Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

rndom srch engine results redirect & IE usually doesn't work

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 24th, 2011, 2:55 pm

Cypher wrote:
I have a Windows 7 disc but it did not come with the laptop. It was purchased from a vendor.
Can you tell me what make your PC is and does it have a Recovery Environment?
Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
Do you have an option that says Repair your computer?


It's a HP Pavillion Dv7. I'm not sure if there's a recovery environment at the moment but I would think that it does; there is a D: which indicates that it's a Recovery drive. I am currently afk on that laptop. Would you please provide the steps I need to follow?
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm
Advertisement
Register to Remove

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 24th, 2011, 3:10 pm

Hi C-Royd.
I'm not sure if there's a recovery environment at the moment but I would think that it does;
This makes things easier as we can repair the MBR via the Recovery Environment.
Before we proceed run this scan for me please.

MBRCheck

    Please download MBRCheck.exe and save it to your desktop.
  • Right click on MBRCheck.exe and select " Run as administrator " to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 24th, 2011, 3:16 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 197):
0x83200000 \SystemRoot\system32\ntkrnlpa.exe
0x83610000 \SystemRoot\system32\halmacpi.dll
0x86BB1000 \SystemRoot\system32\kdcom.dll
0x8383C000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83847000 \SystemRoot\system32\PSHED.dll
0x83858000 \SystemRoot\system32\BOOTVID.dll
0x83860000 \SystemRoot\system32\CLFS.SYS
0x838A2000 \SystemRoot\system32\CI.dll
0x8394D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x839BE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83A37000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83A7F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x83A88000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83A90000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x83A9B000 \SystemRoot\system32\DRIVERS\pci.sys
0x83AC5000 \SystemRoot\System32\drivers\partmgr.sys
0x83AD6000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x83ADE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x83AE9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83AF9000 \SystemRoot\System32\drivers\volmgrx.sys
0x83B44000 \SystemRoot\system32\DRIVERS\pciide.sys
0x83B4B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x83B59000 \SystemRoot\System32\drivers\mountmgr.sys
0x83B6F000 \SystemRoot\system32\DRIVERS\atapi.sys
0x83B78000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x83B9B000 \SystemRoot\system32\DRIVERS\msahci.sys
0x83BA5000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83BAE000 \SystemRoot\system32\drivers\fltmgr.sys
0x83BE2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AE08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF37000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AF62000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AF75000 \SystemRoot\System32\Drivers\cng.sys
0x8AFD2000 \SystemRoot\System32\drivers\pcw.sys
0x8AFE0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B03F000 \SystemRoot\system32\drivers\ndis.sys
0x8B0F6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B134000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B21E000 \SystemRoot\System32\drivers\tcpip.sys
0x8B367000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B398000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B3A1000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B3E0000 \SystemRoot\System32\Drivers\spldr.sys
0x8B159000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B3E8000 \SystemRoot\System32\Drivers\mup.sys
0x8B3F8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B186000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B200000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B1B8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B011000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B030000 \SystemRoot\System32\Drivers\Null.SYS
0x8B037000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B1F2000 \SystemRoot\System32\drivers\vga.sys
0x83A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AFE9000 \SystemRoot\System32\drivers\watchdog.sys
0x8AFF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8AE00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x83A21000 \SystemRoot\system32\drivers\rdprefmp.sys
0x83A29000 \SystemRoot\System32\Drivers\Msfs.SYS
0x839CC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x839DA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x83BF3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x839F1000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8FE01000 \SystemRoot\system32\drivers\afd.sys
0x8FE5B000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8FE60000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FE92000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8FE99000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FEB8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8FEC9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FED7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FEEA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FEFA000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x8FF1F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8FF25000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FF66000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FF70000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FF7A000 \SystemRoot\System32\drivers\discache.sys
0x8FF86000 \SystemRoot\system32\drivers\csc.sys
0x83800000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FFEA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90831000 \SystemRoot\System32\Drivers\aswSP.SYS
0x90878000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90899000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x9123A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9168E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91745000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9177E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9179D000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x908AA000 \SystemRoot\system32\DRIVERS\athr.sys
0x917B6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x917C0000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x917E5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x917EB000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90C3D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90C88000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90C97000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90CAF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90CBC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90CF3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90CF5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90D02000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90D06000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90D0F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90D1C000 \SystemRoot\System32\Drivers\RootMdm.sys
0x90D24000 \SystemRoot\system32\drivers\modem.sys
0x90D31000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90D43000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90D5B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90D66000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90D88000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90DA0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90DB7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90DCE000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x90DD5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x90DDF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90C00000 \SystemRoot\system32\DRIVERS\ks.sys
0x90DE1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x909BA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90DEF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94408000 \SystemRoot\system32\drivers\HdAudio.sys
0x94458000 \SystemRoot\system32\drivers\portcls.sys
0x94487000 \SystemRoot\system32\drivers\drmk.sys
0x944A0000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x97720000 \SystemRoot\System32\win32k.sys
0x945A6000 \SystemRoot\System32\drivers\Dxapi.sys
0x945B0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x945BD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x945C8000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x945D2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x945E3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91200000 \SystemRoot\System32\Drivers\usbvideo.sys
0x97980000 \SystemRoot\System32\TSDDD.dll
0x979B0000 \SystemRoot\System32\cdd.dll
0x90800000 \SystemRoot\system32\drivers\luafv.sys
0x8C816000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8C84D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8C850000 \SystemRoot\system32\drivers\WudfPf.sys
0x8C86A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C87A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8C8C0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8C8D0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8C8E3000 \SystemRoot\system32\drivers\HTTP.sys
0x8C968000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8C981000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8C993000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8C9B6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x83818000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB060E000 \SystemRoot\system32\drivers\peauth.sys
0xB06A5000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB06AF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB073A000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB0747000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB0796000 \SystemRoot\System32\DRIVERS\srv.sys
0xB07E7000 \??\C:\Windows\system32\drivers\mbam.sys
0xB7C14000 \??\C:\Users\amog\AppData\Local\Temp\pxtyrpod.sys
0xB7C80000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB7CD6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x76E80000 \Windows\System32\ntdll.dll
0x479D0000 \Windows\System32\smss.exe
0x770C0000 \Windows\System32\apisetschema.dll
0x00A00000 \Windows\System32\autochk.exe
0x77060000 \Windows\System32\Wldap32.dll
0x76FC0000 \Windows\System32\advapi32.dll
0x76E70000 \Windows\System32\psapi.dll
0x76220000 \Windows\System32\shell32.dll
0x761F0000 \Windows\System32\imagehlp.dll
0x761E0000 \Windows\System32\normaliz.dll
0x761A0000 \Windows\System32\ws2_32.dll
0x76140000 \Windows\System32\shlwapi.dll
0x76000000 \Windows\System32\urlmon.dll
0x75F30000 \Windows\System32\msctf.dll
0x75EA0000 \Windows\System32\clbcatq.dll
0x75E10000 \Windows\System32\oleaut32.dll
0x75D30000 \Windows\System32\kernel32.dll
0x75D20000 \Windows\System32\nsi.dll
0x75CA0000 \Windows\System32\comdlg32.dll
0x75C00000 \Windows\System32\usp10.dll
0x75B30000 \Windows\System32\user32.dll
0x75B10000 \Windows\System32\sechost.dll
0x75910000 \Windows\System32\iertutil.dll
0x75770000 \Windows\System32\setupapi.dll
0x75710000 \Windows\System32\difxapi.dll
0x75660000 \Windows\System32\rpcrt4.dll
0x75610000 \Windows\System32\gdi32.dll
0x754B0000 \Windows\System32\ole32.dll
0x75400000 \Windows\System32\msvcrt.dll
0x75300000 \Windows\System32\wininet.dll
0x752F0000 \Windows\System32\lpk.dll
0x752D0000 \Windows\System32\imm32.dll
0x752A0000 \Windows\System32\wintrust.dll
0x75280000 \Windows\System32\devobj.dll
0x75160000 \Windows\System32\crypt32.dll
0x750D0000 \Windows\System32\comctl32.dll
0x750A0000 \Windows\System32\cfgmgr32.dll
0x75050000 \Windows\System32\KernelBase.dll
0x75040000 \Windows\System32\msasn1.dll

