Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search redirect problem - HELP!!!


  • This topic is locked This topic is locked
3 replies to this topic

#1 phrezeed

phrezeed

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 21 February 2012 - 07:51 PM

Hi all,

I have 2 laptops from a client both of which redirect all searches in google / bing / yahoo etc from any browser.

I have tried the following on each:

1. Checked proxy settings - nothing in the proxy for IE or Firefox
2. Checked hosts file - no entries listed
3. Run rkill
4. Run TDSSKiller - both Trend Micro and Symantec versions - both clean. See log below for TDSS.
5. Booted into safe mode and run full malware bytes scan - comes back clean no infections but still experience redirects
6. Ran hitman pro 3.5 which detects a dll in System32 called nvwss5.dll but these laptops are on a domain and therefore i cant register a free key / trial
7. Run hijackthis and have posted log below

Can any of you help with this. I have tried all i can think of with no luck. I have not run combofix as this is a last restort and should only be run if instructed.

TDDS Killer log:
08:02:33.0753 1684 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
08:02:35.0672 1684 ============================================================
08:02:35.0672 1684 Current date / time: 2012/02/22 08:02:35.0672
08:02:35.0672 1684 SystemInfo:
08:02:35.0672 1684
08:02:35.0672 1684 OS Version: 6.1.7601 ServicePack: 1.0
08:02:35.0672 1684 Product type: Workstation
08:02:35.0672 1684 ComputerName: WALLYP-PC
08:02:35.0672 1684 UserName: shane.l
08:02:35.0672 1684 Windows directory: C:\Windows
08:02:35.0672 1684 System windows directory: C:\Windows
08:02:35.0672 1684 Processor architecture: Intel x86
08:02:35.0672 1684 Number of processors: 8
08:02:35.0672 1684 Page size: 0x1000
08:02:35.0672 1684 Boot type: Safe boot with network
08:02:35.0672 1684 ============================================================
08:02:37.0278 1684 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:02:37.0637 1684 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:02:37.0637 1684 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:02:37.0918 1684 \Device\Harddisk0\DR0:
08:02:37.0918 1684 MBR used
08:02:37.0918 1684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:02:37.0918 1684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
08:02:37.0918 1684 \Device\Harddisk1\DR1:
08:02:37.0918 1684 MBR used
08:02:37.0918 1684 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
08:02:37.0918 1684 \Device\Harddisk2\DR2:
08:02:37.0918 1684 MBR used
08:02:37.0918 1684 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542E2B0
08:02:37.0996 1684 Initialize success
08:02:37.0996 1684 ============================================================
08:02:48.0666 1856 ============================================================
08:02:48.0666 1856 Scan started
08:02:48.0666 1856 Mode: Manual; SigCheck; TDLFS;
08:02:48.0666 1856 ============================================================
08:02:49.0649 1856 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:02:49.0790 1856 1394ohci - ok
08:02:49.0837 1856 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
08:02:49.0837 1856 Accelerometer - ok
08:02:49.0930 1856 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:02:49.0946 1856 ACPI - ok
08:02:50.0008 1856 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:02:50.0055 1856 AcpiPmi - ok
08:02:50.0133 1856 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:02:50.0149 1856 adp94xx - ok
08:02:50.0164 1856 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:02:50.0180 1856 adpahci - ok
08:02:50.0195 1856 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:02:50.0211 1856 adpu320 - ok
08:02:50.0289 1856 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:02:50.0351 1856 AFD - ok
08:02:50.0414 1856 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
08:02:50.0492 1856 AgereSoftModem - ok
08:02:50.0554 1856 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:02:50.0554 1856 agp440 - ok
08:02:50.0601 1856 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:02:50.0601 1856 aic78xx - ok
08:02:50.0663 1856 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:02:50.0679 1856 aliide - ok
08:02:50.0710 1856 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:02:50.0726 1856 amdagp - ok
08:02:50.0757 1856 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:02:50.0757 1856 amdide - ok
08:02:50.0804 1856 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:02:50.0866 1856 AmdK8 - ok
08:02:50.0897 1856 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:02:50.0929 1856 AmdPPM - ok
