Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox/Chrome Google Redirect Virus


  • Please log in to reply
18 replies to this topic

#1 The Diva

The Diva

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 28 February 2012 - 12:20 AM

HI
I am running windows 7 and I have the redirect virus. My browser is redirected to addedsuccess.com searcharena.com and whatever else.

I have used Malarebytes, Super Antispyware,Avast, TDSSKiller, MacAfee and the latest version of Hi-Jack this for logs.

I have followed every instruction I can find stopping short of using Combofix because of all the warnings. I'm at a loss, I could really use help cleaning this up.

Thank you.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 PM

Posted 28 February 2012 - 04:53 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 28 February 2012 - 08:26 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-28 13:56:14
Windows 6.1.7601 Service Pack 1
Running: 6z2jp0bj.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0x07 0x24 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7C 0xED 0x84 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFC 0x52 0x13 0xCB ...

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 37888 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{14f23f56-05dd-11e1-854e-001d9273dd46}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{14f23f56-05dd-11e1-854e-001d9273dd46}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{14f23f56-05dd-11e1-854e-001d9273dd46}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{ac45f648-c361-11e0-ae7c-001d9273dd46}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{ac45f648-c361-11e0-ae7c-001d9273dd46}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{ac45f648-c361-11e0-ae7c-001d9273dd46}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Microsoft\Windows\Explorer 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\extra.dat 472 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\h 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\h\explorer.exe 1536 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\h\iexplore.exe 1536 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\nircmd.chm 38015 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\nircmd.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\nircmdc.exe 30720 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\nird 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\nird\iexplore.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\pev.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\prep.bat 68 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\procs 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\procs\explorer.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\procs\iexplore.com 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\procs\iexplore.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\procs\proc.dat 11212 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\proxycheck.exe 302187 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\rkill.bat 5080 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\rkill.reg 3146 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\s.inf 1081 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\sed.exe 98816 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\serv.dat 198 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\sh.vbs 313 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\swreg.exe 161792 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\userinit.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\winlogon.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\RarSFX0\wl.txt 405 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Kamal\AppData\Local\Temp\rks1.log 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\INF 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\INF\setupapi.app.log 39719 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-F98A1078.pf 12716 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\System32 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\System32\DriverStore 0 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 180 bytes