Processes (total 71):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
364 csrss.exe
440 C:\Windows\System32\wininit.exe
448 csrss.exe
488 C:\Windows\System32\services.exe
504 C:\Windows\System32\lsass.exe
512 C:\Windows\System32\lsm.exe
552 C:\Windows\System32\winlogon.exe
644 C:\Windows\System32\svchost.exe
748 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1400 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1444 C:\Windows\System32\dwm.exe
1468 C:\Windows\explorer.exe
1600 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1612 C:\Program Files\FlashGet\flashget.exe
1620 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1636 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1652 C:\Program Files\iTunes\iTunesHelper.exe
1660 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
1672 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1700 C:\Program Files\Novatel Wireless\Mobilink\Lite.exe
1708 C:\Program Files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe
1716 C:\Program Files\Launchy\Launchy.exe
1760 C:\Program Files\OpenOffice.org 3\program\soffice.exe
1768 C:\Program Files\OpenOffice.org 3\program\soffice.bin
1820 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1280 C:\Windows\System32\spoolsv.exe
1728 C:\Windows\System32\taskhost.exe
1900 C:\Windows\System32\svchost.exe
2064 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2084 C:\Program Files\Bonjour\mDNSResponder.exe
2124 C:\Windows\System32\svchost.exe
2316 C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
2388 C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe
2452 C:\Windows\System32\svchost.exe
3212 postgres.exe
3248 conhost.exe
3492 postgres.exe
3500 postgres.exe
3508 postgres.exe
3516 postgres.exe
3596 C:\Windows\System32\SearchIndexer.exe
3748 C:\Program Files\iPod\bin\iPodService.exe
3900 C:\Windows\System32\svchost.exe
3672 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2328 C:\Windows\System32\svchost.exe
884 C:\Program Files\Windows Media Player\wmpnetwk.exe
2732 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
2272 C:\Windows\System32\notepad.exe
744 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
4084 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
3540 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
2860 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
2696 C:\Program Files\Mozilla Firefox\firefox.exe
1804 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
2116 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
2800 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
1304 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
3544 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
3348 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
3368 C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
2472 C:\STUFF\DOWNLOADS\MBRCheck.exe
592 C:\Windows\System32\conhost.exe
2440 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`57f00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40F

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 24th, 2011, 3:28 pm

Ok that scan if detecting a Windows 7 MBR code which is good.
Continue with the instructions below, be sure to back up your personal files before doing so.

