Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect Malware


  • Please log in to reply
13 replies to this topic

#1 Lemurtoes

Lemurtoes

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 29 April 2012 - 04:21 PM

Hello,

I am currently experiencing a problem in which the links in Google and Bing search results are redirected to other websites, often first going through an intermediary such as thefindfinder.com or aimsearcher.net. These searches were done on Firefox 13.0 Beta and Internet Explorer. I am currently running on Windows 7.

Interestingly, I also tried the Google-powered search on Toshiba.com and those links did not experience the redirect problem. Also of interest is that the problem appears to be intermittent, in that sometimes links work fine and other times they redirect.

I figured it was a long shot, but I went ahead and checked my Hosts file. Nothing extra was there.

Any assistance is greatly appreciated. I see from searching this forum and elsewhere that this problem is not uncommon, but also that the solutions tend to vary greatly. I figured that it was best that I seek individualized help.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:37 AM

Posted 29 April 2012 - 04:56 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Lemurtoes

Lemurtoes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 29 April 2012 - 07:04 PM

Thanks a lot for your response. Here are the contents of each log:

Security Check

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 31
Out of date Java installed!
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

------------------------------------------------------------------------------------------------------------

Farbar Service Scanner

Farbar Service Scanner Version: 24-04-2012
Ran by Nick (administrator) on 29-04-2012 at 15:25:32
Running from "C:\Users\Nick\Downloads"
Microsoft Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

----------------------------------------------------------------------------------------------------------

MiniToolBox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Nick (administrator) on 29-04-2012 at 15:28:05
Microsoft Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
Cisco Systems VPN Adapter = Local Area Connection 2 (Hardware not present)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="VMware Network Adapter VMnet8" address=192.168.139.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.45.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Nick-NB
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 88-AE-1D-3F-A6-3D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 00-26-4D-BF-75-B4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3424:f26a:e371:a8ed%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, April 29, 2012 3:08:47 PM
Lease Expires . . . . . . . . . . : Monday, April 30, 2012 3:08:46 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 184559181
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-8A-8F-79-00-26-4D-BF-75-B4
DNS Servers . . . . . . . . . . . : 192.168.0.1
205.171.3.25
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::697b:de8:6444:4622%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.45.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 553668694
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-8A-8F-79-00-26-4D-BF-75-B4
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3d82:1b24:92ed:5bfc%21(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.139.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 570445910
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-8A-8F-79-00-26-4D-BF-75-B4
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{0320D036-F770-4774-8008-1304B2B946A0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain.actdsltmp:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E21BFFED-4327-4F5F-8D89-0C8536891091}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{50735EB5-6273-43BE-917B-8A02C1126996}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.224.226
74.125.224.227
74.125.224.228
74.125.224.229
74.125.224.230
74.125.224.231
74.125.224.232
74.125.224.233
74.125.224.238
74.125.224.224
74.125.224.225


Pinging google.com [74.125.224.238] with 32 bytes of data:
Reply from 74.125.224.238: bytes=32 time=38ms TTL=57
Reply from 74.125.224.238: bytes=32 time=38ms TTL=57

Ping statistics for 74.125.224.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 38ms, Average = 38ms
Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=51ms TTL=53
Reply from 72.30.38.140: bytes=32 time=82ms TTL=53

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 82ms, Average = 66ms
Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...88 ae 1d 3f a6 3d ......Realtek PCIe FE Family Controller
10...00 26 4d bf 75 b4 ......Atheros AR9285 Wireless Network Adapter
20...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
21...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.101 281
192.168.0.101 255.255.255.255 On-link 192.168.0.101 281
192.168.0.255 255.255.255.255 On-link 192.168.0.101 281
192.168.45.0 255.255.255.0 On-link 192.168.45.1 276
192.168.45.1 255.255.255.255 On-link 192.168.45.1 276
192.168.45.255 255.255.255.255 On-link 192.168.45.1 276
192.168.139.0 255.255.255.0 On-link 192.168.139.1 276
192.168.139.1 255.255.255.255 On-link 192.168.139.1 276
192.168.139.255 255.255.255.255 On-link 192.168.139.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.45.1 276
224.0.0.0 240.0.0.0 On-link 192.168.139.1 276
224.0.0.0 240.0.0.0 On-link 192.168.0.101 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.45.1 276
255.255.255.255 255.255.255.255 On-link 192.168.139.1 276
255.255.255.255 255.255.255.255 On-link 192.168.0.101 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
20 276 fe80::/64 On-link
21 276 fe80::/64 On-link
10 281 fe80::/64 On-link
10 281 fe80::3424:f26a:e371:a8ed/128
On-link
21 276 fe80::3d82:1b24:92ed:5bfc/128
On-link
20 276 fe80::697b:de8:6444:4622/128
On-link
1 306 ff00::/8 On-link
20 276 ff00::/8 On-link
21 276 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Program Files\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.)
Catalog9 12 C:\Program Files\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/29/2012 03:12:44 PM) (Source: Application Hang) (User: )
Description: The program msnmsgr.exe version 14.0.8089.726 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 97c

Start Time: 01cd2654dd3f1894

Termination Time: 141

Application Path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe

Report Id: 3c4ee630-9248-11e1-b73f-005056c00008

Error: (04/29/2012 11:30:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (04/29/2012 11:28:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".Error in manifest or policy file "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"2" on line Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/29/2012 11:28:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/29/2012 11:22:50 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (04/29/2012 08:54:15 AM) (Source: Bonjour Service) (User: )
Description: 472: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (04/29/2012 08:54:15 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/28/2012 11:57:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7800

Error: (04/28/2012 11:57:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7800

Error: (04/28/2012 11:57:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/29/2012 03:09:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/29/2012 03:08:38 PM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0xd25a18fb, 0x00000002, 0x00000000, 0x874561a8)C:\windows\MEMORY.DMP

Error: (04/29/2012 03:08:38 PM) (Source: BugCheck) (User: )
Description:

Error: (04/29/2012 03:08:36 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:03:50 PM on ?4/?29/?2012 was unexpected.

Error: (04/29/2012 08:54:10 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/29/2012 08:38:21 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (04/28/2012 07:41:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (04/28/2012 07:41:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Error: (04/28/2012 04:34:34 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (04/28/2012 02:35:54 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.