08:02:51.0053 1856 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:02:51.0069 1856 amdsata - ok
08:02:51.0085 1856 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:02:51.0100 1856 amdsbs - ok
08:02:51.0131 1856 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:02:51.0131 1856 amdxata - ok
08:02:51.0209 1856 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:02:51.0303 1856 AppID - ok
08:02:51.0365 1856 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:02:51.0381 1856 arc - ok
08:02:51.0428 1856 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:02:51.0443 1856 arcsas - ok
08:02:51.0475 1856 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:02:51.0584 1856 AsyncMac - ok
08:02:51.0662 1856 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:02:51.0662 1856 atapi - ok
08:02:51.0709 1856 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:02:51.0740 1856 b06bdrv - ok
08:02:51.0818 1856 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:02:51.0833 1856 b57nd60x - ok
08:02:51.0943 1856 BCM43XX (3da1c04ea8c09a9f77a951d5ae4f8cfc) C:\Windows\system32\DRIVERS\bcmwl6.sys
08:02:52.0005 1856 BCM43XX - ok
08:02:52.0083 1856 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:02:52.0130 1856 Beep - ok
08:02:52.0161 1856 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:02:52.0192 1856 blbdrive - ok
08:02:52.0270 1856 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:02:52.0286 1856 bowser - ok
08:02:52.0317 1856 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:02:52.0348 1856 BrFiltLo - ok
08:02:52.0395 1856 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:02:52.0411 1856 BrFiltUp - ok
08:02:52.0426 1856 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:02:52.0457 1856 Brserid - ok
08:02:52.0489 1856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:02:52.0520 1856 BrSerWdm - ok
08:02:52.0551 1856 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:02:52.0582 1856 BrUsbMdm - ok
08:02:52.0613 1856 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:02:52.0660 1856 BrUsbSer - ok
08:02:52.0785 1856 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
08:02:52.0847 1856 BthEnum - ok
08:02:52.0863 1856 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:02:52.0879 1856 BTHMODEM - ok
08:02:52.0925 1856 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
08:02:52.0957 1856 BthPan - ok
08:02:53.0035 1856 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
08:02:53.0081 1856 BTHPORT - ok
08:02:53.0159 1856 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
08:02:53.0175 1856 BTHUSB - ok
08:02:53.0222 1856 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:02:53.0269 1856 cdfs - ok
08:02:53.0393 1856 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
08:02:53.0425 1856 cdrom - ok
08:02:53.0487 1856 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:02:53.0503 1856 circlass - ok
08:02:53.0549 1856 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:02:53.0565 1856 CLFS - ok
08:02:53.0612 1856 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:02:53.0627 1856 CmBatt - ok
08:02:53.0643 1856 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:02:53.0659 1856 cmdide - ok
08:02:53.0737 1856 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
08:02:53.0768 1856 CNG - ok
08:02:53.0783 1856 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:02:53.0799 1856 Compbatt - ok
08:02:53.0861 1856 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:02:53.0877 1856 CompositeBus - ok
08:02:53.0955 1856 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:02:53.0955 1856 crcdisk - ok
08:02:54.0080 1856 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
08:02:54.0095 1856 CSC - ok
08:02:54.0173 1856 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:02:54.0205 1856 DfsC - ok
08:02:54.0267 1856 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:02:54.0298 1856 discache - ok
08:02:54.0329 1856 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:02:54.0345 1856 Disk - ok
08:02:54.0407 1856 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:02:54.0423 1856 drmkaud - ok
08:02:54.0485 1856 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:02:54.0501 1856 DXGKrnl - ok
08:02:54.0595 1856 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:02:54.0688 1856 ebdrv - ok
08:02:54.0719 1856 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:02:54.0735 1856 elxstor - ok
08:02:54.0813 1856 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:02:54.0844 1856 ErrDev - ok
08:02:54.0953 1856 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:02:54.0985 1856 exfat - ok
08:02:55.0000 1856 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:02:55.0031 1856 fastfat - ok