Download MBRBackup to your Desktop.

  • Right-click MBRBackup.exe and select " Run as administrator " to run it.
  • Click SaveMBR (top left corner) and save the backup file to your Desktop.
  • It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.
  • Exit the program.
I strongly suggest you keep a copy of this backup stored on an external device.

Next.

Back Up registry with ERUNT

  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Right-click on erunt_setup.exe and select " Run as administrator " to run it.
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



Logs/Information to Post in your Next Reply

  • ComboFix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 25th, 2011, 9:58 pm

I can't backup my registry with ERUNT. It's trying to save the file into a folder that doesn't exist. Should I still do it? This is probably because the software you recommended ERUNT is not for Windows 7
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 26th, 2011, 7:19 am

Hi.
Go ahead and run ComboFix it will install ERUNT as part of the process.
I asked for the extra backup just as a precaution.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 27th, 2011, 8:30 pm

ComboFix 11-01-27.01 - amog 01/27/2011 19:07:04.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2814.2270 [GMT -5:00]
Running from: c:\stuff\DOWNLOADS\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
C:\readme.txt
c:\users\amog\AppData\Local\{692657C5-A78A-4BA2-93BB-663C4E8B9988}
c:\users\amog\AppData\Local\{692657C5-A78A-4BA2-93BB-663C4E8B9988}\chrome\content\overlay.xul
c:\users\amog\AppData\Local\{692657C5-A78A-4BA2-93BB-663C4E8B9988}\install.rdf
c:\users\amog\AppData\Roaming\BITS
c:\users\amog\AppData\Roaming\BITS\BITS.ini

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-28 00:21 . 2011-01-28 00:22 -------- d-----w- c:\users\amog\AppData\Local\temp
2011-01-28 00:21 . 2011-01-28 00:21 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-01-28 00:21 . 2011-01-28 00:21 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-01-28 00:21 . 2011-01-28 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-26 01:56 . 2011-01-26 01:57 -------- d-----w- c:\program files\ERUNT
2011-01-23 20:42 . 2011-01-23 20:43 -------- d-----w- C:\rsit
2011-01-23 04:34 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-23 04:34 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-23 04:34 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-23 04:34 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-23 04:34 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-23 04:33 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-23 04:33 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-23 04:33 . 2011-01-23 04:33 -------- d-----w- c:\programdata\Alwil Software
2011-01-23 04:33 . 2011-01-23 04:33 -------- d-----w- c:\program files\Alwil Software
2011-01-14 05:45 . 2011-01-23 20:43 -------- d-----w- c:\program files\Trend Micro
2011-01-14 05:45 . 2011-01-14 05:45 388096 ----a-r- c:\users\amog\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-10 20:43 . 2011-01-10 20:43 -------- d-----w- c:\programdata\Cateia Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-08-27 14:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-08-27 14:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 05:48 . 2010-12-10 05:48 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-05 03:40 . 2010-12-05 03:40 53248 ----a-r- c:\users\amog\AppData\Roaming\Microsoft\Installer\{23C12370-3A82-4558-B727-F345B473AD87}\ARPPRODUCTICON.exe
2010-11-16 17:01 . 2010-11-20 00:51 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78FC8AFE-094D-4602-AE23-8C26E02790A0}\mpengine.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\amog\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-03 136176]
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe" [2008-02-20 409672]
"IPhoneFileExplorer"="c:\program files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe" [2010-04-08 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-08-02 1994800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\users\amog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-3-13 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-03-16 17408]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-27 691696]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Contents of the 'Scheduled Tasks' folder

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795858736-4127996407-118159487-1000Core.job
- c:\users\amog\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-03 09:08]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795858736-4127996407-118159487-1000UA.job
- c:\users\amog\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-03 09:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
Trusted Zone: kuaiche.com\software
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/device ... Loader.cab
FF - ProfilePath - c:\users\amog\AppData\Roaming\Mozilla\Firefox\Profiles\z69eub8w.default\
FF - prefs.js: browser.startup.homepage - www.imdb.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS543232L9A300 rev.FB4OC40F -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86846446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8684c504]; MOV EAX, [0x8684c580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8324A458] -> \Device\Harddisk0\DR0[0x86827868]
3 CLASSPNP[0x8B18059E] -> ntkrnlpa!IofCallDriver[0x8324A458] -> [0x866CBAE8]
\Driver\atapi[0x8682CB18] -> IRP_MJ_CREATE -> 0x86846446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskHitachi_HTS543232L9A300_________________FB4OC40F#5&32171732&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
copy of MBR has been found in sector 9 !
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-27 19:24:35
ComboFix-quarantined-files.txt 2011-01-28 00:24

Pre-Run: 47,030,669,312 bytes free
Post-Run: 47,983,378,432 bytes free

- - End Of File - - F5A2532CBFB67CBBC117881EF034B91F
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 27th, 2011, 11:43 pm