Microsoft Office Sessions:
=========================
Error: (12/26/2010 05:23:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 114459 seconds with 480 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Reader 9.5.0 (Version: 9.5.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.2)
Best Buy Software Installer (Version: 2.3.0.1)
Bonjour (Version: 3.0.0.10)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Congress Forever 2010 - v. 1.2.8 - Demo
EditiX-XML Editor2012 2012 (Version: 2012)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2117)
Intel® Matrix Storage Manager
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Jing (Version: 2.6.12032.1)
Junk Mail filter update (Version: 14.0.8089.726)
Last.fm 1.5.4.27091
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox (3.6.22) (Version: 3.6.22 (en-US))
Mozilla Firefox 13.0 (x86 en-US) (Version: 13.0)
Mozilla Maintenance Service (Version: 13.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MultiTes Pro
Norton Internet Security (Version: 17.9.0.12)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
Origin (Version: 8.3.7.3619)
Oxygen XML Editor 13.1 (Version: 13.1)
Protege 4.2 beta (Version: 1.0.0.0)
PuTTY version 0.60 (Version: 0.60)
QuickTime (Version: 7.71.80.42)
Qwest Installer (Version: 1.0)
Qwest QuickAssist Desktop Tools (Version: 23)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6088)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30116)
RealUpgrade 1.1 (Version: 1.1.0)
SimCity 4 Deluxe
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
SPORE™ (Version: 1.05.0001)
Spotify (Version: 0.8.2.610.g090a06f8)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
The Sims Medieval (Version: 2.0.113)
The Sims™ 3 (Version: 1.22.9)
The Sims™ Life Stories
TightVNC 2.0.2 (Version: 2.0.2)
tools-freebsd (Version: 8.4.5.14951)
tools-linux (Version: 8.4.5.14951)
tools-netware (Version: 8.4.5.14951)
tools-solaris (Version: 8.4.5.14951)
tools-windows (Version: 8.4.5.14951)
tools-winPre2k (Version: 8.4.5.14951)
TOSHIBA Application and Driver Installer (Version: 9.0.1.2)
TOSHIBA Assist (Version: 2.01.12)
TOSHIBA Bulletin Board (Version: 1.6.07.32)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.5C)
TOSHIBA Hardware Setup (Version: 1.63.1.19C)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.6)
TOSHIBA Media Controller (Version: 1.0.80.5)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4)
TOSHIBA ReelTime (Version: 1.6.06.32)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Supervisor Password (Version: 1.63.0.9C)
TOSHIBA Value Added Package (Version: 1.3.6)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
ToshibaRegistration (Version: 1.0.4)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 1.0.52.1C)
VMware Workstation (Version: 7.1.3.14951)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinSCP 4.2.9 (Version: 4.2.9)

========================= Devices: ================================

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 2037.42 MB
Available physical RAM: 1027.54 MB
Total Pagefile: 4074.84 MB
Available Pagefile: 3006.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.75 MB

========================= Partitions: =====================================

1 Drive c: (TI105860W0E) (Fixed) (Total:223.61 GB) (Free:152.56 GB) NTFS

========================= Users: ========================================

User accounts for \\NICK-NB

__vmware_user__ Administrator Guest
Nick


**** End of log ****

--------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.29.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Nick :: NICK-NB [administrator]

4/29/2012 3:40:07 PM
mbam-log-2012-04-29 (15-40-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193875
Time elapsed: 21 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------------------------------------------------------------------------------------------------

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 16:16:45
-----------------------------
16:16:45.622 OS Version: Windows 6.1.7601 Service Pack 1
16:16:45.622 Number of processors: 2 586 0x1C0A
16:16:45.637 ComputerName: NICK-NB UserName: Nick
16:16:47.588 Initialize success
16:19:43.645 AVAST engine defs: 12042901
16:19:57.951 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:19:57.951 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 238475MB BusType: 3
16:19:57.982 Disk 0 MBR read successfully
16:19:58.013 Disk 0 MBR scan
16:19:58.091 Disk 0 Windows VISTA default MBR code
16:19:58.122 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:19:58.247 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228974 MB offset 3074048
16:19:58.309 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8000 MB offset 472012800
16:19:58.434 Disk 0 scanning sectors +488396800
16:19:58.840 Disk 0 scanning C:\windows\system32\drivers
16:20:23.178 Service scanning
16:21:30.900 Service Wdf01000 C:\windows\system32\drivers\Wdf01000.sys **LOCKED** 32
16:21:37.280 Modules scanning
16:22:09.369 Disk 0 trace - called modules:
16:22:09.432 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys >>UNKNOWN [0x87167049]<<
16:22:09.447 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8598f5e0]
16:22:09.478 3 CLASSPNP.SYS[8877c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84f21028]
16:22:10.461 AVAST engine scan C:\windows
16:22:14.018 AVAST engine scan C:\windows\system32
16:28:54.616 AVAST engine scan C:\windows\system32\drivers
16:29:24.479 AVAST engine scan C:\Users\Nick
16:47:39.965 AVAST engine scan C:\ProgramData
16:49:07.565 Scan finished successfully
16:56:17.268 Disk 0 MBR has been saved successfully to "C:\Users\Nick\Desktop\Bleeping Computer\MBR.dat"
16:56:17.299 The log file has been saved successfully to "C:\Users\Nick\Desktop\Bleeping Computer\aswMBR.txt"

------------------------------------------------------------------------------------------------------------

Thanks again!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:37 AM

Posted 29 April 2012 - 07:34 PM

I don't see anything malicious.
Which browser is getting redirected?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Lemurtoes

Lemurtoes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 29 April 2012 - 07:58 PM

It is happening on both FireFox Beta 13.0 and IE 9. I just tested both again on a different WiFi network and it's still happening.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:37 AM

Posted 29 April 2012 - 08:02 PM

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

===================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Lemurtoes

Lemurtoes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 29 April 2012 - 10:28 PM

Something interesting happened when I ran GMER. The first two times that I tried it, the program crashed while examining the file \Device\Harddisk\VolumeShadowCopy1.

Posted Image

I believe that I had everything disabled or turned off that needed to be disabled or turned off.

I did get the process to work on SafeMode, so that is the source of the log that I'm posting.

----------------------------------------------------------------------------------------------------------

Bootkit Remover

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Starter Edition Service Pack 1 (build 7601), 32-
bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

-------------------------------------------------------------------------------------------------------------

GMER (in Safe Mode)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-29 19:31:20
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GJ00
Running: hn1tngko.exe; Driver: C:\Users\Nick\AppData\Local\Temp\kxddqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 81C5D359 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C96D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text iaStor.sys 8825B988 1 Byte [CC] {INT 3 }

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000063 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:584] 85D5F39F
Thread System [4:944] 862E30F4

---- EOF - GMER 1.0.15 ----

---------------------------------------------------------------------------------------------------------

Thank you!

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:37 AM

Posted 29 April 2012 - 11:09 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Lemurtoes

Lemurtoes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 30 April 2012 - 12:12 AM