---- EOF - GMER 1.0.15 ----

2012/02/28 13:58:37.0696 1656 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2012/02/28 13:58:40.0932 1656 ================================================================================
2012/02/28 13:58:40.0932 1656 SystemInfo:
2012/02/28 13:58:40.0932 1656
2012/02/28 13:58:40.0933 1656 OS Version: 6.1.7601 ServicePack: 1.0
2012/02/28 13:58:40.0933 1656 Product type: Workstation
2012/02/28 13:58:40.0933 1656 ComputerName: KAMAL-PC
2012/02/28 13:58:40.0933 1656 UserName: Kamal
2012/02/28 13:58:40.0933 1656 Windows directory: C:\Windows
2012/02/28 13:58:40.0933 1656 System windows directory: C:\Windows
2012/02/28 13:58:40.0933 1656 Running under WOW64
2012/02/28 13:58:40.0933 1656 Processor architecture: Intel x64
2012/02/28 13:58:40.0933 1656 Number of processors: 4
2012/02/28 13:58:40.0933 1656 Page size: 0x1000
2012/02/28 13:58:40.0933 1656 Boot type: Normal boot
2012/02/28 13:58:40.0933 1656 ================================================================================
2012/02/28 13:58:50.0125 1656 Initialize success
2012/02/28 13:58:54.0362 6196 ================================================================================
2012/02/28 13:58:54.0362 6196 Scan started
2012/02/28 13:58:54.0362 6196 Mode: Manual;
2012/02/28 13:58:54.0362 6196 ================================================================================
2012/02/28 13:58:56.0602 6196 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2012/02/28 13:58:56.0666 6196 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2012/02/28 13:58:56.0716 6196 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2012/02/28 13:58:56.0786 6196 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2012/02/28 13:58:56.0841 6196 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2012/02/28 13:58:56.0882 6196 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2012/02/28 13:58:56.0979 6196 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
2012/02/28 13:58:57.0030 6196 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2012/02/28 13:58:57.0053 6196 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2012/02/28 13:58:57.0076 6196 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2012/02/28 13:58:57.0101 6196 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2012/02/28 13:58:57.0155 6196 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2012/02/28 13:58:57.0210 6196 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2012/02/28 13:58:57.0233 6196 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2012/02/28 13:58:57.0252 6196 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2012/02/28 13:58:57.0300 6196 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2012/02/28 13:58:57.0346 6196 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2012/02/28 13:58:57.0360 6196 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2012/02/28 13:58:57.0410 6196 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
2012/02/28 13:58:57.0436 6196 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
2012/02/28 13:58:57.0461 6196 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
2012/02/28 13:58:57.0511 6196 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
2012/02/28 13:58:57.0545 6196 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
2012/02/28 13:58:57.0574 6196 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
2012/02/28 13:58:57.0594 6196 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2012/02/28 13:58:57.0638 6196 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2012/02/28 13:58:57.0815 6196 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2012/02/28 13:58:57.0896 6196 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2012/02/28 13:58:57.0995 6196 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2012/02/28 13:58:58.0025 6196 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2012/02/28 13:58:58.0082 6196 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2012/02/28 13:58:58.0107 6196 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2012/02/28 13:58:58.0164 6196 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2012/02/28 13:58:58.0231 6196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2012/02/28 13:58:58.0262 6196 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2012/02/28 13:58:58.0282 6196 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2012/02/28 13:58:58.0310 6196 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2012/02/28 13:58:58.0351 6196 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2012/02/28 13:58:58.0413 6196 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2012/02/28 13:58:58.0478 6196 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2012/02/28 13:58:58.0500 6196 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2012/02/28 13:58:58.0628 6196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2012/02/28 13:58:58.0669 6196 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2012/02/28 13:58:58.0686 6196 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2012/02/28 13:58:58.0749 6196 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
2012/02/28 13:58:58.0774 6196 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2012/02/28 13:58:58.0806 6196 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
2012/02/28 13:58:58.0862 6196 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2012/02/28 13:58:58.0945 6196 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2012/02/28 13:58:59.0004 6196 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2012/02/28 13:58:59.0040 6196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2012/02/28 13:58:59.0166 6196 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2012/02/28 13:58:59.0261 6196 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2012/02/28 13:58:59.0356 6196 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
2012/02/28 13:58:59.0574 6196 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2012/02/28 13:58:59.0708 6196 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2012/02/28 13:58:59.0746 6196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2012/02/28 13:58:59.0800 6196 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2012/02/28 13:58:59.0824 6196 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2012/02/28 13:58:59.0867 6196 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2012/02/28 13:58:59.0902 6196 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2012/02/28 13:58:59.0921 6196 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2012/02/28 13:58:59.0939 6196 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2012/02/28 13:58:59.0988 6196 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2012/02/28 13:59:00.0048 6196 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2012/02/28 13:59:00.0158 6196 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
2012/02/28 13:59:00.0194 6196 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2012/02/28 13:59:00.0249 6196 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2012/02/28 13:59:00.0326 6196 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2012/02/28 13:59:00.0393 6196 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2012/02/28 13:59:00.0470 6196 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2012/02/28 13:59:00.0533 6196 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2012/02/28 13:59:00.0562 6196 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2012/02/28 13:59:00.0587 6196 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2012/02/28 13:59:00.0613 6196 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2012/02/28 13:59:00.0642 6196 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2012/02/28 13:59:00.0691 6196 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2012/02/28 13:59:00.0902 6196 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2012/02/28 13:59:00.0970 6196 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2012/02/28 13:59:00.0992 6196 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2012/02/28 13:59:01.0076 6196 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2012/02/28 13:59:01.0154 6196 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2012/02/28 13:59:01.0237 6196 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2012/02/28 13:59:01.0288 6196 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2012/02/28 13:59:01.0325 6196 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
2012/02/28 13:59:01.0374 6196 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2012/02/28 13:59:01.0411 6196 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2012/02/28 13:59:01.0474 6196 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2012/02/28 13:59:01.0541 6196 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2012/02/28 13:59:01.0587 6196 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2012/02/28 13:59:01.0611 6196 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2012/02/28 13:59:01.0648 6196 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2012/02/28 13:59:01.0667 6196 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2012/02/28 13:59:01.0727 6196 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
2012/02/28 13:59:01.0791 6196 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
2012/02/28 13:59:01.0813 6196 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2012/02/28 13:59:01.0880 6196 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2012/02/28 13:59:01.0961 6196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2012/02/28 13:59:02.0009 6196 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2012/02/28 13:59:02.0025 6196 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2012/02/28 13:59:02.0052 6196 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2012/02/28 13:59:02.0087 6196 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2012/02/28 13:59:02.0105 6196 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
2012/02/28 13:59:02.0227 6196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2012/02/28 13:59:02.0260 6196 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2012/02/28 13:59:02.0295 6196 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2012/02/28 13:59:02.0321 6196 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2012/02/28 13:59:02.0351 6196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2012/02/28 13:59:02.0375 6196 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2012/02/28 13:59:02.0406 6196 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2012/02/28 13:59:02.0439 6196 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2012/02/28 13:59:02.0485 6196 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2012/02/28 13:59:02.0551 6196 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2012/02/28 13:59:02.0586 6196 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2012/02/28 13:59:02.0715 6196 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2012/02/28 13:59:02.0750 6196 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2012/02/28 13:59:02.0806 6196 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2012/02/28 13:59:02.0857 6196 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2012/02/28 13:59:02.0898 6196 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2012/02/28 13:59:02.0926 6196 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2012/02/28 13:59:02.0941 6196 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2012/02/28 13:59:02.0980 6196 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2012/02/28 13:59:03.0024 6196 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2012/02/28 13:59:03.0044 6196 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2012/02/28 13:59:03.0109 6196 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2012/02/28 13:59:03.0159 6196 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2012/02/28 13:59:03.0294 6196 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2012/02/28 13:59:03.0315 6196 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2012/02/28 13:59:03.0349 6196 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2012/02/28 13:59:03.0584 6196 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2012/02/28 13:59:03.0668 6196 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2012/02/28 13:59:03.0702 6196 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2012/02/28 13:59:03.0734 6196 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2012/02/28 13:59:03.0791 6196 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2012/02/28 13:59:03.0813 6196 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2012/02/28 13:59:03.0869 6196 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2012/02/28 13:59:03.0914 6196 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2012/02/28 13:59:03.0969 6196 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2012/02/28 13:59:04.0156 6196 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2012/02/28 13:59:04.0223 6196 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2012/02/28 13:59:04.0282 6196 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2012/02/28 13:59:04.0364 6196 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2012/02/28 13:59:04.0416 6196 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2012/02/28 13:59:04.0479 6196 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2012/02/28 13:59:05.0567 6196 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2012/02/28 13:59:05.0935 6196 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2012/02/28 13:59:06.0028 6196 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2012/02/28 13:59:06.0121 6196 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2012/02/28 13:59:06.0332 6196 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2012/02/28 13:59:06.0510 6196 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2012/02/28 13:59:06.0584 6196 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2012/02/28 13:59:06.0666 6196 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2012/02/28 13:59:06.0832 6196 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2012/02/28 13:59:06.0985 6196 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2012/02/28 13:59:07.0245 6196 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2012/02/28 13:59:07.0310 6196 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2012/02/28 13:59:07.0556 6196 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2012/02/28 13:59:08.0071 6196 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2012/02/28 13:59:08.0210 6196 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2012/02/28 13:59:08.0420 6196 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2012/02/28 13:59:08.0667 6196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2012/02/28 13:59:08.0737 6196 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2012/02/28 13:59:08.0817 6196 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2012/02/28 13:59:08.0886 6196 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2012/02/28 13:59:08.0984 6196 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2012/02/28 13:59:09.0083 6196 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2012/02/28 13:59:09.0194 6196 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2012/02/28 13:59:09.0393 6196 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2012/02/28 13:59:09.0504 6196 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2012/02/28 13:59:09.0567 6196 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2012/02/28 13:59:09.0640 6196 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2012/02/28 13:59:09.0714 6196 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2012/02/28 13:59:09.0777 6196 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2012/02/28 13:59:09.0948 6196 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2012/02/28 13:59:10.0159 6196 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2012/02/28 13:59:10.0384 6196 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2012/02/28 13:59:10.0492 6196 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2012/02/28 13:59:10.0594 6196 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2012/02/28 13:59:10.0645 6196 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2012/02/28 13:59:10.0750 6196 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2012/02/28 13:59:10.0864 6196 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2012/02/28 13:59:11.0137 6196 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2012/02/28 13:59:11.0286 6196 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2012/02/28 13:59:11.0373 6196 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2012/02/28 13:59:11.0463 6196 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2012/02/28 13:59:11.0593 6196 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2012/02/28 13:59:11.0669 6196 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2012/02/28 13:59:11.0735 6196 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2012/02/28 13:59:11.0805 6196 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2012/02/28 13:59:11.0936 6196 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2012/02/28 13:59:12.0181 6196 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2012/02/28 13:59:12.0252 6196 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2012/02/28 13:59:12.0306 6196 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2012/02/28 13:59:12.0852 6196 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2012/02/28 13:59:12.0852 6196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2012/02/28 13:59:12.0903 6196 sptd - detected LockedFile.Multi.Generic (1)
2012/02/28 13:59:13.0629 6196 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2012/02/28 13:59:14.0000 6196 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2012/02/28 13:59:14.0144 6196 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2012/02/28 13:59:14.0385 6196 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2012/02/28 13:59:14.0590 6196 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2012/02/28 13:59:15.0061 6196 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
2012/02/28 13:59:15.0469 6196 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
2012/02/28 13:59:15.0566 6196 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2012/02/28 13:59:15.0714 6196 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2012/02/28 13:59:16.0159 6196 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2012/02/28 13:59:16.0368 6196 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2012/02/28 13:59:16.0436 6196 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
2012/02/28 13:59:16.0591 6196 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2012/02/28 13:59:16.0798 6196 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2012/02/28 13:59:17.0186 6196 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
2012/02/28 13:59:17.0680 6196 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2012/02/28 13:59:17.0809 6196 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2012/02/28 13:59:18.0000 6196 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2012/02/28 13:59:18.0154 6196 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2012/02/28 13:59:18.0649 6196 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2012/02/28 13:59:18.0791 6196 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2012/02/28 13:59:18.0989 6196 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2012/02/28 13:59:19.0348 6196 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2012/02/28 13:59:19.0542 6196 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2012/02/28 13:59:19.0682 6196 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2012/02/28 13:59:19.0880 6196 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2012/02/28 13:59:20.0065 6196 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2012/02/28 13:59:20.0132 6196 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2012/02/28 13:59:20.0279 6196 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2012/02/28 13:59:20.0384 6196 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2012/02/28 13:59:20.0459 6196 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2012/02/28 13:59:20.0590 6196 VBoxGuest (9e1d397be6d94627ac9e59380378cf84) C:\Windows\system32\drivers\VBoxGuest.sys
2012/02/28 13:59:20.0790 6196 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2012/02/28 13:59:20.0909 6196 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2012/02/28 13:59:21.0027 6196 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2012/02/28 13:59:21.0250 6196 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2012/02/28 13:59:21.0370 6196 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2012/02/28 13:59:21.0511 6196 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2012/02/28 13:59:21.0736 6196 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2012/02/28 13:59:22.0016 6196 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2012/02/28 13:59:22.0319 6196 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2012/02/28 13:59:22.0444 6196 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2012/02/28 13:59:22.0671 6196 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2012/02/28 13:59:22.0905 6196 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2012/02/28 13:59:23.0017 6196 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2012/02/28 13:59:23.0177 6196 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2012/02/28 13:59:23.0324 6196 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2012/02/28 13:59:23.0531 6196 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2012/02/28 13:59:23.0888 6196 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2012/02/28 13:59:24.0065 6196 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2012/02/28 13:59:24.0350 6196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2012/02/28 13:59:24.0576 6196 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2012/02/28 13:59:24.0719 6196 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2012/02/28 13:59:24.0883 6196 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2012/02/28 13:59:25.0017 6196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2012/02/28 13:59:25.0057 6196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2012/02/28 13:59:25.0217 6196 Boot (0x1200) (de88263300dd91346e7981b87e52c863) \Device\Harddisk0\DR0\Partition0
2012/02/28 13:59:25.0254 6196 Boot (0x1200) (054eababf08ead1e649291eb773e766e) \Device\Harddisk1\DR1\Partition0
2012/02/28 13:59:25.0337 6196 Boot (0x1200) (da7b8fd90ac9e75f04aed5ec1f326833) \Device\Harddisk1\DR1\Partition1
2012/02/28 13:59:25.0392 6196 ================================================================================
2012/02/28 13:59:25.0393 6196 Scan finished
2012/02/28 13:59:25.0393 6196 ================================================================================
2012/02/28 13:59:25.0405 5308 Detected object count: 1
2012/02/28 13:59:25.0405 5308 Actual detected object count: 1
2012/02/28 13:59:30.0266 5308 LockedFile.Multi.Generic(sptd) - User select action: Skip

