime (Version: 7.71.80.42)
Rage
Realtek Ethernet Controller Driver (Version: 1.00.0008)
Saints Row The Third
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
StarCraft II (Version: 1.4.2.20141)
Steam (Version: 1.0.0.0)
SyncToy 2.1 (x64) (Version: 2.1.0)
Tixati
TVersity Codec Pack 1.7 (Version: 1.7)
TVersity Media Server 1.9.7 (Version: 1.9.7)
UltraMon (Version: 3.0.10)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VIA Platform Device Manager (Version: 1.34)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Migration Assistant (Version: 1.0.0.32)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinRAR 4.10 beta 2 (64-bit) (Version: 4.10.2)
Wondershare Scrapbook Studio(Build 2.5.0.7) (Version: 2.5.0.7)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)

========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 4095.3 MB
Available physical RAM: 1804.85 MB
Total Pagefile: 8188.8 MB
Available Pagefile: 5740.15 MB
Total Virtual: 4095.88 MB
Available Virtual: 3947.88 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:694.96 GB) NTFS

========================= Users: ========================================

User accounts for \\MAIN-PC

Administrator ASPNET Guest
Main

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

21:28:51.0221 1040 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
21:28:52.0202 1040 ============================================================
21:28:52.0202 1040 Current date / time: 2012/02/10 21:28:52.0202
21:28:52.0202 1040 SystemInfo:
21:28:52.0202 1040
21:28:52.0202 1040 OS Version: 6.1.7601 ServicePack: 1.0
21:28:52.0202 1040 Product type: Workstation
21:28:52.0202 1040 ComputerName: MAIN-PC
21:28:52.0203 1040 UserName: Main
21:28:52.0203 1040 Windows directory: C:\Windows
21:28:52.0203 1040 System windows directory: C:\Windows
21:28:52.0203 1040 Running under WOW64
21:28:52.0203 1040 Processor architecture: Intel x64
21:28:52.0203 1040 Number of processors: 4
21:28:52.0203 1040 Page size: 0x1000
21:28:52.0203 1040 Boot type: Normal boot
21:28:52.0203 1040 ============================================================
21:28:53.0216 1040 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
21:28:53.0219 1040 \Device\Harddisk0\DR0:
21:28:53.0219 1040 MBR used
21:28:53.0219 1040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:28:53.0219 1040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
21:28:53.0245 1040 Initialize success
21:28:53.0245 1040 ============================================================
21:28:54.0518 0352 ============================================================
21:28:54.0518 0352 Scan started
21:28:54.0518 0352 Mode: Manual;
21:28:54.0518 0352 ============================================================
21:28:57.0035 0352 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:28:57.0038 0352 1394ohci - ok
21:28:57.0069 0352 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:28:57.0071 0352 ACPI - ok
21:28:57.0106 0352 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:28:57.0107 0352 AcpiPmi - ok
21:28:57.0208 0352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:28:57.0240 0352 adp94xx - ok
21:28:57.0311 0352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:28:57.0315 0352 adpahci - ok
21:28:57.0327 0352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:28:57.0329 0352 adpu320 - ok
21:28:57.0373 0352 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:28:57.0377 0352 AFD - ok
21:28:57.0390 0352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:28:57.0391 0352 agp440 - ok
21:28:57.0411 0352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:28:57.0411 0352 aliide - ok
21:28:57.0446 0352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:28:57.0461 0352 amdide - ok
21:28:57.0483 0352 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
21:28:57.0484 0352 amdiox64 - ok
21:28:57.0503 0352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:28:57.0504 0352 AmdK8 - ok
21:28:57.0650 0352 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
21:28:57.0739 0352 amdkmdag - ok
21:28:57.0770 0352 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
21:28:57.0773 0352 amdkmdap - ok
21:28:57.0801 0352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:28:57.0801 0352 AmdPPM - ok
21:28:57.0830 0352 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:28:57.0831 0352 amdsata - ok
21:28:57.0847 0352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:28:57.0849 0352 amdsbs - ok
21:28:57.0867 0352 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:28:57.0868 0352 amdxata - ok
21:28:57.0910 0352 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
21:28:57.0911 0352 AODDriver4.01 - ok
21:28:57.0949 0352 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:28:57.0950 0352 AppID - ok
21:28:57.0998 0352 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:28:57.0999 0352 arc - ok
21:28:58.0011 0352 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:28:58.0012 0352 arcsas - ok
21:28:58.0051 0352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:58.0052 0352 AsyncMac - ok
21:28:58.0090 0352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:28:58.0090 0352 atapi - ok