TDSSKiller

21:49:53.0849 5004 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:49:54.0520 5004 ============================================================
21:49:54.0520 5004 Current date / time: 2012/04/29 21:49:54.0520
21:49:54.0520 5004 SystemInfo:
21:49:54.0520 5004
21:49:54.0520 5004 OS Version: 6.1.7601 ServicePack: 1.0
21:49:54.0520 5004 Product type: Workstation
21:49:54.0520 5004 ComputerName: NICK-NB
21:49:54.0520 5004 UserName: Nick
21:49:54.0520 5004 Windows directory: C:\windows
21:49:54.0520 5004 System windows directory: C:\windows
21:49:54.0520 5004 Processor architecture: Intel x86
21:49:54.0520 5004 Number of processors: 2
21:49:54.0520 5004 Page size: 0x1000
21:49:54.0520 5004 Boot type: Normal boot
21:49:54.0520 5004 ============================================================
21:49:55.0596 5004 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:49:55.0596 5004 ============================================================
21:49:55.0596 5004 \Device\Harddisk0\DR0:
21:49:55.0596 5004 MBR partitions:
21:49:55.0596 5004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BF37000
21:49:55.0596 5004 ============================================================
21:49:55.0628 5004 C: <-> \Device\Harddisk0\DR0\Partition0
21:49:55.0628 5004 ============================================================
21:49:55.0628 5004 Initialize success
21:49:55.0628 5004 ============================================================
21:49:57.0078 5356 ============================================================
21:49:57.0078 5356 Scan started
21:49:57.0078 5356 Mode: Manual;
21:49:57.0078 5356 ============================================================
21:49:57.0890 5356 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
21:49:57.0905 5356 1394ohci - ok
21:49:58.0092 5356 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
21:49:58.0108 5356 ACPI - ok
21:49:58.0170 5356 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
21:49:58.0170 5356 AcpiPmi - ok
21:49:58.0311 5356 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:49:58.0311 5356 adp94xx - ok
21:49:58.0358 5356 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:49:58.0358 5356 adpahci - ok
21:49:58.0404 5356 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:49:58.0404 5356 adpu320 - ok
21:49:58.0451 5356 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
21:49:58.0451 5356 AeLookupSvc - ok
21:49:58.0514 5356 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
21:49:58.0529 5356 AFD - ok
21:49:58.0560 5356 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
21:49:58.0576 5356 agp440 - ok
21:49:58.0607 5356 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:49:58.0623 5356 aic78xx - ok
21:49:58.0654 5356 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
21:49:58.0670 5356 ALG - ok
21:49:58.0732 5356 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
21:49:58.0732 5356 aliide - ok
21:49:58.0763 5356 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
21:49:58.0779 5356 amdagp - ok
21:49:58.0826 5356 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
21:49:58.0826 5356 amdide - ok
21:49:58.0888 5356 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:49:58.0888 5356 AmdK8 - ok
21:49:58.0904 5356 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:49:58.0904 5356 AmdPPM - ok
21:49:58.0950 5356 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
21:49:58.0966 5356 amdsata - ok
21:49:58.0997 5356 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:49:59.0013 5356 amdsbs - ok
21:49:59.0060 5356 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
21:49:59.0060 5356 amdxata - ok
21:49:59.0106 5356 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
21:49:59.0106 5356 AppID - ok
21:49:59.0153 5356 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
21:49:59.0169 5356 AppIDSvc - ok
21:49:59.0231 5356 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
21:49:59.0231 5356 Appinfo - ok
21:49:59.0356 5356 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:49:59.0372 5356 Apple Mobile Device - ok
21:49:59.0403 5356 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:49:59.0418 5356 arc - ok
21:49:59.0450 5356 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:49:59.0450 5356 arcsas - ok
21:49:59.0574 5356 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:49:59.0574 5356 aspnet_state - ok
21:49:59.0637 5356 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:49:59.0637 5356 AsyncMac - ok
21:49:59.0684 5356 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
21:49:59.0699 5356 atapi - ok
21:49:59.0808 5356 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys
21:49:59.0840 5356 athr - ok
21:49:59.0902 5356 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:49:59.0918 5356 AudioEndpointBuilder - ok
21:49:59.0933 5356 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:49:59.0949 5356 Audiosrv - ok
21:49:59.0996 5356 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
21:50:00.0011 5356 AxInstSV - ok
21:50:00.0089 5356 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:50:00.0089 5356 b06bdrv - ok
21:50:00.0120 5356 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
21:50:00.0136 5356 b57nd60x - ok
21:50:00.0184 5356 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
21:50:00.0199 5356 BDESVC - ok
21:50:00.0231 5356 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:50:00.0231 5356 Beep - ok
21:50:00.0324 5356 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
21:50:00.0340 5356 BFE - ok
21:50:00.0511 5356 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
21:50:00.0527 5356 BHDrvx86 - ok
21:50:00.0589 5356 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
21:50:00.0605 5356 BITS - ok
21:50:00.0683 5356 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:50:00.0683 5356 blbdrive - ok
21:50:00.0839 5356 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:50:00.0839 5356 Bonjour Service - ok
21:50:00.0901 5356 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
21:50:00.0901 5356 bowser - ok
21:50:00.0948 5356 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:50:00.0948 5356 BrFiltLo - ok
21:50:00.0979 5356 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:50:00.0979 5356 BrFiltUp - ok
21:50:01.0042 5356 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
21:50:01.0057 5356 Browser - ok
21:50:01.0104 5356 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:50:01.0120 5356 Brserid - ok
21:50:01.0135 5356 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:50:01.0151 5356 BrSerWdm - ok
21:50:01.0182 5356 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:50:01.0198 5356 BrUsbMdm - ok
21:50:01.0213 5356 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:50:01.0213 5356 BrUsbSer - ok
21:50:01.0229 5356 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:50:01.0229 5356 BTHMODEM - ok
21:50:01.0307 5356 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
21:50:01.0307 5356 bthserv - ok
21:50:01.0401 5356 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys
21:50:01.0416 5356 ccHP - ok
21:50:01.0447 5356 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:50:01.0463 5356 cdfs - ok
21:50:01.0525 5356 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
21:50:01.0525 5356 cdrom - ok
21:50:01.0572 5356 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:50:01.0572 5356 CertPropSvc - ok
21:50:01.0619 5356 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:50:01.0635 5356 circlass - ok
21:50:01.0681 5356 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:50:01.0697 5356 CLFS - ok
21:50:01.0791 5356 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:01.0791 5356 clr_optimization_v2.0.50727_32 - ok
21:50:01.0900 5356 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:50:01.0978 5356 clr_optimization_v4.0.30319_32 - ok
21:50:02.0025 5356 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:50:02.0025 5356 CmBatt - ok
21:50:02.0071 5356 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
21:50:02.0071 5356 cmdide - ok
21:50:02.0134 5356 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
21:50:02.0134 5356 CNG - ok
21:50:02.0181 5356 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:50:02.0181 5356 Compbatt - ok
21:50:02.0243 5356 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
21:50:02.0243 5356 CompositeBus - ok
21:50:02.0259 5356 COMSysApp - ok
21:50:02.0321 5356 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:50:02.0321 5356 crcdisk - ok
21:50:02.0399 5356 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
21:50:02.0399 5356 CryptSvc - ok
21:50:02.0446 5356 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys
21:50:02.0461 5356 CVirtA - ok
21:50:02.0649 5356 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:50:02.0680 5356 CVPND - ok
21:50:02.0805 5356 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\windows\system32\Drivers\CVPNDRVA.sys
21:50:02.0820 5356 CVPNDRVA - ok
21:50:02.0883 5356 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:50:02.0898 5356 DcomLaunch - ok
21:50:02.0945 5356 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
21:50:02.0961 5356 defragsvc - ok
21:50:03.0007 5356 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
21:50:03.0023 5356 DfsC - ok
21:50:03.0085 5356 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
21:50:03.0085 5356 Dhcp - ok
21:50:03.0132 5356 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:50:03.0132 5356 discache - ok
21:50:03.0179 5356 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:50:03.0195 5356 Disk - ok
21:50:03.0273 5356 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\windows\system32\DRIVERS\dne2000.sys