ComboFix 11-01-27.01 - amog 01/27/2011 19:07:04.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2814.2270 [GMT -5:00]
Running from: c:\stuff\DOWNLOADS\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
C:\readme.txt
c:\users\amog\AppData\Local\{692657C5-A78A-4BA2-93BB-663C4E8B9988}
c:\users\amog\AppData\Local\{692657C5-A78A-4BA2-93BB-663C4E8B9988}\chrome\content\overlay.xul
c:\users\amog\AppData\Local\{692657C5-A78A-4BA2-93BB-663C4E8B9988}\install.rdf
c:\users\amog\AppData\Roaming\BITS
c:\users\amog\AppData\Roaming\BITS\BITS.ini

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-28 00:21 . 2011-01-28 00:22 -------- d-----w- c:\users\amog\AppData\Local\temp
2011-01-28 00:21 . 2011-01-28 00:21 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-01-28 00:21 . 2011-01-28 00:21 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-01-28 00:21 . 2011-01-28 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-26 01:56 . 2011-01-26 01:57 -------- d-----w- c:\program files\ERUNT
2011-01-23 20:42 . 2011-01-23 20:43 -------- d-----w- C:\rsit
2011-01-23 04:34 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-23 04:34 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-23 04:34 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-23 04:34 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-23 04:34 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-23 04:33 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-23 04:33 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-23 04:33 . 2011-01-23 04:33 -------- d-----w- c:\programdata\Alwil Software
2011-01-23 04:33 . 2011-01-23 04:33 -------- d-----w- c:\program files\Alwil Software
2011-01-14 05:45 . 2011-01-23 20:43 -------- d-----w- c:\program files\Trend Micro
2011-01-14 05:45 . 2011-01-14 05:45 388096 ----a-r- c:\users\amog\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-10 20:43 . 2011-01-10 20:43 -------- d-----w- c:\programdata\Cateia Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-08-27 14:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-08-27 14:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 05:48 . 2010-12-10 05:48 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-05 03:40 . 2010-12-05 03:40 53248 ----a-r- c:\users\amog\AppData\Roaming\Microsoft\Installer\{23C12370-3A82-4558-B727-F345B473AD87}\ARPPRODUCTICON.exe
2010-11-16 17:01 . 2010-11-20 00:51 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78FC8AFE-094D-4602-AE23-8C26E02790A0}\mpengine.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\amog\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-03 136176]
"MobiLink Lite"="c:\program files\Novatel Wireless\MobiLink\Lite.exe" [2008-02-20 409672]
"IPhoneFileExplorer"="c:\program files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe" [2010-04-08 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-08-02 1994800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\users\amog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-3-13 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-03-16 17408]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-27 691696]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Contents of the 'Scheduled Tasks' folder

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795858736-4127996407-118159487-1000Core.job
- c:\users\amog\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-03 09:08]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1795858736-4127996407-118159487-1000UA.job
- c:\users\amog\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-03 09:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
Trusted Zone: kuaiche.com\software
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/device ... Loader.cab
FF - ProfilePath - c:\users\amog\AppData\Roaming\Mozilla\Firefox\Profiles\z69eub8w.default\
FF - prefs.js: browser.startup.homepage - www.imdb.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS543232L9A300 rev.FB4OC40F -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86846446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8684c504]; MOV EAX, [0x8684c580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8324A458] -> \Device\Harddisk0\DR0[0x86827868]
3 CLASSPNP[0x8B18059E] -> ntkrnlpa!IofCallDriver[0x8324A458] -> [0x866CBAE8]
\Driver\atapi[0x8682CB18] -> IRP_MJ_CREATE -> 0x86846446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskHitachi_HTS543232L9A300_________________FB4OC40F#5&32171732&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
copy of MBR has been found in sector 9 !
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-27 19:24:35
ComboFix-quarantined-files.txt 2011-01-28 00:24

Pre-Run: 47,030,669,312 bytes free
Post-Run: 47,983,378,432 bytes free

- - End Of File - - F5A2532CBFB67CBBC117881EF034B91F
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 28th, 2011, 12:05 pm

Hi C-Royd.
Are your searches still redirected?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 30th, 2011, 4:45 am

The searches dont seem to be redirected anymore, which is awesome.

Avast still says that my rootkit is infected.
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 30th, 2011, 6:12 am

Hi C-Royd.

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
  • Right click on TDSSKiller.exe and select " Run as administrator " to run it..
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 31st, 2011, 2:51 pm