I forgot to change the settings on Avast to allow for logs, but it did find 7 trojans hat Malwarebytes claimed to have found and delete 3 days ago.
Win32:FakeAlert-NO[Trj]
Win32:FakeSysdef-EG[Trj]
Win32:VBCrypt-GN[Trj]
Win32:Jifas-BY[Trj]
Win32:Jifas-DG[Trj]
Win32:Jifas-DU[Trj]
Win32:Bedolab-K[Trj]

I deleted them and now Avast wants me to reboot so it can do a boot time check,

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 PM

Posted 29 February 2012 - 03:13 AM

Launch malwarebytes and run a FULL SCAN in regular mode,remove infections run it again until you get a CLEAN log

you did not post the ASWMBR log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 29 February 2012 - 10:09 PM

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421


Protection: Enabled

2/29/2012 10:12:18 AM
mbam-log-2012-02-29 (10-12-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 565089
Time elapsed: 1 hour(s), 39 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
MiniToolBox by Farbar Version: 18-01-2012
Ran by (administrator) on 29-02-2012 at 19:07:36
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : xxxx-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1D-92-73-DD-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5535:ff6:5e8a:59d7%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.10.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, February 28, 2012 6:22:21 PM
Lease Expires . . . . . . . . . . : Tuesday, March 06, 2012 6:22:22 PM
Default Gateway . . . . . . . . . : 192.168.10.1
DHCP Server . . . . . . . . . . . : 192.168.10.1
DHCPv6 IAID . . . . . . . . . . . : 251665810
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-91-AD-DB-00-1D-92-73-DD-46
DNS Servers . . . . . . . . . . . : 192.168.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:444:2d6d:3f57:f599(Preferred)
Link-local IPv6 Address . . . . . : fe80::444:2d6d:3f57:f599%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.hsd1.wa.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.10.1

Name: google.com
Addresses: 173.194.33.4
173.194.33.2
173.194.33.3
173.194.33.7
173.194.33.0
173.194.33.1
173.194.33.5
173.194.33.8
173.194.33.9
173.194.33.14
173.194.33.6


Pinging google.com [173.194.33.6] with 32 bytes of data:
Reply from 173.194.33.6: bytes=32 time=13ms TTL=55
Reply from 173.194.33.6: bytes=32 time=11ms TTL=55

Ping statistics for 173.194.33.6:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 13ms, Average = 12ms
Server: UnKnown
Address: 192.168.10.1

Name: yahoo.com
Addresses: 209.191.122.70
98.139.127.62
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=127ms TTL=47
Reply from 98.139.183.24: bytes=32 time=110ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 110ms, Maximum = 127ms, Average = 118ms
Server: UnKnown
Address: 192.168.10.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 5ms, Average = 3ms
===========================================================================
Interface List
12...00 1d 92 73 dd 46 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.102 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.10.0 255.255.255.0 On-link 192.168.10.102 276
192.168.10.102 255.255.255.255 On-link 192.168.10.102 276
192.168.10.255 255.255.255.255 On-link 192.168.10.102 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.102 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.102 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 58 ::/0 On-link
1 306 ::1/128 On-link
10 58 2001::/32 On-link
10 306 2001:0:5ef5:79fb:444:2d6d:3f57:f599/128
On-link
12 276 fe80::/64 On-link
10 306 fe80::/64 On-link
10 306 fe80::444:2d6d:3f57:f599/128
On-link
12 276 fe80::5535:ff6:5e8a:59d7/128
On-link
1 306 ff00::/8 On-link
10 306 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/29/2012 00:59:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/29/2012 00:59:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/29/2012 00:59:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/29/2012 00:59:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/29/2012 04:18:19 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (02/29/2012 04:14:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/28/2012 10:42:21 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (02/28/2012 07:19:32 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Elcomsoft Phone Password Breaker; Error = 0x80070422).