21:50:03.0273 5356 DNE - ok
21:50:03.0351 5356 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
21:50:03.0366 5356 Dnscache - ok
21:50:03.0413 5356 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
21:50:03.0429 5356 dot3svc - ok
21:50:03.0475 5356 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
21:50:03.0491 5356 DPS - ok
21:50:03.0553 5356 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:50:03.0553 5356 drmkaud - ok
21:50:03.0647 5356 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
21:50:03.0663 5356 DXGKrnl - ok
21:50:03.0709 5356 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
21:50:03.0709 5356 EapHost - ok
21:50:03.0943 5356 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:50:04.0037 5356 ebdrv - ok
21:50:04.0162 5356 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:50:04.0162 5356 eeCtrl - ok
21:50:04.0272 5356 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
21:50:04.0288 5356 EFS - ok
21:50:04.0381 5356 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:50:04.0381 5356 elxstor - ok
21:50:04.0444 5356 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:50:04.0444 5356 EraserUtilRebootDrv - ok
21:50:04.0506 5356 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
21:50:04.0506 5356 ErrDev - ok
21:50:04.0615 5356 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
21:50:04.0615 5356 EventSystem - ok
21:50:04.0662 5356 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:50:04.0662 5356 exfat - ok
21:50:04.0693 5356 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:50:04.0709 5356 fastfat - ok
21:50:04.0771 5356 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
21:50:04.0787 5356 Fax - ok
21:50:04.0834 5356 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:50:04.0834 5356 fdc - ok
21:50:04.0880 5356 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
21:50:04.0880 5356 fdPHost - ok
21:50:04.0912 5356 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
21:50:04.0912 5356 FDResPub - ok
21:50:04.0943 5356 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:50:04.0943 5356 FileInfo - ok
21:50:04.0974 5356 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:50:04.0974 5356 Filetrace - ok
21:50:05.0005 5356 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:50:05.0005 5356 flpydisk - ok
21:50:05.0036 5356 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:50:05.0036 5356 FltMgr - ok
21:50:05.0146 5356 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
21:50:05.0161 5356 FontCache - ok
21:50:05.0240 5356 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:50:05.0240 5356 FontCache3.0.0.0 - ok
21:50:05.0287 5356 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:50:05.0303 5356 FsDepends - ok
21:50:05.0334 5356 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
21:50:05.0349 5356 Fs_Rec - ok
21:50:05.0412 5356 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
21:50:05.0412 5356 fvevol - ok
21:50:05.0474 5356 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:50:05.0474 5356 gagp30kx - ok
21:50:05.0537 5356 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:50:05.0537 5356 GEARAspiWDM - ok
21:50:05.0615 5356 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
21:50:05.0630 5356 gpsvc - ok
21:50:05.0693 5356 hcmon (9f40fc2a562dc9f4d9e10943586d9ed1) C:\windows\system32\drivers\hcmon.sys
21:50:05.0708 5356 hcmon - ok
21:50:05.0755 5356 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:50:05.0755 5356 hcw85cir - ok
21:50:05.0849 5356 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
21:50:05.0849 5356 HdAudAddService - ok
21:50:05.0895 5356 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
21:50:05.0895 5356 HDAudBus - ok
21:50:05.0942 5356 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:50:05.0942 5356 HidBatt - ok
21:50:05.0973 5356 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:50:05.0973 5356 HidBth - ok
21:50:06.0005 5356 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:50:06.0020 5356 HidIr - ok
21:50:06.0051 5356 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
21:50:06.0051 5356 hidserv - ok
21:50:06.0114 5356 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
21:50:06.0114 5356 HidUsb - ok
21:50:06.0161 5356 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
21:50:06.0176 5356 hkmsvc - ok
21:50:06.0207 5356 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
21:50:06.0207 5356 HomeGroupListener - ok
21:50:06.0254 5356 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
21:50:06.0270 5356 HomeGroupProvider - ok
21:50:06.0317 5356 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
21:50:06.0317 5356 HpSAMD - ok
21:50:06.0410 5356 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
21:50:06.0426 5356 HTTP - ok
21:50:06.0441 5356 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
21:50:06.0441 5356 hwpolicy - ok
21:50:06.0504 5356 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
21:50:06.0504 5356 i8042prt - ok
21:50:06.0566 5356 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
21:50:06.0566 5356 iaStor - ok
21:50:06.0644 5356 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
21:50:06.0660 5356 iaStorV - ok
21:50:06.0769 5356 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:50:06.0816 5356 idsvc - ok
21:50:06.0956 5356 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101012.001\IDSvix86.sys
21:50:06.0972 5356 IDSVix86 - ok
21:50:07.0315 5356 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
21:50:07.0471 5356 igfx - ok
21:50:07.0580 5356 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:50:07.0580 5356 iirsp - ok
21:50:07.0674 5356 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
21:50:07.0689 5356 IKEEXT - ok
21:50:07.0892 5356 IntcAzAudAddService (c4b1d45fe135286155b9e6aa0db4e4d3) C:\windows\system32\drivers\RTKVHDA.sys
21:50:07.0970 5356 IntcAzAudAddService - ok
21:50:08.0095 5356 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
21:50:08.0111 5356 intelide - ok
21:50:08.0173 5356 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:50:08.0173 5356 intelppm - ok
21:50:08.0220 5356 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
21:50:08.0235 5356 IPBusEnum - ok
21:50:08.0251 5356 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:50:08.0267 5356 IpFilterDriver - ok
21:50:08.0329 5356 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
21:50:08.0345 5356 iphlpsvc - ok
21:50:08.0407 5356 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
21:50:08.0407 5356 IPMIDRV - ok
21:50:08.0469 5356 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:50:08.0469 5356 IPNAT - ok
21:50:08.0610 5356 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:50:08.0625 5356 iPod Service - ok
21:50:08.0657 5356 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:50:08.0657 5356 IRENUM - ok
21:50:08.0703 5356 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
21:50:08.0703 5356 isapnp - ok
21:50:08.0766 5356 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
21:50:08.0766 5356 iScsiPrt - ok
21:50:08.0828 5356 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
21:50:08.0828 5356 kbdclass - ok
21:50:08.0875 5356 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
21:50:08.0891 5356 kbdhid - ok
21:50:08.0922 5356 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:50:08.0922 5356 KeyIso - ok
21:50:08.0969 5356 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
21:50:08.0969 5356 KSecDD - ok
21:50:09.0031 5356 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
21:50:09.0031 5356 KSecPkg - ok
21:50:09.0078 5356 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
21:50:09.0078 5356 KtmRm - ok
21:50:09.0140 5356 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
21:50:09.0156 5356 LanmanServer - ok
21:50:09.0203 5356 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
21:50:09.0218 5356 LanmanWorkstation - ok
21:50:09.0281 5356 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:50:09.0281 5356 lltdio - ok
21:50:09.0327 5356 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
21:50:09.0343 5356 lltdsvc - ok
21:50:09.0374 5356 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
21:50:09.0374 5356 lmhosts - ok
21:50:09.0421 5356 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys
21:50:09.0421 5356 LPCFilter - ok
21:50:09.0468 5356 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:50:09.0468 5356 LSI_FC - ok
21:50:09.0499 5356 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:50:09.0499 5356 LSI_SAS - ok
21:50:09.0515 5356 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:50:09.0515 5356 LSI_SAS2 - ok
21:50:09.0546 5356 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:50:09.0546 5356 LSI_SCSI - ok
21:50:09.0593 5356 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:50:09.0593 5356 luafv - ok
21:50:09.0624 5356 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:50:09.0624 5356 megasas - ok
21:50:09.0655 5356 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:50:09.0671 5356 MegaSR - ok
21:50:09.0717 5356 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:50:09.0717 5356 MMCSS - ok
21:50:09.0749 5356 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:50:09.0749 5356 Modem - ok
21:50:09.0795 5356 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:50:09.0795 5356 monitor - ok
21:50:09.0842 5356 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
21:50:09.0842 5356 mouclass - ok
21:50:09.0889 5356 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:50:09.0889 5356 mouhid - ok
21:50:09.0936 5356 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
21:50:09.0936 5356 mountmgr - ok
21:50:10.0045 5356 MozillaMaintenance (faf39f88ec64160d901848ea08cf6eb1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:50:10.0045 5356 MozillaMaintenance - ok