2011/01/31 13:50:39.0251 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/31 13:50:39.0252 ================================================================================
2011/01/31 13:50:39.0252 SystemInfo:
2011/01/31 13:50:39.0252
2011/01/31 13:50:39.0252 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/31 13:50:39.0252 Product type: Workstation
2011/01/31 13:50:39.0252 ComputerName: AMOGCOMP
2011/01/31 13:50:39.0253 UserName: amog
2011/01/31 13:50:39.0253 Windows directory: C:\Windows
2011/01/31 13:50:39.0253 System windows directory: C:\Windows
2011/01/31 13:50:39.0253 Processor architecture: Intel x86
2011/01/31 13:50:39.0253 Number of processors: 2
2011/01/31 13:50:39.0253 Page size: 0x1000
2011/01/31 13:50:39.0253 Boot type: Normal boot
2011/01/31 13:50:39.0253 ================================================================================
2011/01/31 13:50:39.0710 Initialize success
2011/01/31 13:50:50.0768 ================================================================================
2011/01/31 13:50:50.0769 Scan started
2011/01/31 13:50:50.0769 Mode: Manual;
2011/01/31 13:50:50.0769 ================================================================================
2011/01/31 13:50:51.0353 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/31 13:50:51.0429 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/31 13:50:51.0483 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/31 13:50:51.0628 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/31 13:50:51.0802 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/31 13:50:51.0855 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/31 13:50:52.0028 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/31 13:50:52.0237 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/01/31 13:50:52.0402 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/31 13:50:52.0458 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/31 13:50:52.0665 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/31 13:50:52.0722 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/31 13:50:52.0761 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/31 13:50:52.0850 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/31 13:50:52.0933 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/31 13:50:52.0996 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/31 13:50:53.0035 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/31 13:50:53.0076 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/31 13:50:53.0179 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/31 13:50:53.0424 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/31 13:50:53.0477 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/31 13:50:53.0536 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/01/31 13:50:53.0675 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/01/31 13:50:53.0739 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/01/31 13:50:53.0823 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/01/31 13:50:53.0950 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/01/31 13:50:54.0083 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/31 13:50:54.0165 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/31 13:50:54.0324 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2011/01/31 13:50:54.0602 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/31 13:50:54.0954 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/31 13:50:55.0117 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/31 13:50:55.0175 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/31 13:50:55.0272 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/31 13:50:55.0400 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/31 13:50:55.0512 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/31 13:50:55.0555 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/31 13:50:55.0621 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/31 13:50:55.0690 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/31 13:50:55.0787 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/31 13:50:55.0834 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/31 13:50:55.0873 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/31 13:50:56.0233 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/31 13:50:56.0297 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/31 13:50:56.0458 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/31 13:50:56.0534 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/31 13:50:56.0693 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/31 13:50:56.0743 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/31 13:50:56.0924 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/31 13:50:57.0059 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/31 13:50:57.0119 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/31 13:50:57.0184 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/31 13:50:57.0316 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/01/31 13:50:57.0536 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/31 13:50:57.0588 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/31 13:50:57.0735 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/31 13:50:57.0855 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/31 13:50:58.0016 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/31 13:50:58.0279 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/31 13:50:58.0542 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/31 13:50:58.0697 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/31 13:50:58.0799 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/31 13:50:58.0914 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/31 13:50:58.0971 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/31 13:50:59.0025 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/31 13:50:59.0070 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/31 13:50:59.0177 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/31 13:50:59.0227 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/31 13:50:59.0314 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/31 13:50:59.0400 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/31 13:50:59.0450 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/31 13:50:59.0523 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/31 13:50:59.0573 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/31 13:50:59.0703 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/31 13:50:59.0797 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/01/31 13:50:59.0919 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/31 13:50:59.0975 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/31 13:51:00.0013 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/31 13:51:00.0132 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/31 13:51:00.0240 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/31 13:51:00.0405 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/31 13:51:00.0508 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/31 13:51:00.0630 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/31 13:51:00.0734 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/31 13:51:00.0863 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/31 13:51:01.0042 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/31 13:51:01.0099 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/31 13:51:01.0149 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/31 13:51:01.0287 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/31 13:51:01.0354 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/31 13:51:01.0388 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/31 13:51:01.0538 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/31 13:51:01.0617 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/31 13:51:01.0669 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/31 13:51:01.0816 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/31 13:51:01.0882 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/31 13:51:01.0958 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/31 13:51:02.0055 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/31 13:51:02.0160 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/31 13:51:02.0385 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/31 13:51:02.0445 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/31 13:51:02.0480 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/31 13:51:02.0511 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/31 13:51:02.0663 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/31 13:51:02.0848 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
2011/01/31 13:51:02.0944 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/31 13:51:03.0095 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/31 13:51:03.0152 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/31 13:51:03.0191 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/31 13:51:03.0314 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/31 13:51:03.0391 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/31 13:51:03.0450 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/31 13:51:03.0583 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/31 13:51:03.0632 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/31 13:51:03.0676 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/31 13:51:03.0748 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/31 13:51:03.0819 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/31 13:51:03.0847 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/31 13:51:03.0885 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/31 13:51:03.0917 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/31 13:51:04.0003 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/31 13:51:04.0069 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/31 13:51:04.0124 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/31 13:51:04.0180 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/31 13:51:04.0206 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/31 13:51:04.0278 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/31 13:51:04.0367 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/31 13:51:04.0419 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/31 13:51:04.0476 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/31 13:51:04.0564 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/31 13:51:04.0660 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/31 13:51:04.0861 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/31 13:51:04.0942 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/31 13:51:05.0089 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/31 13:51:05.0136 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/31 13:51:05.0170 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/31 13:51:05.0200 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/31 13:51:05.0232 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/31 13:51:05.0354 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\Windows\system32\DRIVERS\netaapl.sys