Error: (02/28/2012 07:19:26 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Elcomsoft Phone Password Breaker; Error = 0x80070422).

Error: (02/28/2012 01:54:01 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).


System errors:
=============
Error: (02/28/2012 05:27:46 PM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (02/27/2012 10:16:18 PM) (Source: DCOM) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding740{D5641912-E47A-429C-879E-CFE13EAC7A13}

Error: (02/24/2012 00:18:01 AM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (02/17/2012 11:54:36 AM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (02/16/2012 10:17:30 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:14:20 PM on ?2/?16/?2012 was unexpected.

Error: (02/13/2012 11:15:25 PM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (02/12/2012 09:47:27 PM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.10.102 with the system
having network hardware address 00-0D-4B-4E-7E-23. Network operations on this system may
be disrupted as a result.

Error: (02/10/2012 02:54:33 PM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (02/10/2012 10:12:12 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Security Scan Component Host Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/06/2012 00:25:42 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:23:55 AM on ?2/?6/?2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (02/29/2012 00:59:46 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Kamal\Downloads\esetsmartinstaller_enu.exe

Error: (02/29/2012 00:59:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Kamal\Downloads\esetsmartinstaller_enu.exe

Error: (02/29/2012 00:59:37 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Kamal\Downloads\esetsmartinstaller_enu.exe

Error: (02/29/2012 00:59:32 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Kamal\Downloads\esetsmartinstaller_enu.exe

Error: (02/29/2012 04:18:19 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (02/29/2012 04:14:41 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/28/2012 10:42:21 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (02/28/2012 07:19:32 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled Elcomsoft Phone Password Breaker0x80070422

Error: (02/28/2012 07:19:26 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled Elcomsoft Phone Password Breaker0x80070422

Error: (02/28/2012 01:54:01 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (Version: 2.7.0.19530)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 6.0.1367.0)
Avidemux 2.5 (32-bit) (Version: 2.5.4.7200)
Bing Bar (Version: 7.0.619.0)
Bonjour (Version: 3.0.0.10)
calibre (Version: 0.8.40)
CMUD 3.34 (Version: 3.34)
ConvertXtoDVD 4.0.12.327 (Version: 4.0.12.327)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Elcomsoft Phone Password Breaker (Version: 1.81.1077.899)
ESET Online Scanner v3
Garmin City Navigator North America NT 2012.10 Update (Version: 15.10.0.0)
Garmin City Navigator North America NT 2012.20 Update (Version: 15.20.0.0)
Garmin Communicator Plugin (Version: 2.9.3)
Garmin Lifetime Updater (Version: 2.0.5)
Garmin USB Drivers (Version: 2.3.0.0)
Google Chrome (Version: 17.0.963.56)
Google Talk Plugin (Version: 2.6.1.5251)
Google Update Helper (Version: 1.3.21.99)
Happy Chef 1.00
HiJackThis (Version: 1.0.0)
Hitman Pro 3.5 (Version: 3.5.9.129)
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Junk Mail filter update (Version: 15.4.3502.0922)
Kobo (Version: 2.1.3)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MapleStory
McAfee Security Scan Plus (Version: 2.0.181.2)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Octoshape add-in for Adobe Flash Player
OJOsoft Total Video Converter (Version: 2.7.2.1017)
QuickTime (Version: 7.71.80.42)
Rinse (Version: 1.83)
Rinse (Version: 1.83P)
Rootkit Unhooker LE 3.8 SR 2
Skype™ 5.5 (Version: 5.5.124)
Spotify (Version: 0.5.2)
Spotify (Version: 0.6.2)
SUPERAntiSpyware (Version: 5.0.1118)
Total Video Converter 3.70 100621
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Vuze (Version: 4.6)
Winamp (Version: 5.621 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Wizard101 (Version: 1.0.0)
Wondershare Video Converter Ultimate(Build 5.6.0.1)
Yahoo! Messenger
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 85%
Total physical RAM: 4095.24 MB
Available physical RAM: 584.52 MB
Total Pagefile: 8188.68 MB
Available Pagefile: 3014.97 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.95 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:1397 GB) (Free:818.85 GB) NTFS
3 Drive d: (Warhorse) (CDROM) (Total:3.33 GB) (Free:0 GB) UDF
4 Drive e: (Data Storage) (Fixed) (Total:1397.26 GB) (Free:1396.92 GB) NTFS

========================= Users: ========================================

User accounts for \\xxx-PC

Administrator Guest Kamal
UpdatusUser


**** End of log ****

Edited by The Diva, 29 February 2012 - 10:13 PM.


#6 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 29 February 2012 - 10:11 PM

C:\Users\xxx\Downloads\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined

Edited by The Diva, 29 February 2012 - 10:11 PM.


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 PM

Posted 01 March 2012 - 02:12 AM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here


Do you still face redirects?

Edited by narenxp, 01 March 2012 - 02:13 AM.


#8 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 01 March 2012 - 01:51 PM

As I posted above
I forgot to change the settings on Avast to allow for logs, but it did find 7 trojans hat Malwarebytes claimed to have found and delete 3 days ago.
Win32:FakeAlert-NO[Trj]
Win32:FakeSysdef-EG[Trj]
Win32:VBCrypt-GN[Trj]
Win32:Jifas-BY[Trj]
Win32:Jifas-DG[Trj]
Win32:Jifas-DU[Trj]
Win32:Bedolab-K[Trj]

I will rerun it now and I have set the parameters to post a log.
And yes I was redirected to gimmeanswers while doing a search in Chrome.