21:50:10.0092 5356 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
21:50:10.0092 5356 mpio - ok
21:50:10.0123 5356 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:50:10.0139 5356 mpsdrv - ok
21:50:10.0201 5356 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
21:50:10.0217 5356 MpsSvc - ok
21:50:10.0279 5356 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
21:50:10.0279 5356 MRxDAV - ok
21:50:10.0341 5356 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
21:50:10.0341 5356 mrxsmb - ok
21:50:10.0404 5356 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:50:10.0404 5356 mrxsmb10 - ok
21:50:10.0466 5356 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:50:10.0466 5356 mrxsmb20 - ok
21:50:10.0513 5356 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
21:50:10.0513 5356 msahci - ok
21:50:10.0575 5356 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
21:50:10.0575 5356 msdsm - ok
21:50:10.0622 5356 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
21:50:10.0638 5356 MSDTC - ok
21:50:10.0716 5356 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:50:10.0716 5356 Msfs - ok
21:50:10.0747 5356 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:50:10.0747 5356 mshidkmdf - ok
21:50:10.0794 5356 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
21:50:10.0794 5356 msisadrv - ok
21:50:10.0841 5356 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
21:50:10.0856 5356 MSiSCSI - ok
21:50:10.0856 5356 msiserver - ok
21:50:10.0903 5356 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:50:10.0919 5356 MSKSSRV - ok
21:50:10.0934 5356 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:50:10.0934 5356 MSPCLOCK - ok
21:50:10.0981 5356 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:50:10.0981 5356 MSPQM - ok
21:50:11.0043 5356 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:50:11.0043 5356 MsRPC - ok
21:50:11.0106 5356 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
21:50:11.0106 5356 mssmbios - ok
21:50:11.0153 5356 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:50:11.0153 5356 MSTEE - ok
21:50:11.0168 5356 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:50:11.0184 5356 MTConfig - ok
21:50:11.0231 5356 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:50:11.0231 5356 Mup - ok
21:50:11.0277 5356 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
21:50:11.0293 5356 napagent - ok
21:50:11.0355 5356 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:50:11.0355 5356 NativeWifiP - ok
21:50:11.0496 5356 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101014.040\NAVENG.SYS
21:50:11.0511 5356 NAVENG - ok
21:50:11.0621 5356 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101014.040\NAVEX15.SYS
21:50:11.0652 5356 NAVEX15 - ok
21:50:11.0808 5356 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
21:50:11.0823 5356 NDIS - ok
21:50:11.0870 5356 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:50:11.0870 5356 NdisCap - ok
21:50:11.0917 5356 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:50:11.0917 5356 NdisTapi - ok
21:50:11.0964 5356 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
21:50:11.0964 5356 Ndisuio - ok
21:50:12.0011 5356 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
21:50:12.0026 5356 NdisWan - ok
21:50:12.0057 5356 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
21:50:12.0057 5356 NDProxy - ok
21:50:12.0104 5356 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:50:12.0120 5356 NetBIOS - ok
21:50:12.0151 5356 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
21:50:12.0167 5356 NetBT - ok
21:50:12.0198 5356 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:50:12.0213 5356 Netlogon - ok
21:50:12.0260 5356 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
21:50:12.0276 5356 Netman - ok
21:50:12.0369 5356 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:50:12.0385 5356 NetMsmqActivator - ok
21:50:12.0416 5356 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:50:12.0416 5356 NetPipeActivator - ok
21:50:12.0494 5356 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
21:50:12.0510 5356 netprofm - ok
21:50:12.0525 5356 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:50:12.0525 5356 NetTcpActivator - ok
21:50:12.0541 5356 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:50:12.0541 5356 NetTcpPortSharing - ok
21:50:12.0588 5356 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:50:12.0588 5356 nfrd960 - ok
21:50:12.0713 5356 NIS (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
21:50:12.0728 5356 NIS - ok
21:50:12.0791 5356 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
21:50:12.0806 5356 NlaSvc - ok
21:50:12.0853 5356 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:50:12.0853 5356 Npfs - ok
21:50:12.0900 5356 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
21:50:12.0900 5356 nsi - ok
21:50:12.0931 5356 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:50:12.0931 5356 nsiproxy - ok
21:50:13.0025 5356 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
21:50:13.0056 5356 Ntfs - ok
21:50:13.0103 5356 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:50:13.0103 5356 Null - ok
21:50:13.0149 5356 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
21:50:13.0149 5356 nvraid - ok
21:50:13.0181 5356 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
21:50:13.0181 5356 nvstor - ok
21:50:13.0259 5356 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
21:50:13.0259 5356 nv_agp - ok
21:50:13.0399 5356 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:50:13.0399 5356 odserv - ok
21:50:13.0477 5356 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
21:50:13.0477 5356 ohci1394 - ok
21:50:13.0524 5356 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:50:13.0539 5356 ose - ok
21:50:13.0586 5356 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:50:13.0602 5356 p2pimsvc - ok
21:50:13.0680 5356 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
21:50:13.0695 5356 p2psvc - ok
21:50:13.0742 5356 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:50:13.0742 5356 Parport - ok
21:50:13.0789 5356 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
21:50:13.0805 5356 partmgr - ok
21:50:13.0836 5356 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:50:13.0836 5356 Parvdm - ok
21:50:13.0883 5356 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
21:50:13.0898 5356 PcaSvc - ok
21:50:13.0945 5356 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
21:50:13.0945 5356 pci - ok
21:50:13.0961 5356 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
21:50:13.0976 5356 pciide - ok
21:50:14.0023 5356 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:50:14.0023 5356 pcmcia - ok
21:50:14.0054 5356 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:50:14.0054 5356 pcw - ok
21:50:14.0132 5356 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:50:14.0148 5356 PEAUTH - ok
21:50:14.0226 5356 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
21:50:14.0226 5356 PGEffect - ok
21:50:14.0352 5356 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
21:50:14.0383 5356 pla - ok
21:50:14.0554 5356 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
21:50:14.0570 5356 PlugPlay - ok
21:50:14.0617 5356 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
21:50:14.0617 5356 PNRPAutoReg - ok
21:50:14.0664 5356 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:50:14.0679 5356 PNRPsvc - ok
21:50:14.0742 5356 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
21:50:14.0742 5356 PolicyAgent - ok
21:50:14.0788 5356 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
21:50:14.0804 5356 Power - ok
21:50:14.0866 5356 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:50:14.0882 5356 PptpMiniport - ok
21:50:14.0913 5356 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:50:14.0913 5356 Processor - ok
21:50:14.0991 5356 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
21:50:14.0991 5356 ProfSvc - ok
21:50:15.0038 5356 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:50:15.0054 5356 ProtectedStorage - ok
21:50:15.0100 5356 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:50:15.0116 5356 Psched - ok
21:50:15.0210 5356 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:50:15.0241 5356 ql2300 - ok
21:50:15.0351 5356 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:50:15.0367 5356 ql40xx - ok
21:50:15.0398 5356 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
21:50:15.0413 5356 QWAVE - ok
21:50:15.0429 5356 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:50:15.0445 5356 QWAVEdrv - ok
21:50:15.0460 5356 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:50:15.0460 5356 RasAcd - ok
21:50:15.0523 5356 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:50:15.0523 5356 RasAgileVpn - ok
21:50:15.0569 5356 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
21:50:15.0585 5356 RasAuto - ok
21:50:15.0632 5356 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:50:15.0632 5356 Rasl2tp - ok
21:50:15.0710 5356 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
21:50:15.0725 5356 RasMan - ok
21:50:15.0757 5356 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:50:15.0757 5356 RasPppoe - ok
21:50:15.0788 5356 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:50:15.0803 5356 RasSstp - ok
21:50:15.0866 5356 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
21:50:15.0866 5356 rdbss - ok
21:50:15.0913 5356 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:50:15.0913 5356 rdpbus - ok
21:50:15.0944 5356 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
21:50:15.0959 5356 RDPCDD - ok