21:28:58.0139 0352 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
21:28:58.0141 0352 AtiHDAudioService - ok
21:28:58.0162 0352 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:28:58.0162 0352 AtiPcie - ok
21:28:58.0205 0352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:28:58.0209 0352 b06bdrv - ok
21:28:58.0224 0352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:28:58.0226 0352 b57nd60a - ok
21:28:58.0246 0352 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:28:58.0247 0352 Beep - ok
21:28:58.0263 0352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:58.0264 0352 blbdrive - ok
21:28:58.0294 0352 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:28:58.0295 0352 bowser - ok
21:28:58.0311 0352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:28:58.0312 0352 BrFiltLo - ok
21:28:58.0324 0352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:28:58.0325 0352 BrFiltUp - ok
21:28:58.0333 0352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:28:58.0336 0352 Brserid - ok
21:28:58.0350 0352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:58.0351 0352 BrSerWdm - ok
21:28:58.0364 0352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:58.0365 0352 BrUsbMdm - ok
21:28:58.0376 0352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:58.0377 0352 BrUsbSer - ok
21:28:58.0383 0352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:28:58.0384 0352 BTHMODEM - ok
21:28:58.0409 0352 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:28:58.0410 0352 cdfs - ok
21:28:58.0448 0352 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:28:58.0450 0352 cdrom - ok
21:28:58.0482 0352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:28:58.0483 0352 circlass - ok
21:28:58.0506 0352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:28:58.0509 0352 CLFS - ok
21:28:58.0553 0352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:58.0554 0352 CmBatt - ok
21:28:58.0580 0352 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:28:58.0581 0352 cmdide - ok
21:28:58.0620 0352 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:28:58.0625 0352 CNG - ok
21:28:58.0635 0352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:28:58.0636 0352 Compbatt - ok
21:28:58.0663 0352 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:28:58.0664 0352 CompositeBus - ok
21:28:58.0710 0352 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
21:28:58.0710 0352 cpuz135 - ok
21:28:58.0729 0352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:28:58.0731 0352 crcdisk - ok
21:28:58.0781 0352 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:28:58.0786 0352 CSC - ok
21:28:58.0836 0352 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
21:28:58.0837 0352 dc3d - ok
21:28:58.0861 0352 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:28:58.0862 0352 DfsC - ok
21:28:58.0882 0352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:28:58.0882 0352 discache - ok
21:28:58.0916 0352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:28:58.0916 0352 Disk - ok
21:28:58.0957 0352 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:28:58.0957 0352 drmkaud - ok
21:28:58.0992 0352 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:28:58.0995 0352 dtsoftbus01 - ok
21:28:59.0015 0352 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:28:59.0024 0352 DXGKrnl - ok
21:28:59.0083 0352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:28:59.0111 0352 ebdrv - ok
21:28:59.0141 0352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:28:59.0146 0352 elxstor - ok
21:28:59.0187 0352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:28:59.0188 0352 ErrDev - ok
21:28:59.0201 0352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:28:59.0203 0352 exfat - ok
21:28:59.0218 0352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:28:59.0220 0352 fastfat - ok
21:28:59.0252 0352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:28:59.0253 0352 fdc - ok
21:28:59.0284 0352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:28:59.0285 0352 FileInfo - ok
21:28:59.0296 0352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:28:59.0297 0352 Filetrace - ok
21:28:59.0310 0352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:59.0311 0352 flpydisk - ok
21:28:59.0338 0352 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:28:59.0341 0352 FltMgr - ok
21:28:59.0354 0352 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:28:59.0355 0352 FsDepends - ok
21:28:59.0371 0352 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:28:59.0372 0352 Fs_Rec - ok
21:28:59.0401 0352 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:28:59.0403 0352 fvevol - ok
21:28:59.0421 0352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:28:59.0422 0352 gagp30kx - ok
21:28:59.0458 0352 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:28:59.0459 0352 GEARAspiWDM - ok
21:28:59.0473 0352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:28:59.0474 0352 hcw85cir - ok
21:28:59.0520 0352 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:28:59.0524 0352 HdAudAddService - ok