#9 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 01 March 2012 - 09:39 PM

*
* avast! Scan Report
* This file is generated automatically
*
* Scan name: Full system scan
* Started on: Thursday, March 01, 2012 10:58:56 AM
* VPS: 120301-0, 03/01/2012
*

C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\bgBody.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\bgBodyOpenX.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\bgButton.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\bgButtonFinished.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\bgCheckbox.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\bgCloseProgram.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\bgDownloadBarEmpty.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\bgDownloadBarError.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\bgDownloadBarFull.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\bgHeaderError.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\buttonCenter.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\buttonCenterFinished.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\buttonLeft.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\buttonLeftFinished.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\buttonRight.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\buttonRightFinished.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\iconBlank.gif [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\iconComplete.gif [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\iconError.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\iconHeader.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\images\stencil.png [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_css\default.css [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_css\openx.css [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actionactionlist.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actionairappexists.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actionairappinstall.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actionairruntimeexists.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actioncheckuninstall.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actiondownload.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actiongccheck.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actiongtbcheck.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actionlaunch.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actionlaunchchrome.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actionlaunchflashplayer.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actionlist.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actionregistrykeypathcheck.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\actionregistryvaluecheck.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\adobe.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\custom-form-elements.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\index.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-cs.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-da.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-de.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-en-gb.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-es.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-fi.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-fr.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-it.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-ja.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-ko.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-nl.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-no.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-pl.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-pt.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-ru.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-sv.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-tr.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-zh-cn.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language-zh-tw.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\language.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\_js\ping.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\bundles.json [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\download.solidconfig [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\downloader.bundle [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\index.html [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\launcher.bundle [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\openx.html [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>adobe\window.config.xml [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>_host\app.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>_host\bundleloader.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>_host\host.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>_host\httpdownload.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>_host\interop.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>_host\jshelper.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>_host\json2.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>_host\skinwindow.js [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>app.config.xml [E] Archive is password protected. (42056)
C:\Users\XXXXX\Downloads\install_reader10_en_air_mssa_aih.exe|>logo.ico [E] Archive is password protected. (42056)
Infected files: 0
Total files: 469868
Total folders: 54264
Total size: 600.2 GB

*
* Scan stopped: Thursday, March 01, 2012 12:20:25 PM
* Run-time was 1 hour(s), 21 minute(s), 29 second(s)
*

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 PM

Posted 02 March 2012 - 02:15 AM

2012/02/28 13:58:37.0696 1656 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29

This is a older version.Download the latest from here

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

Edited by narenxp, 02 March 2012 - 02:19 AM.