21:50:16.0006 5356 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:50:16.0006 5356 RDPENCDD - ok
21:50:16.0037 5356 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:50:16.0037 5356 RDPREFMP - ok
21:50:16.0084 5356 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
21:50:16.0084 5356 RDPWD - ok
21:50:16.0147 5356 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
21:50:16.0147 5356 rdyboost - ok
21:50:16.0193 5356 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
21:50:16.0193 5356 RemoteAccess - ok
21:50:16.0240 5356 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
21:50:16.0256 5356 RemoteRegistry - ok
21:50:16.0287 5356 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
21:50:16.0303 5356 RpcEptMapper - ok
21:50:16.0334 5356 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
21:50:16.0334 5356 RpcLocator - ok
21:50:16.0396 5356 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:50:16.0412 5356 RpcSs - ok
21:50:16.0459 5356 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:50:16.0459 5356 rspndr - ok
21:50:16.0521 5356 RSUSBSTOR (5bef0fd9b6e57bbc6f7920e3118ae108) C:\windows\system32\Drivers\RtsUStor.sys
21:50:16.0537 5356 RSUSBSTOR - ok
21:50:16.0568 5356 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\windows\system32\DRIVERS\Rt86win7.sys
21:50:16.0583 5356 RTL8167 - ok
21:50:16.0630 5356 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:50:16.0630 5356 SamSs - ok
21:50:16.0693 5356 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
21:50:16.0708 5356 sbp2port - ok
21:50:16.0833 5356 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
21:50:16.0864 5356 SBSDWSCService - ok
21:50:16.0911 5356 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
21:50:16.0927 5356 SCardSvr - ok
21:50:16.0973 5356 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
21:50:16.0973 5356 scfilter - ok
21:50:17.0051 5356 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
21:50:17.0067 5356 Schedule - ok
21:50:17.0114 5356 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:50:17.0114 5356 SCPolicySvc - ok
21:50:17.0176 5356 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
21:50:17.0192 5356 SDRSVC - ok
21:50:17.0239 5356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:50:17.0239 5356 secdrv - ok
21:50:17.0270 5356 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
21:50:17.0285 5356 seclogon - ok
21:50:17.0332 5356 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
21:50:17.0348 5356 SENS - ok
21:50:17.0379 5356 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:50:17.0379 5356 Serenum - ok
21:50:17.0426 5356 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:50:17.0426 5356 Serial - ok
21:50:17.0488 5356 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:50:17.0488 5356 sermouse - ok
21:50:17.0566 5356 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
21:50:17.0582 5356 SessionEnv - ok
21:50:17.0613 5356 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
21:50:17.0613 5356 sffdisk - ok
21:50:17.0629 5356 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
21:50:17.0644 5356 sffp_mmc - ok
21:50:17.0660 5356 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
21:50:17.0660 5356 sffp_sd - ok
21:50:17.0707 5356 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:50:17.0707 5356 sfloppy - ok
21:50:17.0753 5356 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
21:50:17.0769 5356 SharedAccess - ok
21:50:17.0831 5356 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
21:50:17.0847 5356 ShellHWDetection - ok
21:50:17.0909 5356 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
21:50:17.0925 5356 sisagp - ok
21:50:17.0941 5356 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:50:17.0956 5356 SiSRaid2 - ok
21:50:17.0972 5356 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:50:17.0972 5356 SiSRaid4 - ok
21:50:18.0019 5356 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:50:18.0019 5356 Smb - ok
21:50:18.0081 5356 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
21:50:18.0097 5356 SNMPTRAP - ok
21:50:18.0128 5356 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:50:18.0128 5356 spldr - ok
21:50:18.0206 5356 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
21:50:18.0221 5356 Spooler - ok
21:50:18.0440 5356 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
21:50:18.0549 5356 sppsvc - ok
21:50:18.0658 5356 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
21:50:18.0674 5356 sppuinotify - ok
21:50:18.0767 5356 sprtlisten - ok
21:50:18.0892 5356 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS
21:50:18.0892 5356 SRTSP - ok
21:50:18.0939 5356 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS
21:50:18.0939 5356 SRTSPX - ok
21:50:19.0001 5356 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
21:50:19.0017 5356 srv - ok
21:50:19.0048 5356 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
21:50:19.0048 5356 srv2 - ok
21:50:19.0095 5356 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
21:50:19.0111 5356 srvnet - ok
21:50:19.0142 5356 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
21:50:19.0157 5356 SSDPSRV - ok
21:50:19.0189 5356 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
21:50:19.0204 5356 SstpSvc - ok
21:50:19.0267 5356 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:50:19.0267 5356 stexstor - ok
21:50:19.0360 5356 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
21:50:19.0377 5356 StiSvc - ok
21:50:19.0533 5356 SupportSoft RemoteAssist (2e5586392cdfbd1d73badb20e9ed6386) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
21:50:19.0548 5356 SupportSoft RemoteAssist - ok
21:50:19.0611 5356 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
21:50:19.0626 5356 swenum - ok
21:50:19.0689 5356 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
21:50:19.0720 5356 swprv - ok
21:50:19.0814 5356 SymDS (56890bf9d9204b93042089d4b45ae671) C:\windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS
21:50:19.0829 5356 SymDS - ok
21:50:19.0876 5356 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS
21:50:19.0892 5356 SymEFA - ok
21:50:19.0970 5356 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\windows\system32\Drivers\SYMEVENT.SYS
21:50:19.0970 5356 SymEvent - ok
21:50:20.0032 5356 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS
21:50:20.0032 5356 SymIRON - ok
21:50:20.0094 5356 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS
21:50:20.0094 5356 SYMTDIv - ok
21:50:20.0188 5356 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys
21:50:20.0188 5356 SynTP - ok
21:50:20.0313 5356 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
21:50:20.0360 5356 SysMain - ok
21:50:20.0438 5356 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
21:50:20.0469 5356 TabletInputService - ok
21:50:20.0531 5356 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
21:50:20.0562 5356 TapiSrv - ok
21:50:20.0609 5356 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
21:50:20.0625 5356 TBS - ok
21:50:20.0750 5356 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
21:50:20.0781 5356 Tcpip - ok
21:50:20.0828 5356 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
21:50:20.0859 5356 TCPIP6 - ok
21:50:20.0921 5356 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
21:50:20.0921 5356 tcpipreg - ok
21:50:20.0984 5356 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:50:20.0984 5356 tdcmdpst - ok
21:50:21.0046 5356 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
21:50:21.0046 5356 TDPIPE - ok
21:50:21.0093 5356 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
21:50:21.0093 5356 TDTCP - ok
21:50:21.0155 5356 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
21:50:21.0155 5356 tdx - ok
21:50:21.0218 5356 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
21:50:21.0218 5356 TermDD - ok
21:50:21.0280 5356 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
21:50:21.0311 5356 TermService - ok
21:50:21.0358 5356 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
21:50:21.0374 5356 Themes - ok
21:50:21.0420 5356 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:50:21.0436 5356 THREADORDER - ok
21:50:21.0514 5356 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:50:21.0514 5356 TMachInfo - ok
21:50:21.0576 5356 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe
21:50:21.0592 5356 TODDSrv - ok
21:50:21.0654 5356 TosCoSrv (85edf7a274435e4df051bb23f8e01581) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:50:21.0670 5356 TosCoSrv - ok
21:50:21.0732 5356 TOSHIBA HDD SSD Alert Service (991e324dc137402148e01c2269632c6b) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:50:21.0732 5356 TOSHIBA HDD SSD Alert Service - ok
21:50:21.0779 5356 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
21:50:21.0795 5356 TrkWks - ok
21:50:21.0873 5356 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
21:50:21.0888 5356 TrustedInstaller - ok
21:50:21.0920 5356 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
21:50:21.0920 5356 tssecsrv - ok
21:50:21.0982 5356 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
21:50:21.0998 5356 TsUsbFlt - ok
21:50:22.0060 5356 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
21:50:22.0060 5356 tunnel - ok
21:50:22.0091 5356 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:50:22.0091 5356 TVALZ - ok
21:50:22.0138 5356 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:50:22.0138 5356 uagp35 - ok
21:50:22.0200 5356 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
21:50:22.0216 5356 udfs - ok
21:50:22.0278 5356 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
21:50:22.0294 5356 ufad-ws60 - ok
21:50:22.0356 5356 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
21:50:22.0388 5356 UI0Detect - ok
21:50:22.0450 5356 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
21:50:22.0450 5356 uliagpkx - ok
21:50:22.0512 5356 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
21:50:22.0528 5356 umbus - ok
21:50:22.0606 5356 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:50:22.0606 5356 UmPass - ok
21:50:22.0653 5356 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
21:50:22.0668 5356 upnphost - ok
21:50:22.0731 5356 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
21:50:22.0731 5356 usbccgp - ok
21:50:22.0778 5356 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
21:50:22.0778 5356 usbcir - ok
21:50:22.0809 5356 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
21:50:22.0809 5356 usbehci - ok
21:50:22.0856 5356 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
21:50:22.0871 5356 usbhub - ok
21:50:22.0918 5356 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
21:50:22.0918 5356 usbohci - ok
21:50:22.0980 5356 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:50:22.0980 5356 usbprint - ok
21:50:23.0043 5356 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
21:50:23.0043 5356 usbscan - ok
21:50:23.0121 5356 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS
21:50:23.0136 5356 USBSTOR - ok
21:50:23.0168 5356 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
21:50:23.0168 5356 usbuhci - ok
21:50:23.0246 5356 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
21:50:23.0246 5356 usbvideo - ok
21:50:23.0324 5356 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
21:50:23.0339 5356 UxSms - ok
21:50:23.0386 5356 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:50:23.0402 5356 VaultSvc - ok
21:50:23.0464 5356 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
21:50:23.0480 5356 vdrvroot - ok
21:50:23.0542 5356 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
21:50:23.0604 5356 vds - ok
21:50:23.0651 5356 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:50:23.0651 5356 vga - ok
21:50:23.0682 5356 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:50:23.0682 5356 VgaSave - ok
21:50:23.0745 5356 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
21:50:23.0745 5356 vhdmp - ok
21:50:23.0792 5356 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
21:50:23.0792 5356 viaagp - ok
21:50:23.0838 5356 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:50:23.0838 5356 ViaC7 - ok
21:50:23.0885 5356 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
21:50:23.0885 5356 viaide - ok
21:50:23.0994 5356 VMAuthdService (6fc9b272b838ee8f5fa0e4a7e971154a) C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
21:50:23.0994 5356 VMAuthdService - ok
21:50:24.0072 5356 vmci (c9561dcbeda5b700752e3f7049b2d6f2) C:\windows\system32\Drivers\vmci.sys
21:50:24.0072 5356 vmci - ok
21:50:24.0119 5356 vmkbd (dcd2f4a14795e8a8114a7cae2a9b9465) C:\windows\system32\drivers\VMkbd.sys
21:50:24.0135 5356 vmkbd - ok
21:50:24.0150 5356 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\windows\system32\DRIVERS\vmnetadapter.sys
21:50:24.0150 5356 VMnetAdapter - ok
21:50:24.0182 5356 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\windows\system32\DRIVERS\vmnetbridge.sys
21:50:24.0197 5356 VMnetBridge - ok
21:50:24.0244 5356 VMnetDHCP (8bb18290baa79bfb99475223e0585ca5) C:\windows\system32\vmnetdhcp.exe
21:50:24.0260 5356 VMnetDHCP - ok
21:50:24.0338 5356 VMnetuserif (ecbe41a85c852bcd2fd12281e8f9d833) C:\windows\system32\drivers\vmnetuserif.sys
21:50:24.0338 5356 VMnetuserif - ok
21:50:24.0447 5356 VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
21:50:24.0447 5356 VMUSBArbService - ok
21:50:24.0525 5356 VMware NAT Service (94108996405446ae95f56606fd702a43) C:\windows\system32\vmnat.exe
21:50:24.0540 5356 VMware NAT Service - ok
21:50:24.0665 5356 vmx86 (626d103ef74b9c2e9f7b5d3be9007fba) C:\windows\system32\Drivers\vmx86.sys
21:50:24.0696 5356 vmx86 - ok
21:50:24.0759 5356 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
21:50:24.0759 5356 volmgr - ok
21:50:24.0837 5356 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:50:24.0852 5356 volmgrx - ok
21:50:24.0915 5356 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
21:50:24.0915 5356 volsnap - ok
21:50:24.0993 5356 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:50:24.0993 5356 vsmraid - ok
21:50:25.0086 5356 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
21:50:25.0118 5356 VSS - ok
21:50:25.0211 5356 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
21:50:25.0211 5356 vstor2-ws60 - ok
21:50:25.0242 5356 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
21:50:25.0242 5356 vwifibus - ok
21:50:25.0274 5356 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
21:50:25.0274 5356 vwififlt - ok
21:50:25.0320 5356 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
21:50:25.0336 5356 W32Time - ok
21:50:25.0398 5356 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:50:25.0398 5356 WacomPen - ok
21:50:25.0476 5356 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:50:25.0476 5356 WANARP - ok
21:50:25.0492 5356 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:50:25.0492 5356 Wanarpv6 - ok
21:50:25.0601 5356 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
21:50:25.0664 5356 wbengine - ok
21:50:25.0695 5356 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
21:50:25.0710 5356 WbioSrvc - ok
21:50:25.0773 5356 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
21:50:25.0788 5356 wcncsvc - ok
21:50:25.0835 5356 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
21:50:25.0851 5356 WcsPlugInService - ok
21:50:25.0913 5356 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:50:25.0929 5356 Wd - ok
21:50:25.0976 5356 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\windows\system32\drivers\Wdf01000.sys
21:50:25.0976 5356 Suspicious file (Forged): C:\windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
21:50:25.0991 5356 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
21:50:25.0991 5356 Wdf01000 - detected Virus.Win32.Rloader.a (0)
21:50:26.0038 5356 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:50:26.0054 5356 WdiServiceHost - ok
21:50:26.0054 5356 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:50:26.0069 5356 WdiSystemHost - ok
21:50:26.0116 5356 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
21:50:26.0132 5356 WebClient - ok
21:50:26.0179 5356 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
21:50:26.0194 5356 Wecsvc - ok
21:50:26.0225 5356 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
21:50:26.0225 5356 wercplsupport - ok
21:50:26.0272 5356 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
21:50:26.0288 5356 WerSvc - ok
21:50:26.0319 5356 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:50:26.0319 5356 WfpLwf - ok
21:50:26.0350 5356 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:50:26.0366 5356 WIMMount - ok
21:50:26.0491 5356 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:50:26.0491 5356 WinDefend - ok
21:50:26.0537 5356 WinHttpAutoProxySvc - ok
21:50:26.0615 5356 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
21:50:26.0615 5356 Winmgmt - ok
21:50:26.0725 5356 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
21:50:26.0756 5356 WinRM - ok
21:50:26.0849 5356 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
21:50:26.0881 5356 Wlansvc - ok
21:50:27.0021 5356 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:50:27.0052 5356 wlidsvc - ok
21:50:27.0177 5356 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
21:50:27.0193 5356 WmiAcpi - ok
21:50:27.0286 5356 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
21:50:27.0302 5356 wmiApSrv - ok
21:50:27.0442 5356 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:50:27.0473 5356 WMPNetworkSvc - ok
21:50:27.0505 5356 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
21:50:27.0520 5356 WPCSvc - ok
21:50:27.0567 5356 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
21:50:27.0567 5356 WPDBusEnum - ok
21:50:27.0645 5356 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:50:27.0645 5356 ws2ifsl - ok
21:50:27.0692 5356 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
21:50:27.0707 5356 wscsvc - ok
21:50:27.0707 5356 WSearch - ok
21:50:27.0863 5356 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
21:50:27.0910 5356 wuauserv - ok
21:50:28.0019 5356 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
21:50:28.0019 5356 WudfPf - ok
21:50:28.0051 5356 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
21:50:28.0066 5356 WUDFRd - ok
21:50:28.0129 5356 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
21:50:28.0144 5356 wudfsvc - ok
21:50:28.0191 5356 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
21:50:28.0207 5356 WwanSvc - ok
21:50:28.0331 5356 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:50:28.0378 5356 \Device\Harddisk0\DR0 - ok
21:50:28.0409 5356 Boot (0x1200) (75632f60abc72fda4faef4ccfdb3881d) \Device\Harddisk0\DR0\Partition0
21:50:28.0409 5356 \Device\Harddisk0\DR0\Partition0 - ok
21:50:28.0409 5356 ============================================================
21:50:28.0409 5356 Scan finished
21:50:28.0409 5356 ============================================================
21:50:28.0456 5108 Detected object count: 1
21:50:28.0456 5108 Actual detected object count: 1
21:50:46.0084 5108 C:\windows\system32\drivers\Wdf01000.sys - copied to quarantine
21:50:52.0823 5108 Backup copy not found, trying to cure infected file..
21:50:52.0839 5108 Cure success, using it..
21:50:52.0917 5108 C:\windows\system32\drivers\Wdf01000.sys - will be cured on reboot
21:50:52.0917 5108 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
21:50:59.0968 4856 Deinitialize success

-----------------------------------------------------------------------------------------------------

I don't know if this mean that the issue has been resolved, but for the record, I tested Google and Bing on Firefox and IE after rebooting, and the problem did not recur.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:37 AM

Posted 30 April 2012 - 07:29 PM

Good news :)

Please post new GMER log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 Lemurtoes

Lemurtoes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 01 May 2012 - 08:49 PM

Hi,
I had the same problem with GMER freezing and this time around, but it ran successfully in Safe Mode.

GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-01 18:32:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GJ00
Running: hn1tngko.exe; Driver: C:\Users\Nick\AppData\Local\Temp\kxddqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 81C4B359 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C84D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000063 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

-------------------------------------------------------------------------------------------------------

I still haven't had any problems with search engine links redirecting to other sites since my last post. Thanks again for your help!

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:37 AM

Posted 01 May 2012 - 09:06 PM

Good :)

Couple more steps...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 Lemurtoes

Lemurtoes
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 03 May 2012 - 09:16 AM

Temp File Cleaner

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nick
->Temp folder emptied: 205485673 bytes
->Temporary Internet Files folder emptied: 331307863 bytes
->Java cache emptied: 4661572 bytes
->FireFox cache emptied: 353632260 bytes
->Flash cache emptied: 275806 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15378027 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 1984629876 bytes
Process complete!

Total Files Cleaned = 2,761.00 mb

------------------------------------------------------------------------------------------------------------

ESET

C:\TDSSKiller_Quarantine\29.04.2012_21.49.54\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan deleted - quarantined

------------------------------------------------------------------------------------------------------------

I haven't had any issues with search engine link redirection since the last time I checked in. Thank you!

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:37 AM

Posted 03 May 2012 - 10:36 AM

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/04/27/download-the-latest-adobe-flash-for-firefox-and-ie-without-any-extras/

======================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users