21:28:59.0565 0352 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:28:59.0566 0352 HDAudBus - ok
21:28:59.0588 0352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:28:59.0589 0352 HidBatt - ok
21:28:59.0597 0352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:28:59.0598 0352 HidBth - ok
21:28:59.0616 0352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:28:59.0617 0352 HidIr - ok
21:28:59.0657 0352 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:28:59.0658 0352 HidUsb - ok
21:28:59.0697 0352 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:28:59.0698 0352 HpSAMD - ok
21:28:59.0739 0352 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:28:59.0746 0352 HTTP - ok
21:28:59.0783 0352 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:28:59.0783 0352 hwpolicy - ok
21:28:59.0795 0352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:28:59.0796 0352 i8042prt - ok
21:28:59.0837 0352 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:28:59.0842 0352 iaStorV - ok
21:28:59.0858 0352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:28:59.0859 0352 iirsp - ok
21:28:59.0890 0352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:28:59.0890 0352 intelide - ok
21:28:59.0919 0352 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:28:59.0920 0352 intelppm - ok
21:28:59.0944 0352 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:59.0945 0352 IpFilterDriver - ok
21:28:59.0958 0352 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:28:59.0959 0352 IPMIDRV - ok
21:28:59.0966 0352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:28:59.0968 0352 IPNAT - ok
21:29:00.0014 0352 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
21:29:00.0015 0352 irda - ok
21:29:00.0032 0352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:29:00.0033 0352 IRENUM - ok
21:29:00.0061 0352 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
21:29:00.0062 0352 irsir - ok
21:29:00.0073 0352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:29:00.0074 0352 isapnp - ok
21:29:00.0090 0352 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:29:00.0093 0352 iScsiPrt - ok
21:29:00.0125 0352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:29:00.0126 0352 kbdclass - ok
21:29:00.0141 0352 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:29:00.0141 0352 kbdhid - ok
21:29:00.0181 0352 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:29:00.0181 0352 KSecDD - ok
21:29:00.0194 0352 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:29:00.0195 0352 KSecPkg - ok
21:29:00.0211 0352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:29:00.0212 0352 ksthunk - ok
21:29:00.0276 0352 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
21:29:00.0277 0352 Lavasoft Kernexplorer - ok
21:29:00.0336 0352 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
21:29:00.0337 0352 Lbd - ok
21:29:00.0384 0352 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:29:00.0386 0352 LHidFilt - ok
21:29:00.0413 0352 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:29:00.0414 0352 lltdio - ok
21:29:00.0454 0352 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:29:00.0455 0352 LMouFilt - ok
21:29:00.0483 0352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:29:00.0485 0352 LSI_FC - ok
21:29:00.0498 0352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:29:00.0500 0352 LSI_SAS - ok
21:29:00.0509 0352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:29:00.0510 0352 LSI_SAS2 - ok
21:29:00.0534 0352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:29:00.0535 0352 LSI_SCSI - ok
21:29:00.0551 0352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:29:00.0552 0352 luafv - ok
21:29:00.0602 0352 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:29:00.0602 0352 MBAMProtector - ok
21:29:00.0627 0352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:29:00.0628 0352 megasas - ok
21:29:00.0652 0352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:29:00.0655 0352 MegaSR - ok
21:29:00.0695 0352 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:29:00.0696 0352 Modem - ok
21:29:00.0725 0352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:29:00.0725 0352 monitor - ok
21:29:00.0734 0352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:29:00.0735 0352 mouclass - ok
21:29:00.0770 0352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:29:00.0771 0352 mouhid - ok
21:29:00.0803 0352 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:29:00.0804 0352 mountmgr - ok
21:29:00.0843 0352 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:29:00.0845 0352 mpio - ok
21:29:00.0873 0352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:29:00.0874 0352 mpsdrv - ok
21:29:00.0898 0352 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:29:00.0900 0352 MRxDAV - ok
21:29:00.0924 0352 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:00.0925 0352 mrxsmb - ok
21:29:00.0938 0352 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:00.0940 0352 mrxsmb10 - ok
21:29:00.0965 0352 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:00.0966 0352 mrxsmb20 - ok
21:29:01.0003 0352 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:29:01.0004 0352 msahci - ok
21:29:01.0017 0352 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:29:01.0018 0352 msdsm - ok
21:29:01.0029 0352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:29:01.0030 0352 Msfs - ok
21:29:01.0041 0352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:29:01.0041 0352 mshidkmdf - ok
21:29:01.0073 0352 MSHUSBVideo (0bbe794e0c54621cfa8ed9b5850baaae) C:\Windows\system32\Drivers\nx6000.sys
21:29:01.0074 0352 MSHUSBVideo - ok
21:29:01.0083 0352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:29:01.0083 0352 msisadrv - ok
21:29:01.0130 0352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:29:01.0130 0352 MSKSSRV - ok
21:29:01.0139 0352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:01.0139 0352 MSPCLOCK - ok
21:29:01.0155 0352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:29:01.0155 0352 MSPQM - ok
21:29:01.0179 0352 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:29:01.0183 0352 MsRPC - ok
21:29:01.0205 0352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:29:01.0205 0352 mssmbios - ok
21:29:01.0222 0352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:29:01.0223 0352 MSTEE - ok
21:29:01.0239 0352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:29:01.0240 0352 MTConfig - ok
21:29:01.0254 0352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:29:01.0255 0352 Mup - ok
21:29:01.0275 0352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:29:01.0279 0352 NativeWifiP - ok
21:29:01.0329 0352 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:29:01.0337 0352 NDIS - ok
21:29:01.0355 0352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:01.0357 0352 NdisCap - ok
21:29:01.0386 0352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:01.0386 0352 NdisTapi - ok
21:29:01.0428 0352 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:01.0429 0352 Ndisuio - ok
21:29:01.0461 0352 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:01.0463 0352 NdisWan - ok
21:29:01.0497 0352 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:29:01.0498 0352 NDProxy - ok
21:29:01.0509 0352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:29:01.0509 0352 NetBIOS - ok
21:29:01.0571 0352 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:29:01.0573 0352 NetBT - ok
21:29:01.0625 0352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:29:01.0625 0352 nfrd960 - ok
21:29:01.0664 0352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:29:01.0664 0352 Npfs - ok
21:29:01.0697 0352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:29:01.0697 0352 nsiproxy - ok
21:29:01.0772 0352 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:29:01.0787 0352 Ntfs - ok
21:29:01.0808 0352 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:29:01.0808 0352 Null - ok
21:29:01.0848 0352 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:29:01.0850 0352 nvraid - ok
21:29:01.0880 0352 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:29:01.0882 0352 nvstor - ok
21:29:01.0916 0352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:29:01.0916 0352 nv_agp - ok
21:29:01.0943 0352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:29:01.0944 0352 ohci1394 - ok
21:29:01.0958 0352 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:29:01.0960 0352 Parport - ok
21:29:01.0967 0352 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:29:01.0967 0352 partmgr - ok
21:29:01.0988 0352 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:29:01.0990 0352 pci - ok
21:29:02.0019 0352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:29:02.0020 0352 pciide - ok
21:29:02.0035 0352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:02.0038 0352 pcmcia - ok
21:29:02.0050 0352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:29:02.0050 0352 pcw - ok
21:29:02.0075 0352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:29:02.0081 0352 PEAUTH - ok
21:29:02.0133 0352 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:29:02.0135 0352 PptpMiniport - ok
21:29:02.0148 0352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:29:02.0150 0352 Processor - ok
21:29:02.0208 0352 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:29:02.0208 0352 Psched - ok
21:29:02.0262 0352 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:29:02.0262 0352 PxHlpa64 - ok
21:29:02.0295 0352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:29:02.0377 0352 ql2300 - ok
21:29:02.0404 0352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:02.0406 0352 ql40xx - ok
21:29:02.0420 0352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:29:02.0422 0352 QWAVEdrv - ok
21:29:02.0459 0352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:02.0459 0352 RasAcd - ok
21:29:02.0478 0352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:02.0479 0352 RasAgileVpn - ok
21:29:02.0493 0352 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:02.0495 0352 Rasl2tp - ok
21:29:02.0507 0352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:02.0509 0352 RasPppoe - ok
21:29:02.0536 0352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:02.0542 0352 RasSstp - ok
21:29:02.0583 0352 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:02.0585 0352 rdbss - ok
21:29:02.0617 0352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:02.0617 0352 rdpbus - ok
21:29:02.0647 0352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:02.0647 0352 RDPCDD - ok
21:29:02.0682 0352 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:29:02.0684 0352 RDPDR - ok
21:29:02.0707 0352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:29:02.0708 0352 RDPENCDD - ok
21:29:02.0730 0352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:29:02.0730 0352 RDPREFMP - ok
21:29:02.0772 0352 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:29:02.0773 0352 RdpVideoMiniport - ok
21:29:02.0804 0352 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:29:02.0807 0352 RDPWD - ok
21:29:02.0859 0352 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:29:02.0861 0352 rdyboost - ok
21:29:02.0900 0352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:02.0902 0352 rspndr - ok
21:29:02.0931 0352 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:29:02.0933 0352 RTL8167 - ok
21:29:02.0958 0352 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:29:02.0958 0352 s3cap - ok
21:29:02.0996 0352 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:29:02.0998 0352 sbp2port - ok
21:29:03.0033 0352 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:29:03.0034 0352 scfilter - ok
21:29:03.0060 0352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:29:03.0060 0352 secdrv - ok
21:29:03.0106 0352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:29:03.0107 0352 Serenum - ok
21:29:03.0124 0352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:29:03.0125 0352 Serial - ok
21:29:03.0158 0352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:29:03.0159 0352 sermouse - ok
21:29:03.0198 0352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:29:03.0198 0352 sffdisk - ok
21:29:03.0210 0352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:29:03.0211 0352 sffp_mmc - ok
21:29:03.0218 0352 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:29:03.0219 0352 sffp_sd - ok
21:29:03.0240 0352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:03.0241 0352 sfloppy - ok
21:29:03.0285 0352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:03.0286 0352 SiSRaid2 - ok
21:29:03.0307 0352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:03.0309 0352 SiSRaid4 - ok
21:29:03.0349 0352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:29:03.0351 0352 Smb - ok
21:29:03.0376 0352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:29:03.0376 0352 spldr - ok
21:29:03.0410 0352 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:29:03.0414 0352 srv - ok
21:29:03.0429 0352 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:29:03.0433 0352 srv2 - ok
21:29:03.0469 0352 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:03.0470 0352 srvnet - ok
21:29:03.0543 0352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:29:03.0543 0352 stexstor - ok
21:29:03.0582 0352 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:29:03.0582 0352 storflt - ok
21:29:03.0611 0352 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:29:03.0611 0352 storvsc - ok
21:29:03.0627 0352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:29:03.0628 0352 swenum - ok
21:29:03.0636 0352 Synth3dVsc - ok
21:29:03.0711 0352 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:29:03.0730 0352 Tcpip - ok
21:29:03.0753 0352 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:03.0761 0352 TCPIP6 - ok
21:29:03.0798 0352 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:29:03.0799 0352 tcpipreg - ok
21:29:03.0830 0352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:29:03.0831 0352 TDPIPE - ok
21:29:03.0841 0352 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:29:03.0842 0352 TDTCP - ok
21:29:03.0869 0352 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:29:03.0871 0352 tdx - ok
21:29:03.0887 0352 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:29:03.0888 0352 TermDD - ok
21:29:03.0937 0352 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:03.0938 0352 tssecsrv - ok
21:29:03.0965 0352 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:29:03.0966 0352 TsUsbFlt - ok
21:29:03.0973 0352 tsusbhub - ok
21:29:04.0018 0352 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:04.0019 0352 tunnel - ok
21:29:04.0051 0352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:29:04.0052 0352 uagp35 - ok
21:29:04.0084 0352 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:29:04.0087 0352 udfs - ok
21:29:04.0116 0352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:29:04.0117 0352 uliagpkx - ok
21:29:04.0203 0352 UltraMonUtility (694bcf23662f97d987cf4c6739c35f8b) C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
21:29:04.0204 0352 UltraMonUtility - ok
21:29:04.0238 0352 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:29:04.0239 0352 umbus - ok
21:29:04.0255 0352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:29:04.0256 0352 UmPass - ok
21:29:04.0305 0352 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:29:04.0307 0352 USBAAPL64 - ok
21:29:04.0345 0352 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:29:04.0347 0352 usbaudio - ok
21:29:04.0375 0352 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:04.0376 0352 usbccgp - ok
21:29:04.0406 0352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:29:04.0407 0352 usbcir - ok
21:29:04.0423 0352 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:29:04.0424 0352 usbehci - ok
21:29:04.0444 0352 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:04.0447 0352 usbhub - ok
21:29:04.0463 0352 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:29:04.0464 0352 usbohci - ok
21:29:04.0476 0352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:04.0476 0352 usbprint - ok
21:29:04.0512 0352 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:29:04.0513 0352 usbscan - ok
21:29:04.0551 0352 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:04.0552 0352 USBSTOR - ok
21:29:04.0577 0352 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:29:04.0577 0352 usbuhci - ok
21:29:04.0601 0352 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:29:04.0603 0352 usbvideo - ok
21:29:04.0650 0352 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
21:29:04.0651 0352 usb_rndisx - ok
21:29:04.0676 0352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:29:04.0677 0352 vdrvroot - ok
21:29:04.0702 0352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:04.0703 0352 vga - ok
21:29:04.0721 0352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:29:04.0722 0352 VgaSave - ok
21:29:04.0728 0352 VGPU - ok
21:29:04.0751 0352 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:29:04.0753 0352 vhdmp - ok
21:29:04.0814 0352 VIAHdAudAddService (906a7c6b6659a650648cf21998270945) C:\Windows\system32\drivers\viahduaa.sys
21:29:04.0826 0352 VIAHdAudAddService - ok
21:29:04.0858 0352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:29:04.0859 0352 viaide - ok
21:29:04.0874 0352 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:29:04.0875 0352 vmbus - ok
21:29:04.0893 0352 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:29:04.0894 0352 VMBusHID - ok
21:29:04.0911 0352 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:29:04.0912 0352 volmgr - ok
21:29:04.0955 0352 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:29:04.0958 0352 volmgrx - ok
21:29:04.0973 0352 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:29:04.0976 0352 volsnap - ok
21:29:05.0008 0352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:05.0010 0352 vsmraid - ok
21:29:05.0028 0352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:29:05.0029 0352 vwifibus - ok
21:29:05.0062 0352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:29:05.0064 0352 WacomPen - ok
21:29:05.0097 0352 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:05.0098 0352 WANARP - ok
21:29:05.0116 0352 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:05.0117 0352 Wanarpv6 - ok
21:29:05.0165 0352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:29:05.0166 0352 Wd - ok
21:29:05.0183 0352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:29:05.0189 0352 Wdf01000 - ok
21:29:05.0218 0352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:05.0218 0352 WfpLwf - ok
21:29:05.0237 0352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:29:05.0238 0352 WIMMount - ok
21:29:05.0294 0352 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:29:05.0295 0352 WinUsb - ok
21:29:05.0331 0352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:29:05.0331 0352 WmiAcpi - ok
21:29:05.0345 0352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:05.0346 0352 ws2ifsl - ok
21:29:05.0381 0352 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:29:05.0383 0352 WudfPf - ok
21:29:05.0401 0352 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:05.0403 0352 WUDFRd - ok
21:29:05.0438 0352 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
21:29:05.0439 0352 xusb21 - ok
21:29:05.0454 0352 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:29:05.0501 0352 \Device\Harddisk0\DR0 - ok
21:29:05.0503 0352 Boot (0x1200) (2df537dc5f4f51f85b66869048d32fae) \Device\Harddisk0\DR0\Partition0
21:29:05.0504 0352 \Device\Harddisk0\DR0\Partition0 - ok
21:29:05.0516 0352 Boot (0x1200) (1398a775cbed2258ad279488e31a9b24) \Device\Harddisk0\DR0\Partition1
21:29:05.0526 0352 \Device\Harddisk0\DR0\Partition1 - ok
21:29:05.0526 0352 ============================================================
21:29:05.0526 0352 Scan finished
21:29:05.0526 0352 ============================================================
21:29:05.0533 4088 Detected object count: 0
21:29:05.0533 4088 Actual detected object count: 0

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:46 AM

Posted 11 February 2012 - 10:56 AM

OK, no problem and you are welcome.. You have a ZeroAccess rootkit. This requires specific help.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic (named ZeroAccess) explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (as you have a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:46 AM

Posted 13 February 2012 - 10:54 AM

Ok, looks good.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users