#11 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 March 2012 - 02:15 PM

11:12:18.0682 6516 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
11:12:19.0185 6516 ============================================================
11:12:19.0185 6516 Current date / time: 2012/03/02 11:12:19.0185
11:12:19.0185 6516 SystemInfo:
11:12:19.0185 6516
11:12:19.0185 6516 OS Version: 6.1.7601 ServicePack: 1.0
11:12:19.0185 6516 Product type: Workstation
11:12:19.0185 6516 ComputerName: KAMAL-PC
11:12:19.0185 6516 UserName: Kamal
11:12:19.0185 6516 Windows directory: C:\Windows
11:12:19.0185 6516 System windows directory: C:\Windows
11:12:19.0185 6516 Running under WOW64
11:12:19.0185 6516 Processor architecture: Intel x64
11:12:19.0185 6516 Number of processors: 4
11:12:19.0185 6516 Page size: 0x1000
11:12:19.0185 6516 Boot type: Normal boot
11:12:19.0185 6516 ============================================================
11:12:35.0526 6516 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:12:35.0558 6516 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:12:35.0658 6516 \Device\Harddisk0\DR0:
11:12:35.0658 6516 MBR used
11:12:35.0658 6516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
11:12:35.0658 6516 \Device\Harddisk1\DR1:
11:12:35.0669 6516 MBR used
11:12:35.0669 6516 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x85800
11:12:35.0669 6516 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x86000, BlocksNum 0xAEA01800
11:12:35.0782 6516 Initialize success
11:12:35.0782 6516 ============================================================
11:13:04.0382 6340 ============================================================
11:13:04.0382 6340 Scan started
11:13:04.0382 6340 Mode: Manual; TDLFS;
11:13:04.0382 6340 ============================================================
11:13:04.0760 6340 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:13:04.0764 6340 1394ohci - ok
11:13:04.0789 6340 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:13:04.0793 6340 ACPI - ok
11:13:04.0816 6340 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:13:04.0817 6340 AcpiPmi - ok
11:13:04.0861 6340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:13:04.0867 6340 adp94xx - ok
11:13:04.0905 6340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:13:04.0909 6340 adpahci - ok
11:13:04.0934 6340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:13:04.0937 6340 adpu320 - ok
11:13:05.0013 6340 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:13:05.0019 6340 AFD - ok
11:13:05.0045 6340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:13:05.0046 6340 agp440 - ok
11:13:05.0069 6340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:13:05.0070 6340 aliide - ok
11:13:05.0090 6340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:13:05.0092 6340 amdide - ok
11:13:05.0116 6340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:13:05.0118 6340 AmdK8 - ok
11:13:05.0150 6340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:13:05.0152 6340 AmdPPM - ok
11:13:05.0202 6340 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:13:05.0204 6340 amdsata - ok
11:13:05.0223 6340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:13:05.0227 6340 amdsbs - ok
11:13:05.0244 6340 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:13:05.0246 6340 amdxata - ok
11:13:05.0291 6340 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:13:05.0293 6340 AppID - ok
11:13:05.0337 6340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:13:05.0339 6340 arc - ok
11:13:05.0347 6340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:13:05.0349 6340 arcsas - ok
11:13:05.0389 6340 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
11:13:05.0390 6340 aswFsBlk - ok
11:13:05.0404 6340 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
11:13:05.0406 6340 aswMonFlt - ok
11:13:05.0416 6340 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
11:13:05.0418 6340 aswRdr - ok
11:13:05.0478 6340 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
11:13:05.0486 6340 aswSnx - ok
11:13:05.0513 6340 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
11:13:05.0518 6340 aswSP - ok
11:13:05.0541 6340 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
11:13:05.0542 6340 aswTdi - ok
11:13:05.0556 6340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:13:05.0557 6340 AsyncMac - ok
11:13:05.0569 6340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:13:05.0570 6340 atapi - ok
11:13:05.0602 6340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:13:05.0608 6340 b06bdrv - ok
11:13:05.0635 6340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:13:05.0639 6340 b57nd60a - ok
11:13:05.0685 6340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:13:05.0687 6340 Beep - ok
11:13:05.0728 6340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:13:05.0730 6340 blbdrive - ok
11:13:05.0785 6340 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:13:05.0787 6340 bowser - ok
11:13:05.0810 6340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:13:05.0811 6340 BrFiltLo - ok
11:13:05.0831 6340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:13:05.0833 6340 BrFiltUp - ok
11:13:05.0850 6340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:13:05.0855 6340 Brserid - ok
11:13:05.0870 6340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:13:05.0872 6340 BrSerWdm - ok
11:13:05.0889 6340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:13:05.0890 6340 BrUsbMdm - ok
11:13:05.0905 6340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:13:05.0907 6340 BrUsbSer - ok
11:13:05.0922 6340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:13:05.0924 6340 BTHMODEM - ok
11:13:05.0948 6340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:13:05.0950 6340 cdfs - ok
11:13:05.0977 6340 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:13:05.0981 6340 cdrom - ok
11:13:06.0000 6340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:13:06.0001 6340 circlass - ok
11:13:06.0020 6340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:13:06.0025 6340 CLFS - ok
11:13:06.0061 6340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:13:06.0062 6340 CmBatt - ok
11:13:06.0089 6340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:13:06.0090 6340 cmdide - ok
11:13:06.0140 6340 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:13:06.0146 6340 CNG - ok
11:13:06.0165 6340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:13:06.0166 6340 Compbatt - ok
11:13:06.0186 6340 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:13:06.0187 6340 CompositeBus - ok
11:13:06.0206 6340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:13:06.0207 6340 crcdisk - ok
11:13:06.0264 6340 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:13:06.0266 6340 DfsC - ok
11:13:06.0288 6340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:13:06.0289 6340 discache - ok
11:13:06.0311 6340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:13:06.0313 6340 Disk - ok
11:13:06.0342 6340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:13:06.0343 6340 drmkaud - ok
11:13:06.0388 6340 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:13:06.0401 6340 DXGKrnl - ok
11:13:06.0423 6340 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:13:06.0426 6340 E1G60 - ok
11:13:06.0451 6340 EagleX64 - ok
11:13:06.0533 6340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:13:06.0602 6340 ebdrv - ok
11:13:06.0666 6340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:13:06.0673 6340 elxstor - ok
11:13:06.0693 6340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:13:06.0695 6340 ErrDev - ok
11:13:06.0723 6340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:13:06.0727 6340 exfat - ok
11:13:06.0743 6340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:13:06.0746 6340 fastfat - ok
11:13:06.0765 6340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:13:06.0767 6340 fdc - ok
11:13:06.0789 6340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:13:06.0791 6340 FileInfo - ok
11:13:06.0809 6340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:13:06.0810 6340 Filetrace - ok
11:13:06.0827 6340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:13:06.0828 6340 flpydisk - ok
11:13:06.0875 6340 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:13:06.0879 6340 FltMgr - ok
11:13:06.0899 6340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:13:06.0901 6340 FsDepends - ok
11:13:06.0973 6340 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
11:13:06.0975 6340 fssfltr - ok
11:13:06.0997 6340 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:13:06.0998 6340 Fs_Rec - ok
11:13:07.0041 6340 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:13:07.0043 6340 fvevol - ok
11:13:07.0057 6340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:13:07.0059 6340 gagp30kx - ok
11:13:07.0100 6340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:13:07.0102 6340 GEARAspiWDM - ok
11:13:07.0129 6340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:13:07.0131 6340 hcw85cir - ok
11:13:07.0180 6340 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:13:07.0185 6340 HdAudAddService - ok
11:13:07.0209 6340 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:13:07.0212 6340 HDAudBus - ok
11:13:07.0235 6340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:13:07.0236 6340 HidBatt - ok
11:13:07.0259 6340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:13:07.0262 6340 HidBth - ok
11:13:07.0278 6340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:13:07.0279 6340 HidIr - ok
11:13:07.0363 6340 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:13:07.0364 6340 HidUsb - ok
11:13:07.0393 6340 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:13:07.0395 6340 HpSAMD - ok
11:13:07.0430 6340 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:13:07.0440 6340 HTTP - ok
11:13:07.0447 6340 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:13:07.0449 6340 hwpolicy - ok
11:13:07.0482 6340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:13:07.0485 6340 i8042prt - ok
11:13:07.0536 6340 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:13:07.0541 6340 iaStorV - ok
11:13:07.0572 6340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:13:07.0574 6340 iirsp - ok
11:13:07.0598 6340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:13:07.0600 6340 intelide - ok
11:13:07.0612 6340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
11:13:07.0614 6340 intelppm - ok
11:13:07.0649 6340 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:13:07.0651 6340 IpFilterDriver - ok
11:13:07.0686 6340 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:13:07.0688 6340 IPMIDRV - ok
11:13:07.0702 6340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:13:07.0704 6340 IPNAT - ok
11:13:07.0731 6340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:13:07.0733 6340 IRENUM - ok
11:13:07.0754 6340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:13:07.0756 6340 isapnp - ok
11:13:07.0778 6340 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:13:07.0782 6340 iScsiPrt - ok
11:13:07.0802 6340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:13:07.0804 6340 kbdclass - ok
11:13:07.0823 6340 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:13:07.0825 6340 kbdhid - ok
11:13:07.0871 6340 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:13:07.0873 6340 KSecDD - ok
11:13:07.0910 6340 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:13:07.0913 6340 KSecPkg - ok
11:13:07.0932 6340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:13:07.0934 6340 ksthunk - ok
11:13:07.0961 6340 libusb0 - ok
11:13:07.0976 6340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:13:07.0978 6340 lltdio - ok
11:13:08.0008 6340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:13:08.0011 6340 LSI_FC - ok
11:13:08.0033 6340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:13:08.0035 6340 LSI_SAS - ok
11:13:08.0042 6340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:13:08.0044 6340 LSI_SAS2 - ok
11:13:08.0063 6340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:13:08.0066 6340 LSI_SCSI - ok
11:13:08.0086 6340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:13:08.0089 6340 luafv - ok
11:13:08.0105 6340 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:13:08.0106 6340 MBAMProtector - ok
11:13:08.0226 6340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:13:08.0228 6340 megasas - ok
11:13:08.0248 6340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:13:08.0251 6340 MegaSR - ok
11:13:08.0271 6340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:13:08.0273 6340 Modem - ok
11:13:08.0292 6340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:13:08.0294 6340 monitor - ok
11:13:08.0314 6340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:13:08.0316 6340 mouclass - ok
11:13:08.0338 6340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:13:08.0339 6340 mouhid - ok
11:13:08.0365 6340 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:13:08.0367 6340 mountmgr - ok
11:13:08.0389 6340 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:13:08.0392 6340 mpio - ok
11:13:08.0412 6340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:13:08.0415 6340 mpsdrv - ok
11:13:08.0455 6340 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:13:08.0458 6340 MRxDAV - ok
11:13:08.0477 6340 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:13:08.0481 6340 mrxsmb - ok
11:13:08.0524 6340 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:13:08.0529 6340 mrxsmb10 - ok
11:13:08.0544 6340 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:13:08.0547 6340 mrxsmb20 - ok
11:13:08.0565 6340 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:13:08.0567 6340 msahci - ok
11:13:08.0592 6340 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:13:08.0594 6340 msdsm - ok
11:13:08.0657 6340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:13:08.0659 6340 Msfs - ok
11:13:08.0673 6340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:13:08.0675 6340 mshidkmdf - ok
11:13:08.0682 6340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:13:08.0684 6340 msisadrv - ok
11:13:08.0703 6340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:13:08.0705 6340 MSKSSRV - ok
11:13:08.0723 6340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:13:08.0724 6340 MSPCLOCK - ok
11:13:08.0744 6340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:13:08.0746 6340 MSPQM - ok
11:13:08.0795 6340 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:13:08.0801 6340 MsRPC - ok
11:13:08.0822 6340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:13:08.0824 6340 mssmbios - ok
11:13:08.0837 6340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:13:08.0839 6340 MSTEE - ok
11:13:08.0858 6340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:13:08.0859 6340 MTConfig - ok
11:13:08.0880 6340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:13:08.0882 6340 Mup - ok
11:13:08.0912 6340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:13:08.0916 6340 NativeWifiP - ok
11:13:08.0984 6340 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:13:08.0996 6340 NDIS - ok
11:13:09.0017 6340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:13:09.0018 6340 NdisCap - ok
11:13:09.0037 6340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:13:09.0039 6340 NdisTapi - ok
11:13:09.0058 6340 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:13:09.0060 6340 Ndisuio - ok
11:13:09.0080 6340 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:13:09.0083 6340 NdisWan - ok
11:13:09.0124 6340 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:13:09.0125 6340 NDProxy - ok
11:13:09.0145 6340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:13:09.0147 6340 NetBIOS - ok
11:13:09.0176 6340 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:13:09.0180 6340 NetBT - ok
11:13:09.0218 6340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:13:09.0220 6340 nfrd960 - ok
11:13:09.0241 6340 Normandy - ok
11:13:09.0262 6340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:13:09.0264 6340 Npfs - ok
11:13:09.0285 6340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:13:09.0287 6340 nsiproxy - ok
11:13:09.0355 6340 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:13:09.0388 6340 Ntfs - ok
11:13:09.0396 6340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:13:09.0398 6340 Null - ok
11:13:09.0435 6340 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
11:13:09.0440 6340 NVENETFD - ok
11:13:09.0725 6340 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:13:10.0001 6340 nvlddmkm - ok
11:13:10.0049 6340 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:13:10.0053 6340 nvraid - ok
11:13:10.0071 6340 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:13:10.0074 6340 nvstor - ok
11:13:10.0116 6340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:13:10.0119 6340 nv_agp - ok
11:13:10.0147 6340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:13:10.0149 6340 ohci1394 - ok
11:13:10.0205 6340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:13:10.0208 6340 Parport - ok
11:13:10.0220 6340 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:13:10.0222 6340 partmgr - ok
11:13:10.0252 6340 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:13:10.0255 6340 pci - ok
11:13:10.0275 6340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:13:10.0276 6340 pciide - ok
11:13:10.0373 6340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:13:10.0375 6340 pcmcia - ok
11:13:10.0436 6340 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
11:13:10.0438 6340 pcouffin - ok
11:13:10.0454 6340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:13:10.0456 6340 pcw - ok
11:13:10.0483 6340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:13:10.0492 6340 PEAUTH - ok
11:13:10.0578 6340 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:13:10.0581 6340 PptpMiniport - ok
11:13:10.0610 6340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:13:10.0612 6340 Processor - ok
11:13:10.0662 6340 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:13:10.0665 6340 Psched - ok
11:13:10.0705 6340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:13:10.0733 6340 ql2300 - ok
11:13:10.0752 6340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:13:10.0754 6340 ql40xx - ok
11:13:10.0772 6340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:13:10.0774 6340 QWAVEdrv - ok
11:13:10.0793 6340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:13:10.0794 6340 RasAcd - ok
11:13:10.0807 6340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:13:10.0809 6340 RasAgileVpn - ok
11:13:10.0846 6340 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:13:10.0849 6340 Rasl2tp - ok
11:13:10.0874 6340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:13:10.0875 6340 RasPppoe - ok
11:13:10.0893 6340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:13:10.0895 6340 RasSstp - ok
11:13:10.0919 6340 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:13:10.0924 6340 rdbss - ok
11:13:10.0932 6340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:13:10.0934 6340 rdpbus - ok
11:13:10.0948 6340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:13:10.0949 6340 RDPCDD - ok
11:13:10.0961 6340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:13:10.0963 6340 RDPENCDD - ok
11:13:10.0973 6340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:13:10.0974 6340 RDPREFMP - ok
11:13:11.0014 6340 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:13:11.0018 6340 RDPWD - ok
11:13:11.0057 6340 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:13:11.0061 6340 rdyboost - ok
11:13:11.0104 6340 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:13:11.0106 6340 RimUsb - ok
11:13:11.0139 6340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:13:11.0156 6340 rspndr - ok
11:13:11.0302 6340 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:13:11.0303 6340 SASDIFSV - ok
11:13:11.0306 6340 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:13:11.0307 6340 SASKUTIL - ok
11:13:11.0326 6340 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:13:11.0329 6340 sbp2port - ok
11:13:11.0368 6340 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:13:11.0369 6340 scfilter - ok
11:13:11.0413 6340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:13:11.0415 6340 secdrv - ok
11:13:11.0464 6340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:13:11.0466 6340 Serenum - ok
11:13:11.0493 6340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:13:11.0495 6340 Serial - ok
11:13:11.0511 6340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:13:11.0512 6340 sermouse - ok
11:13:11.0543 6340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:13:11.0544 6340 sffdisk - ok
11:13:11.0561 6340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:13:11.0562 6340 sffp_mmc - ok
11:13:11.0578 6340 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:13:11.0580 6340 sffp_sd - ok
11:13:11.0601 6340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:13:11.0603 6340 sfloppy - ok
11:13:11.0624 6340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:13:11.0625 6340 SiSRaid2 - ok
11:13:11.0640 6340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:13:11.0643 6340 SiSRaid4 - ok
11:13:11.0676 6340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:13:11.0678 6340 Smb - ok
11:13:11.0706 6340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:13:11.0708 6340 spldr - ok
11:13:11.0817 6340 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
11:13:11.0817 6340 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
11:13:11.0824 6340 sptd ( LockedFile.Multi.Generic ) - warning
11:13:11.0824 6340 sptd - detected LockedFile.Multi.Generic (1)
11:13:11.0877 6340 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:13:11.0883 6340 srv - ok
11:13:11.0911 6340 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:13:11.0916 6340 srv2 - ok
11:13:11.0947 6340 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:13:11.0951 6340 srvnet - ok
11:13:11.0985 6340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:13:11.0987 6340 stexstor - ok
11:13:12.0034 6340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:13:12.0036 6340 swenum - ok
11:13:12.0121 6340 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:13:12.0165 6340 Tcpip - ok
11:13:12.0197 6340 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:13:12.0208 6340 TCPIP6 - ok
11:13:12.0253 6340 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:13:12.0255 6340 tcpipreg - ok
11:13:12.0270 6340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:13:12.0272 6340 TDPIPE - ok
11:13:12.0282 6340 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:13:12.0284 6340 TDTCP - ok
11:13:12.0323 6340 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:13:12.0326 6340 tdx - ok
11:13:12.0343 6340 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:13:12.0345 6340 TermDD - ok
11:13:12.0391 6340 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:13:12.0393 6340 tssecsrv - ok
11:13:12.0428 6340 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:13:12.0430 6340 TsUsbFlt - ok
11:13:12.0446 6340 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:13:12.0448 6340 TsUsbGD - ok
11:13:12.0479 6340 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:13:12.0482 6340 tunnel - ok
11:13:12.0648 6340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:13:12.0651 6340 uagp35 - ok
11:13:12.0697 6340 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:13:12.0702 6340 udfs - ok
11:13:12.0729 6340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:13:12.0732 6340 uliagpkx - ok
11:13:12.0756 6340 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:13:12.0758 6340 umbus - ok
11:13:12.0778 6340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:13:12.0780 6340 UmPass - ok
11:13:12.0821 6340 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:13:12.0823 6340 USBAAPL64 - ok
11:13:12.0868 6340 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:13:12.0871 6340 usbaudio - ok
11:13:12.0907 6340 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:13:12.0909 6340 usbccgp - ok
11:13:12.0938 6340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:13:12.0940 6340 usbcir - ok
11:13:12.0980 6340 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:13:12.0983 6340 usbehci - ok
11:13:13.0008 6340 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:13:13.0013 6340 usbhub - ok
11:13:13.0040 6340 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:13:13.0041 6340 usbohci - ok
11:13:13.0055 6340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
11:13:13.0056 6340 usbprint - ok
11:13:13.0088 6340 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:13:13.0090 6340 USBSTOR - ok
11:13:13.0103 6340 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:13:13.0105 6340 usbuhci - ok
11:13:13.0123 6340 VBoxGuest (9e1d397be6d94627ac9e59380378cf84) C:\Windows\system32\drivers\VBoxGuest.sys
11:13:13.0126 6340 VBoxGuest - ok
11:13:13.0145 6340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:13:13.0147 6340 vdrvroot - ok
11:13:13.0240 6340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:13:13.0242 6340 vga - ok
11:13:13.0262 6340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:13:13.0264 6340 VgaSave - ok
11:13:13.0288 6340 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:13:13.0291 6340 vhdmp - ok
11:13:13.0330 6340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:13:13.0332 6340 viaide - ok
11:13:13.0339 6340 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:13:13.0342 6340 volmgr - ok
11:13:13.0383 6340 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:13:13.0389 6340 volmgrx - ok
11:13:13.0413 6340 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:13:13.0416 6340 volsnap - ok
11:13:13.0458 6340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:13:13.0460 6340 vsmraid - ok
11:13:13.0515 6340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:13:13.0518 6340 vwifibus - ok
11:13:13.0539 6340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:13:13.0541 6340 WacomPen - ok
11:13:13.0581 6340 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:13:13.0583 6340 WANARP - ok
11:13:13.0587 6340 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:13:13.0589 6340 Wanarpv6 - ok
11:13:13.0625 6340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:13:13.0626 6340 Wd - ok
11:13:13.0665 6340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:13:13.0673 6340 Wdf01000 - ok
11:13:13.0714 6340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:13:13.0715 6340 WfpLwf - ok
11:13:13.0736 6340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:13:13.0738 6340 WIMMount - ok
11:13:13.0816 6340 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:13:13.0818 6340 WinUsb - ok
11:13:13.0875 6340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:13:13.0876 6340 WmiAcpi - ok
11:13:13.0908 6340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:13:13.0910 6340 ws2ifsl - ok
11:13:13.0966 6340 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:13:13.0969 6340 WudfPf - ok
11:13:13.0993 6340 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:13:13.0996 6340 WUDFRd - ok
11:13:14.0020 6340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:13:14.0460 6340 \Device\Harddisk0\DR0 - ok
11:13:14.0485 6340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:13:14.0603 6340 \Device\Harddisk1\DR1 - ok
11:13:14.0607 6340 Boot (0x1200) (de88263300dd91346e7981b87e52c863) \Device\Harddisk0\DR0\Partition0
11:13:14.0608 6340 \Device\Harddisk0\DR0\Partition0 - ok
11:13:14.0613 6340 Boot (0x1200) (054eababf08ead1e649291eb773e766e) \Device\Harddisk1\DR1\Partition0
11:13:14.0614 6340 \Device\Harddisk1\DR1\Partition0 - ok
11:13:14.0645 6340 Boot (0x1200) (da7b8fd90ac9e75f04aed5ec1f326833) \Device\Harddisk1\DR1\Partition1
11:13:14.0647 6340 \Device\Harddisk1\DR1\Partition1 - ok
11:13:14.0647 6340 ============================================================
11:13:14.0647 6340 Scan finished
11:13:14.0647 6340 ============================================================
11:13:14.0658 2188 Detected object count: 1
11:13:14.0658 2188 Actual detected object count: 1
11:13:38.0107 2188 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:13:38.0107 2188 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Will post FIXTDDS in a few

#12 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 March 2012 - 02:24 PM

FIXTDDS says no infections found.

#13 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 March 2012 - 09:16 PM

I just got redirected to yellowbook and gimmeanswers when I did a google search :(

Edited by The Diva, 02 March 2012 - 09:21 PM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 PM

Posted 03 March 2012 - 03:53 AM

Download

http://www.majorgeeks.com/GooredFix_d7057.html

* Ensure all Firefox windows are closed.
* When prompted to run the scan, click Yes.
* Please attach the Goored.txt log to your next reply (it can be found on your desktop).

Let me know if you're still redirected

#15 The Diva

The Diva
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 March 2012 - 04:08 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:05 on 03/03/2012 (xxxxx)
Firefox version 10.0.2 (en-US)

========== GooredScan ==========

Deleting "C:\Users\xxxxx\Application Data\Mozilla\Firefox\Profiles\94fqh79w.default\extensions\{a0591afe-aa3e-4e78-b30e-aa908783cbaa}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:59 14/07/2011]

C:\Users\xxxxx\Application Data\Mozilla\Firefox\Profiles\94fqh79w.default\extensions\
facebook-translate@oliver.schloebe.de [05:38 22/01/2012]
{47b3e982-f1de-487d-8ba1-575edd6b52f2} [06:56 28/07/2011]
{9EB34849-81D3-4841-939D-666D522B889A} [05:10 29/07/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users