2011/01/31 13:51:05.0428 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/31 13:51:05.0463 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/31 13:51:05.0622 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/31 13:51:05.0719 NPF (c5f0202a00227aecb69e722c52385ffc) C:\Windows\system32\drivers\npf.sys
2011/01/31 13:51:05.0864 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/31 13:51:05.0928 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/31 13:51:06.0005 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/31 13:51:06.0137 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/31 13:51:06.0200 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/31 13:51:06.0255 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/31 13:51:06.0293 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/31 13:51:06.0408 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbmdm.sys
2011/01/31 13:51:06.0458 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser.sys
2011/01/31 13:51:06.0506 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/31 13:51:06.0566 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/31 13:51:06.0598 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/31 13:51:06.0717 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/31 13:51:06.0787 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/31 13:51:06.0826 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/31 13:51:06.0864 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/31 13:51:06.0977 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/31 13:51:07.0056 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/31 13:51:07.0338 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/31 13:51:07.0386 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/31 13:51:07.0445 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/31 13:51:07.0540 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/31 13:51:07.0645 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/31 13:51:07.0730 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/31 13:51:07.0789 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/31 13:51:07.0864 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/31 13:51:07.0959 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/31 13:51:08.0057 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/31 13:51:08.0084 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/31 13:51:08.0130 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/31 13:51:08.0181 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/31 13:51:08.0227 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/31 13:51:08.0312 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/01/31 13:51:08.0343 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/31 13:51:08.0392 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/31 13:51:08.0432 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/31 13:51:08.0507 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/31 13:51:08.0660 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/01/31 13:51:08.0729 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/01/31 13:51:08.0862 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/01/31 13:51:08.0962 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/31 13:51:09.0117 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/01/31 13:51:09.0178 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/01/31 13:51:09.0293 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/31 13:51:09.0347 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/01/31 13:51:09.0385 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/01/31 13:51:09.0520 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/31 13:51:09.0573 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/31 13:51:09.0653 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/31 13:51:09.0785 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/31 13:51:09.0891 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/31 13:51:09.0930 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/31 13:51:10.0050 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/31 13:51:10.0155 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/31 13:51:10.0183 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/31 13:51:10.0215 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/31 13:51:10.0332 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/31 13:51:10.0413 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/31 13:51:10.0464 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/31 13:51:10.0596 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/31 13:51:10.0654 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/31 13:51:10.0705 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/31 13:51:10.0890 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/01/31 13:51:11.0037 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2011/01/31 13:51:11.0094 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/31 13:51:11.0229 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/31 13:51:11.0292 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/31 13:51:11.0338 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/01/31 13:51:11.0449 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/01/31 13:51:11.0505 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/31 13:51:11.0586 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/31 13:51:11.0686 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/01/31 13:51:11.0874 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/31 13:51:12.0023 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/31 13:51:12.0086 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/31 13:51:12.0158 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/31 13:51:12.0211 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/31 13:51:12.0255 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/31 13:51:12.0426 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/31 13:51:12.0484 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/31 13:51:12.0536 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/31 13:51:12.0675 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/31 13:51:12.0742 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/31 13:51:12.0787 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/31 13:51:12.0955 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/31 13:51:13.0039 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/01/31 13:51:13.0140 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/31 13:51:13.0222 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/31 13:51:13.0267 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/31 13:51:13.0410 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/31 13:51:13.0450 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/31 13:51:13.0490 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/31 13:51:13.0527 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/31 13:51:13.0634 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/31 13:51:13.0745 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/31 13:51:13.0900 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/31 13:51:13.0996 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/31 13:51:14.0022 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/31 13:51:14.0059 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/31 13:51:14.0192 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/31 13:51:14.0252 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/31 13:51:14.0293 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/31 13:51:14.0328 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/01/31 13:51:14.0447 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/01/31 13:51:14.0508 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/31 13:51:14.0570 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/31 13:51:14.0674 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/31 13:51:14.0759 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/31 13:51:14.0803 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/01/31 13:51:14.0919 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/01/31 13:51:15.0015 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/31 13:51:15.0152 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/31 13:51:15.0189 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/31 13:51:15.0268 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/31 13:51:15.0305 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/31 13:51:15.0505 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/31 13:51:15.0544 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/31 13:51:15.0904 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/31 13:51:16.0000 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/31 13:51:16.0165 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/31 13:51:16.0257 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/31 13:51:16.0296 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/31 13:51:16.0383 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/31 13:51:16.0390 ================================================================================
2011/01/31 13:51:16.0390 Scan finished
2011/01/31 13:51:16.0390 ================================================================================
2011/01/31 13:51:16.0408 Detected object count: 1
2011/01/31 13:51:38.0188 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Skip
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 31st, 2011, 2:57 pm