08:02:55.0063 1856 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:02:55.0078 1856 fdc - ok
08:02:55.0125 1856 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:02:55.0141 1856 FileInfo - ok
08:02:55.0156 1856 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:02:55.0203 1856 Filetrace - ok
08:02:55.0219 1856 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:02:55.0234 1856 flpydisk - ok
08:02:55.0297 1856 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:02:55.0297 1856 FltMgr - ok
08:02:55.0328 1856 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:02:55.0328 1856 FsDepends - ok
08:02:55.0359 1856 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:02:55.0375 1856 Fs_Rec - ok
08:02:55.0453 1856 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:02:55.0468 1856 fvevol - ok
08:02:55.0499 1856 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:02:55.0499 1856 gagp30kx - ok
08:02:55.0562 1856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:02:55.0562 1856 GEARAspiWDM - ok
08:02:55.0640 1856 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:02:55.0687 1856 hcw85cir - ok
08:02:55.0765 1856 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
08:02:55.0780 1856 HdAudAddService - ok
08:02:55.0827 1856 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:02:55.0858 1856 HDAudBus - ok
08:02:55.0889 1856 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:02:55.0921 1856 HidBatt - ok
08:02:55.0983 1856 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:02:55.0999 1856 HidBth - ok
08:02:56.0045 1856 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:02:56.0077 1856 HidIr - ok
08:02:56.0155 1856 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:02:56.0186 1856 HidUsb - ok
08:02:56.0311 1856 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
08:02:56.0326 1856 hpdskflt - ok
08:02:56.0357 1856 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:02:56.0357 1856 HpSAMD - ok
08:02:56.0451 1856 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:02:56.0498 1856 HTTP - ok
08:02:56.0545 1856 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:02:56.0545 1856 hwpolicy - ok
08:02:56.0576 1856 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:02:56.0607 1856 i8042prt - ok
08:02:56.0654 1856 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:02:56.0669 1856 iaStorV - ok
08:02:56.0716 1856 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:02:56.0716 1856 iirsp - ok
08:02:56.0810 1856 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:02:56.0825 1856 intelide - ok
08:02:56.0888 1856 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:02:56.0888 1856 intelppm - ok
08:02:56.0981 1856 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:02:57.0028 1856 IpFilterDriver - ok
08:02:57.0059 1856 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:02:57.0075 1856 IPMIDRV - ok
08:02:57.0106 1856 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:02:57.0122 1856 IPNAT - ok
08:02:57.0184 1856 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:02:57.0231 1856 IRENUM - ok
08:02:57.0262 1856 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:02:57.0262 1856 isapnp - ok
08:02:57.0325 1856 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:02:57.0325 1856 iScsiPrt - ok
08:02:57.0371 1856 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:02:57.0371 1856 kbdclass - ok
08:02:57.0403 1856 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
08:02:57.0434 1856 kbdhid - ok
08:02:57.0496 1856 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
08:02:57.0496 1856 KSecDD - ok
08:02:57.0543 1856 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
08:02:57.0559 1856 KSecPkg - ok
08:02:57.0715 1856 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:02:57.0746 1856 lltdio - ok
08:02:57.0824 1856 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:02:57.0839 1856 LSI_FC - ok
08:02:57.0855 1856 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:02:57.0871 1856 LSI_SAS - ok
08:02:57.0917 1856 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:02:57.0933 1856 LSI_SAS2 - ok
08:02:57.0980 1856 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:02:57.0980 1856 LSI_SCSI - ok
08:02:58.0011 1856 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:02:58.0058 1856 luafv - ok
08:02:58.0073 1856 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:02:58.0089 1856 megasas - ok
08:02:58.0120 1856 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:02:58.0120 1856 MegaSR - ok
08:02:58.0167 1856 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:02:58.0229 1856 Modem - ok
08:02:58.0276 1856 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:02:58.0307 1856 monitor - ok
08:02:58.0370 1856 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:02:58.0385 1856 mouclass - ok
08:02:58.0385 1856 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:02:58.0417 1856 mouhid - ok
08:02:58.0463 1856 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:02:58.0479 1856 mountmgr - ok
08:02:58.0541 1856 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:02:58.0541 1856 mpio - ok
08:02:58.0588 1856 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:02:58.0635 1856 mpsdrv - ok
08:02:58.0729 1856 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:02:58.0775 1856 MRxDAV - ok
08:02:58.0791 1856 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:02:58.0838 1856 mrxsmb - ok
08:02:58.0885 1856 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:02:58.0900 1856 mrxsmb10 - ok
08:02:58.0916 1856 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:02:58.0931 1856 mrxsmb20 - ok
08:02:58.0947 1856 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:02:58.0947 1856 msahci - ok
08:02:58.0994 1856 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:02:59.0009 1856 msdsm - ok
08:02:59.0072 1856 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:02:59.0103 1856 Msfs - ok
08:02:59.0119 1856 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:02:59.0165 1856 mshidkmdf - ok
08:02:59.0197 1856 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:02:59.0212 1856 msisadrv - ok
08:02:59.0275 1856 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:02:59.0306 1856 MSKSSRV - ok
08:02:59.0337 1856 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:02:59.0368 1856 MSPCLOCK - ok
08:02:59.0384 1856 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:02:59.0446 1856 MSPQM - ok
08:02:59.0477 1856 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:02:59.0493 1856 MsRPC - ok
08:02:59.0571 1856 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:02:59.0571 1856 mssmbios - ok
08:02:59.0618 1856 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:02:59.0665 1856 MSTEE - ok
08:02:59.0665 1856 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:02:59.0696 1856 MTConfig - ok
08:02:59.0711 1856 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:02:59.0727 1856 Mup - ok
08:02:59.0774 1856 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:02:59.0789 1856 NativeWifiP - ok
08:02:59.0883 1856 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:02:59.0914 1856 NDIS - ok
08:02:59.0945 1856 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:02:59.0992 1856 NdisCap - ok
08:03:00.0101 1856 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:03:00.0133 1856 NdisTapi - ok
08:03:00.0211 1856 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:03:00.0257 1856 Ndisuio - ok
08:03:00.0335 1856 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:03:00.0367 1856 NdisWan - ok
08:03:00.0413 1856 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:03:00.0445 1856 NDProxy - ok
08:03:00.0476 1856 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:03:00.0523 1856 NetBIOS - ok
08:03:00.0616 1856 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:03:00.0647 1856 NetBT - ok
08:03:00.0725 1856 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:03:00.0741 1856 nfrd960 - ok
08:03:00.0803 1856 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:03:00.0835 1856 Npfs - ok
08:03:00.0913 1856 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:03:00.0991 1856 nsiproxy - ok
08:03:01.0256 1856 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:03:01.0287 1856 Ntfs - ok
08:03:01.0334 1856 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:03:01.0349 1856 Null - ok
08:03:01.0521 1856 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\Windows\system32\drivers\nvhda32v.sys
08:03:01.0521 1856 NVHDA - ok
08:03:03.0143 1856 nvlddmkm (81b772c29e82191aecb21f4abf9e7b3b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:03:03.0424 1856 nvlddmkm - ok
08:03:03.0643 1856 nvlddmkm (81b772c29e82191aecb21f4abf9e7b3b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:03:03.0783 1856 nvlddmkm - ok
08:03:04.0095 1856 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:03:04.0111 1856 nvraid - ok
08:03:04.0235 1856 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:03:04.0235 1856 nvstor - ok
08:03:04.0345 1856 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:03:04.0360 1856 nv_agp - ok
08:03:04.0469 1856 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:03:04.0516 1856 ohci1394 - ok
08:03:04.0719 1856 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:03:04.0719 1856 Parport - ok
08:03:04.0844 1856 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
08:03:04.0844 1856 partmgr - ok
08:03:04.0906 1856 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:03:05.0047 1856 Parvdm - ok
08:03:05.0062 1856 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:03:05.0078 1856 pci - ok
08:03:05.0109 1856 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:03:05.0125 1856 pciide - ok
08:03:05.0156 1856 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:03:05.0171 1856 pcmcia - ok
08:03:05.0203 1856 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:03:05.0218 1856 pcw - ok
08:03:05.0249 1856 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:03:05.0296 1856 PEAUTH - ok
08:03:05.0421 1856 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
08:03:05.0421 1856 Point32 - ok
08:03:05.0483 1856 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:03:05.0530 1856 PptpMiniport - ok
08:03:05.0546 1856 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:03:05.0577 1856 Processor - ok
08:03:05.0639 1856 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:03:05.0671 1856 Psched - ok
08:03:05.0733 1856 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:03:05.0795 1856 ql2300 - ok
08:03:05.0811 1856 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:03:05.0811 1856 ql40xx - ok
08:03:05.0858 1856 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:03:05.0858 1856 QWAVEdrv - ok
08:03:05.0905 1856 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:03:05.0951 1856 RasAcd - ok
08:03:06.0014 1856 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:03:06.0061 1856 RasAgileVpn - ok
08:03:06.0061 1856 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:03:06.0092 1856 Rasl2tp - ok
08:03:06.0154 1856 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:03:06.0185 1856 RasPppoe - ok
08:03:06.0217 1856 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:03:06.0248 1856 RasSstp - ok
08:03:06.0310 1856 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:03:06.0326 1856 rdbss - ok
08:03:06.0357 1856 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:03:06.0373 1856 rdpbus - ok
08:03:06.0435 1856 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:03:06.0497 1856 RDPCDD - ok
08:03:06.0544 1856 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
08:03:06.0591 1856 RDPDR - ok
08:03:06.0622 1856 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:03:06.0638 1856 RDPENCDD - ok
08:03:06.0685 1856 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:03:06.0731 1856 RDPREFMP - ok
08:03:06.0809 1856 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
08:03:06.0841 1856 RdpVideoMiniport - ok
08:03:06.0887 1856 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
08:03:06.0903 1856 RDPWD - ok
08:03:06.0981 1856 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:03:06.0997 1856 rdyboost - ok
08:03:07.0059 1856 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
08:03:07.0075 1856 RFCOMM - ok
08:03:07.0168 1856 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
08:03:07.0184 1856 RsFx0103 - ok
08:03:07.0231 1856 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:03:07.0277 1856 rspndr - ok
08:03:07.0340 1856 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
08:03:07.0387 1856 RTL8167 - ok
08:03:07.0433 1856 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
08:03:07.0465 1856 s3cap - ok
08:03:07.0543 1856 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:03:07.0543 1856 sbp2port - ok
08:03:07.0636 1856 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:03:07.0652 1856 scfilter - ok
08:03:07.0761 1856 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
08:03:07.0761 1856 sdbus - ok
08:03:07.0823 1856 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:03:07.0855 1856 secdrv - ok
08:03:07.0964 1856 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:03:07.0979 1856 Serenum - ok
08:03:08.0042 1856 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:03:08.0057 1856 Serial - ok
08:03:08.0104 1856 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:03:08.0120 1856 sermouse - ok
08:03:08.0182 1856 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:03:08.0229 1856 sffdisk - ok
08:03:08.0245 1856 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:03:08.0245 1856 sffp_mmc - ok
08:03:08.0260 1856 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:03:08.0276 1856 sffp_sd - ok
08:03:08.0291 1856 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:03:08.0323 1856 sfloppy - ok
08:03:08.0369 1856 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:03:08.0369 1856 sisagp - ok
08:03:08.0416 1856 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:03:08.0416 1856 SiSRaid2 - ok
08:03:08.0432 1856 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:03:08.0447 1856 SiSRaid4 - ok
08:03:08.0479 1856 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:03:08.0510 1856 Smb - ok
08:03:08.0557 1856 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:03:08.0557 1856 spldr - ok
08:03:08.0619 1856 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:03:08.0681 1856 srv - ok
08:03:08.0713 1856 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:03:08.0759 1856 srv2 - ok
08:03:08.0791 1856 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:03:08.0822 1856 srvnet - ok
08:03:08.0853 1856 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:03:08.0869 1856 stexstor - ok
08:03:08.0915 1856 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
08:03:08.0947 1856 STHDA - ok
08:03:08.0993 1856 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
08:03:09.0009 1856 storflt - ok
08:03:09.0025 1856 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
08:03:09.0040 1856 storvsc - ok
08:03:09.0056 1856 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:03:09.0071 1856 swenum - ok
08:03:09.0071 1856 Synth3dVsc - ok
08:03:09.0103 1856 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
08:03:09.0118 1856 SynTP - ok
08:03:09.0181 1856 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
08:03:09.0243 1856 Tcpip - ok
08:03:09.0274 1856 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
08:03:09.0290 1856 TCPIP6 - ok
08:03:09.0321 1856 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:03:09.0368 1856 tcpipreg - ok
08:03:09.0430 1856 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:03:09.0461 1856 TDPIPE - ok
08:03:09.0477 1856 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
08:03:09.0508 1856 TDTCP - ok
08:03:09.0571 1856 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:03:09.0602 1856 tdx - ok
08:03:09.0633 1856 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:03:09.0633 1856 TermDD - ok
08:03:09.0695 1856 tmactmon (260d9b745e612469454fbd2c4058b915) C:\Windows\system32\DRIVERS\tmactmon.sys
08:03:09.0695 1856 tmactmon - ok
08:03:09.0758 1856 tmcomm (11e6a2d8ebf7031d3b1c9602030bff6a) C:\Windows\system32\DRIVERS\tmcomm.sys
08:03:09.0758 1856 tmcomm - ok
08:03:09.0773 1856 tmevtmgr (86574927c6626130a3b02ff52a0a6abe) C:\Windows\system32\DRIVERS\tmevtmgr.sys
08:03:09.0789 1856 tmevtmgr - ok
08:03:09.0851 1856 tmtdi (69bf24e2871088115f422d6c7f41c400) C:\Windows\system32\DRIVERS\tmtdi.sys
08:03:09.0867 1856 tmtdi - ok
08:03:09.0914 1856 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:03:09.0961 1856 tssecsrv - ok
08:03:10.0007 1856 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:03:10.0023 1856 TsUsbFlt - ok
08:03:10.0023 1856 tsusbhub - ok
08:03:10.0101 1856 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:03:10.0132 1856 tunnel - ok
08:03:10.0179 1856 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:03:10.0195 1856 uagp35 - ok
08:03:10.0241 1856 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:03:10.0273 1856 udfs - ok
08:03:10.0335 1856 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:03:10.0351 1856 uliagpkx - ok
08:03:10.0397 1856 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
08:03:10.0397 1856 umbus - ok
08:03:10.0413 1856 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:03:10.0429 1856 UmPass - ok
08:03:10.0475 1856 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
08:03:10.0507 1856 USBAAPL - ok
08:03:10.0553 1856 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
08:03:10.0569 1856 usbccgp - ok
08:03:10.0616 1856 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:03:10.0631 1856 usbcir - ok
08:03:10.0694 1856 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
08:03:10.0725 1856 usbehci - ok
08:03:10.0756 1856 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:03:10.0772 1856 usbhub - ok
08:03:10.0819 1856 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
08:03:10.0850 1856 usbohci - ok
08:03:10.0865 1856 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:03:10.0881 1856 usbprint - ok
08:03:10.0897 1856 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:03:10.0928 1856 USBSTOR - ok
08:03:10.0943 1856 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
08:03:10.0959 1856 usbuhci - ok
08:03:10.0990 1856 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
08:03:11.0006 1856 usbvideo - ok
08:03:11.0037 1856 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:03:11.0037 1856 vdrvroot - ok
08:03:11.0053 1856 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:03:11.0068 1856 vga - ok
08:03:11.0084 1856 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:03:11.0115 1856 VgaSave - ok
08:03:11.0115 1856 VGPU - ok
08:03:11.0146 1856 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:03:11.0146 1856 vhdmp - ok
08:03:11.0209 1856 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:03:11.0209 1856 viaagp - ok
08:03:11.0224 1856 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:03:11.0240 1856 ViaC7 - ok
08:03:11.0271 1856 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:03:11.0271 1856 viaide - ok
08:03:11.0318 1856 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
08:03:11.0333 1856 vmbus - ok
08:03:11.0380 1856 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
08:03:11.0380 1856 VMBusHID - ok
08:03:11.0411 1856 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:03:11.0411 1856 volmgr - ok
08:03:11.0443 1856 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:03:11.0458 1856 volmgrx - ok
08:03:11.0474 1856 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:03:11.0474 1856 volsnap - ok
08:03:11.0521 1856 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:03:11.0521 1856 vsmraid - ok
08:03:11.0552 1856 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
08:03:11.0567 1856 vwifibus - ok
08:03:11.0599 1856 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
08:03:11.0614 1856 vwififlt - ok
08:03:11.0630 1856 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:03:11.0661 1856 WacomPen - ok
08:03:11.0708 1856 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:11.0739 1856 WANARP - ok
08:03:11.0739 1856 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:11.0755 1856 Wanarpv6 - ok
08:03:11.0786 1856 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:03:11.0801 1856 Wd - ok
08:03:11.0817 1856 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:03:11.0833 1856 Wdf01000 - ok
08:03:11.0895 1856 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:03:11.0911 1856 WfpLwf - ok
08:03:11.0926 1856 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:03:11.0926 1856 WIMMount - ok
08:03:12.0020 1856 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:03:12.0035 1856 WinUsb - ok
08:03:12.0082 1856 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:03:12.0113 1856 WmiAcpi - ok
08:03:12.0129 1856 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:03:12.0176 1856 ws2ifsl - ok
08:03:12.0238 1856 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:03:12.0269 1856 WudfPf - ok
08:03:12.0301 1856 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:03:12.0347 1856 WUDFRd - ok
08:03:12.0394 1856 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:03:12.0581 1856 \Device\Harddisk0\DR0 - ok
08:03:12.0581 1856 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
08:03:13.0018 1856 \Device\Harddisk1\DR1 - ok
08:03:13.0018 1856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
08:03:13.0393 1856 \Device\Harddisk2\DR2 - ok
08:03:13.0408 1856 Boot (0x1200) (b46139f1723e75bec8ca03dc03520f8c) \Device\Harddisk0\DR0\Partition0
08:03:13.0408 1856 \Device\Harddisk0\DR0\Partition0 - ok
08:03:13.0408 1856 Boot (0x1200) (e2c0747498009b2ddb006d5b8c6e2253) \Device\Harddisk0\DR0\Partition1
08:03:13.0408 1856 \Device\Harddisk0\DR0\Partition1 - ok
08:03:13.0408 1856 Boot (0x1200) (e30cd38fd8d90d48e62c90b131401b08) \Device\Harddisk1\DR1\Partition0
08:03:13.0408 1856 \Device\Harddisk1\DR1\Partition0 - ok
08:03:13.0424 1856 Boot (0x1200) (0e9bd4f8bc3ca3f6f8352145090f700a) \Device\Harddisk2\DR2\Partition0
08:03:13.0424 1856 \Device\Harddisk2\DR2\Partition0 - ok
08:03:13.0424 1856 ============================================================
08:03:13.0424 1856 Scan finished
08:03:13.0424 1856 ============================================================
08:03:13.0424 1784 Detected object count: 0
08:03:13.0424 1784 Actual detected object count: 0
08:04:19.0303 1712 Deinitialize success

hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:55 AM, on 22/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\shane.l\Downloads\ccsetup315.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\shane.l\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1045\TmIEPlg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://kaseya.smileit.com.au/inc/kaxRemote.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = panpro.com.au
O17 - HKLM\Software\..\Telephony: DomainName = panpro.com.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = panpro.com.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = panpro.com.au
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1045\TmIEPlg.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Trend Micro Security Agent Communicator (TmListen) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

--
End of file - 5790 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 24 February 2012 - 01:48 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 27 February 2012 - 12:47 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 01 March 2012 - 09:49 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users