Hi C-Royd.
Do the following then give me another update on how your PC is performing.

  • First go to Start > Computer > C: and delete the TDSSKiller log that was created there.
  • Next right click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished Ensure Cure ( the default) is selected... then click Continue > Reboot now.
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller.2.4.0.0_DD.MM.YYYY_HH.MM.SS_log.txt.
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 31st, 2011, 3:16 pm

2011/01/31 14:09:19.0109 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/31 14:09:19.0109 ================================================================================
2011/01/31 14:09:19.0109 SystemInfo:
2011/01/31 14:09:19.0109
2011/01/31 14:09:19.0109 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/31 14:09:19.0109 Product type: Workstation
2011/01/31 14:09:19.0109 ComputerName: AMOGCOMP
2011/01/31 14:09:19.0109 UserName: amog
2011/01/31 14:09:19.0109 Windows directory: C:\Windows
2011/01/31 14:09:19.0109 System windows directory: C:\Windows
2011/01/31 14:09:19.0109 Processor architecture: Intel x86
2011/01/31 14:09:19.0109 Number of processors: 2
2011/01/31 14:09:19.0109 Page size: 0x1000
2011/01/31 14:09:19.0109 Boot type: Normal boot
2011/01/31 14:09:19.0109 ================================================================================
2011/01/31 14:09:19.0453 Initialize success
2011/01/31 14:09:23.0555 ================================================================================
2011/01/31 14:09:23.0555 Scan started
2011/01/31 14:09:23.0555 Mode: Manual;
2011/01/31 14:09:23.0555 ================================================================================
2011/01/31 14:09:26.0707 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/31 14:09:26.0800 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/31 14:09:26.0847 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/31 14:09:26.0972 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/31 14:09:27.0143 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/31 14:09:27.0206 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/31 14:09:27.0377 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/31 14:09:27.0611 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/01/31 14:09:27.0767 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/31 14:09:27.0845 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/31 14:09:28.0017 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/31 14:09:28.0064 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/31 14:09:28.0095 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/31 14:09:28.0142 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/31 14:09:28.0267 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/31 14:09:28.0345 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/31 14:09:28.0391 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/31 14:09:28.0407 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/31 14:09:28.0547 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/31 14:09:28.0735 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/31 14:09:28.0844 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/31 14:09:28.0891 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/01/31 14:09:28.0984 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/01/31 14:09:29.0062 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/01/31 14:09:29.0125 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/01/31 14:09:29.0249 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/01/31 14:09:29.0327 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/31 14:09:29.0390 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/31 14:09:29.0577 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2011/01/31 14:09:29.0873 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/31 14:09:30.0170 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/31 14:09:30.0310 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/31 14:09:30.0388 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/31 14:09:30.0451 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/31 14:09:30.0622 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/31 14:09:30.0669 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/31 14:09:30.0700 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/31 14:09:30.0872 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/31 14:09:30.0934 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/31 14:09:30.0965 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/31 14:09:30.0997 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/31 14:09:31.0043 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/31 14:09:31.0402 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/31 14:09:31.0480 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/31 14:09:31.0621 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/31 14:09:31.0699 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/31 14:09:31.0823 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/31 14:09:31.0886 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/31 14:09:31.0933 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/31 14:09:32.0011 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/31 14:09:32.0182 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/31 14:09:32.0260 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/31 14:09:32.0354 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/01/31 14:09:32.0557 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/31 14:09:32.0619 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/31 14:09:32.0759 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/31 14:09:33.0025 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/31 14:09:33.0118 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/31 14:09:33.0602 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/31 14:09:34.0335 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/31 14:09:34.0491 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/31 14:09:34.0553 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/31 14:09:34.0585 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/31 14:09:34.0741 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/31 14:09:34.0787 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/31 14:09:34.0803 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/31 14:09:34.0834 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/31 14:09:35.0115 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/31 14:09:35.0349 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/31 14:09:35.0411 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/31 14:09:35.0505 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/31 14:09:35.0583 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/31 14:09:35.0677 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/31 14:09:35.0786 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/31 14:09:35.0864 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/01/31 14:09:36.0004 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/31 14:09:36.0067 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/31 14:09:36.0113 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/31 14:09:36.0176 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/31 14:09:36.0285 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/31 14:09:36.0425 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/31 14:09:36.0550 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/31 14:09:36.0675 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/31 14:09:36.0753 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/31 14:09:36.0800 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/31 14:09:36.0940 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/31 14:09:37.0018 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/31 14:09:37.0081 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/31 14:09:37.0127 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/31 14:09:37.0252 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/31 14:09:37.0299 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/31 14:09:37.0361 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/31 14:09:37.0471 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/31 14:09:37.0549 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/31 14:09:37.0595 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/31 14:09:37.0720 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/31 14:09:37.0798 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/31 14:09:37.0829 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/31 14:09:38.0001 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/31 14:09:38.0126 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/31 14:09:38.0188 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/31 14:09:38.0313 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/31 14:09:38.0360 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/31 14:09:38.0422 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/31 14:09:38.0578 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
2011/01/31 14:09:38.0687 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/31 14:09:38.0734 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/31 14:09:38.0875 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/31 14:09:38.0921 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/31 14:09:38.0999 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/31 14:09:39.0140 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/31 14:09:39.0218 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/31 14:09:39.0249 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/31 14:09:39.0389 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/31 14:09:39.0467 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/31 14:09:39.0514 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/31 14:09:39.0561 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/31 14:09:39.0686 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/31 14:09:39.0748 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/31 14:09:39.0826 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/31 14:09:39.0967 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/31 14:09:40.0029 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/31 14:09:40.0060 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/31 14:09:40.0154 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/31 14:09:40.0247 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/31 14:09:40.0294 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/31 14:09:40.0341 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/31 14:09:40.0372 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/31 14:09:40.0450 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/31 14:09:40.0559 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/31 14:09:40.0622 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/31 14:09:40.0700 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/31 14:09:40.0887 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/31 14:09:41.0074 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/31 14:09:41.0121 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/31 14:09:41.0168 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/31 14:09:41.0230 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/31 14:09:41.0293 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/31 14:09:41.0386 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\Windows\system32\DRIVERS\netaapl.sys
2011/01/31 14:09:41.0495 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/31 14:09:41.0558 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/31 14:09:41.0714 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/31 14:09:41.0839 NPF (c5f0202a00227aecb69e722c52385ffc) C:\Windows\system32\drivers\npf.sys
2011/01/31 14:09:41.0948 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/31 14:09:42.0026 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/31 14:09:42.0119 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/31 14:09:42.0260 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/31 14:09:42.0369 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/31 14:09:42.0494 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/31 14:09:42.0572 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/31 14:09:42.0634 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbmdm.sys
2011/01/31 14:09:42.0790 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser.sys
2011/01/31 14:09:42.0915 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/31 14:09:43.0040 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/31 14:09:43.0118 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/31 14:09:43.0180 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/31 14:09:43.0227 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/31 14:09:43.0321 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/31 14:09:43.0399 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/31 14:09:43.0461 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/31 14:09:43.0586 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/31 14:09:43.0835 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/31 14:09:43.0882 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/31 14:09:43.0960 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/31 14:09:44.0179 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/31 14:09:44.0350 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/31 14:09:44.0413 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/31 14:09:44.0444 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/31 14:09:44.0491 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/31 14:09:44.0615 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/31 14:09:44.0678 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/31 14:09:44.0740 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/31 14:09:44.0787 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/31 14:09:44.0912 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/31 14:09:44.0959 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/31 14:09:45.0021 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/01/31 14:09:45.0083 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/31 14:09:45.0239 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/31 14:09:45.0302 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/31 14:09:45.0349 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/31 14:09:45.0505 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/01/31 14:09:45.0583 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/01/31 14:09:45.0723 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/01/31 14:09:45.0832 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/31 14:09:46.0004 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/01/31 14:09:46.0082 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/01/31 14:09:46.0222 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/31 14:09:46.0269 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/01/31 14:09:46.0316 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/01/31 14:09:46.0441 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/31 14:09:46.0503 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/31 14:09:46.0597 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/31 14:09:46.0831 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/31 14:09:47.0018 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/31 14:09:47.0065 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/31 14:09:47.0096 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/31 14:09:47.0158 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/31 14:09:47.0283 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/31 14:09:47.0314 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/31 14:09:47.0361 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/31 14:09:47.0423 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/31 14:09:47.0548 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/31 14:09:47.0595 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/31 14:09:47.0642 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/31 14:09:47.0845 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/31 14:09:48.0001 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/01/31 14:09:48.0157 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2011/01/31 14:09:48.0219 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/31 14:09:48.0359 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/31 14:09:48.0437 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/31 14:09:48.0578 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/01/31 14:09:48.0640 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/01/31 14:09:48.0671 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/31 14:09:48.0749 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/31 14:09:49.0217 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/01/31 14:09:49.0467 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/31 14:09:49.0623 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/31 14:09:49.0685 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/31 14:09:49.0717 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/31 14:09:49.0763 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/31 14:09:49.0810 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/31 14:09:49.0966 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/31 14:09:50.0044 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/31 14:09:50.0091 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/31 14:09:50.0216 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/31 14:09:50.0278 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/31 14:09:50.0309 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/31 14:09:50.0403 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/31 14:09:50.0497 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/01/31 14:09:50.0543 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/31 14:09:50.0590 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/31 14:09:50.0668 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/31 14:09:50.0824 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/31 14:09:50.0887 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/31 14:09:50.0965 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/31 14:09:51.0058 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/31 14:09:51.0105 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/31 14:09:51.0199 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/31 14:09:51.0323 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/31 14:09:51.0433 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/31 14:09:51.0526 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/31 14:09:51.0573 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/31 14:09:51.0667 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/31 14:09:51.0729 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/31 14:09:51.0776 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/31 14:09:51.0838 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/01/31 14:09:51.0885 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/01/31 14:09:51.0963 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/31 14:09:52.0072 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/31 14:09:52.0135 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/31 14:09:52.0244 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/31 14:09:52.0322 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/01/31 14:09:52.0369 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/01/31 14:09:52.0415 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/31 14:09:52.0540 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/31 14:09:52.0556 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/31 14:09:52.0665 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/31 14:09:52.0727 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/31 14:09:52.0805 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/31 14:09:52.0899 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/31 14:09:53.0289 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/31 14:09:53.0398 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/31 14:09:53.0476 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/31 14:09:53.0648 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/31 14:09:53.0741 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/31 14:09:53.0866 ================================================================================
2011/01/31 14:09:53.0866 Scan finished
2011/01/31 14:09:53.0866 ================================================================================
2011/01/31 14:13:56.0634 Deinitialize success
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 31st, 2011, 3:27 pm

I ran it again and it says that there are no infections. Seems like good news but i'll wait for your confirmation
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware