Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Started with google redirection now no network

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 4:04 am

Ok, so I started out with all links I clicked on from a google search redirecting me (to abnow I think). Unfortunately I wasn't aware of this site, so after attempting to fix (with Kaspersky) and a system restore I now have no wifi connectivity (it stays on "Identifying" with local access only), and no CD drive shown.

Logs below, many thanks for any help


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 10.2.1
Run by Admin at 7:34:43 on 2012-02-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.978 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\lxducoms.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Media Finder] "c:\program files\media finder\MF.exe" /opentotray
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/ms ... b56986.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/Messenger ... E_UNO1.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} - hxxps://south.home-access.co.uk/CACHE/s ... nstweb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://lmpassage3.external.lmco.com/da ... Client.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://new-generation-festival.disneyla ... erFull.exe
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AB682872-103B-4BA6-9875-89098262FF14} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-17 64512]
R0 phmburnr;phmburnr;c:\windows\system32\drivers\phmburnr.sys [2010-6-14 47696]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-7 16184]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-30 242240]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2011-6-21 189888]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2011-6-21 60352]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-9 24576]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-7-3 111616]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 1.1.14.3;c:\windows\system32\drivers\libusb0.sys [2010-6-25 21504]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2011-11-19 16640]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 117584]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 jatmlano;jatmlano;c:\users\dave\appdata\local\temp\jatmlano.sys [2009-1-9 15872]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-17 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-1 38224]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-6-21 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-6-21 11104]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2012-1-31 23608]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-1-31 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-1-31 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-1-31 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-1-31 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-1-31 25704]
.
=============== Created Last 30 ================
.
2012-02-02 01:01:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-01 22:28:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-01 22:28:17 -------- d-----w- c:\programdata\Malwarebytes
2012-02-01 22:28:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 21:37:16 110080 ----a-r- c:\users\admin\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
2012-02-01 21:37:16 110080 ----a-r- c:\users\admin\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
2012-02-01 21:37:16 110080 ----a-r- c:\users\admin\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
2012-02-01 21:37:08 -------- d-----w- C:\sh4ldr
2012-02-01 21:37:08 -------- d-----w- c:\program files\Enigma Software Group
2012-02-01 21:35:04 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-01 21:34:42 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-02-01 20:57:50 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-02-01 20:57:50 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-02-01 20:55:38 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-01 20:55:38 -------- d-----w- c:\program files\Kaspersky Lab
2012-02-01 20:38:41 -------- d--h--w- C:\kleaner.tmp
2012-02-01 20:38:40 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2012-02-01 17:55:00 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-01 17:22:47 -------- d-----w- c:\users\admin\appdata\roaming\Media Finder
2012-02-01 17:04:28 -------- d-----w- c:\program files\WinCDEmu
2012-02-01 16:04:33 -------- d-----w- c:\program files\ZTekWare
2012-02-01 10:26:12 -------- d-----w- c:\program files\Alcohol Soft
2012-02-01 10:17:50 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-01 00:30:38 -------- d-----w- c:\program files\Phantombility
2012-02-01 00:21:58 -------- d-----w- c:\program files\freac
2012-02-01 00:07:19 -------- d-----w- c:\users\admin\appdata\roaming\DVDVideoSoft
2012-02-01 00:07:14 -------- d-----w- c:\program files\DVDVideoSoft
2012-02-01 00:07:14 -------- d-----w- c:\program files\common files\DVDVideoSoft
2012-01-31 23:29:41 -------- d-----w- c:\program files\Efficient WMA MP3 Converter
2012-01-31 22:39:49 -------- d-----w- c:\users\admin\appdata\roaming\iSkysoft Video Converter Ultimate
2012-01-31 22:33:24 -------- d-----w- C:\ffmpeg
2012-01-31 21:39:36 -------- d-----w- c:\program files\VideoLAN
2012-01-31 18:23:13 -------- d-----w- C:\Temp
2012-01-31 18:19:36 -------- d-----w- c:\program files\KernSafe
2012-01-31 18:05:30 23608 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2012-01-31 17:49:51 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-01-31 17:48:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-01-31 17:47:59 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-01-31 17:46:58 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-01-31 17:45:51 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-01-31 17:45:30 -------- d-----w- c:\program files\Aimersoft
2012-01-30 23:54:22 -------- d-----w- c:\program files\MagicISO
2012-01-30 23:39:05 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-30 23:38:48 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-01-30 23:38:26 -------- d-----w- c:\users\admin\appdata\roaming\DAEMON Tools Lite
2012-01-30 23:38:23 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-01-30 23:31:16 -------- d-----w- c:\program files\Nero
2012-01-30 23:28:58 -------- d-----w- c:\programdata\Nero
2012-01-30 23:11:07 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-01-30 23:11:06 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-01-30 23:11:06 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-01-30 23:11:05 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-01-30 23:11:04 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-01-30 22:59:50 -------- d-----w- c:\program files\Exact Audio Copy
2012-01-30 22:52:36 24576 ------w- c:\windows\system32\msxml3a.dll
2012-01-30 22:52:17 -------- d-----w- c:\program files\Audible
2012-01-26 23:31:11 -------- d-----w- c:\users\admin\appdata\roaming\DVDFab
2012-01-26 23:26:09 -------- d-----w- C:\go ski
2012-01-26 22:38:30 -------- d-----w- c:\users\admin\appdata\roaming\avidemux
2012-01-26 22:38:09 -------- d-----w- c:\program files\Avidemux 2.5
2012-01-26 22:28:32 -------- d-----w- c:\program files\YAMB
2012-01-18 16:04:13 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 16:04:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-18 16:04:12 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 16:04:12 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 16:04:12 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 16:04:12 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-17 23:54:01 -------- d-----w- c:\programdata\dvdfab
2012-01-17 23:53:22 -------- d-----w- c:\program files\DVDFab 8 Qt
2012-01-14 19:49:18 -------- d-----w- c:\users\admin\appdata\roaming\Digiarty
2012-01-14 19:42:01 -------- d-----w- c:\program files\Plato DVD Ripper Professional
2012-01-14 19:16:04 -------- d-----w- C:\Coupling series 2
2012-01-11 16:55:58 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 16:55:47 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 16:55:47 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 16:55:38 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:55:29 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:55:21 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 16:55:00 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:54:57 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-09 23:12:06 -------- d-----w- C:\adb
2012-01-03 08:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 23:12:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-26 20:56:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-26 20:56:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 12:02:21 39016 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-11-08 19:56:10 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-11-08 19:56:06 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 7:41:08.83 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Installed Programs ======================
.
Acrobat.com
Acronis Migrate Easy
Ad-Aware
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
Aleesoft Free iPad Video Converter 2.5.71
Android SDK Tools
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avidemux 2.5 (32-bit)
Belarc Advisor 7.2
Bing Maps 3D
Bonjour
Burnout(TM) Paradise The Ultimate Box
CardRecovery 5.30
CloneDVDmobile
DAEMON Tools Lite
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
Dell Resource CD
Dell Webcam Center
Dell Webcam Manager
Direct MP3 Joiner version 3.0.2.9
DivX Setup
DriveImage XML (Private Edition)
DVD Shrink 3.2
DVDFab 8.1.5.6 (17/01/2012) Qt
DX-Ball 1.09
Efficient WMA MP3 Converter version 0.99.9.1
eSupport UndeletePlus 3.0.2.406
Exact Audio Copy 1.0beta3
Ext2 IFS 1.11a for Windows Vista/2008
FiatECUScan
Free Audio Converter version 5.0.4.1228
Freemake Video Converter version 2.3.2
Garmin POI Loader
Geoff Hamilton's 3D Garden Designer
Google Earth
Google SketchUp 8
Google Update Helper
Google Updater
HandBrake 0.9.5
High-Definition Video Playback
Hornby Virtual Railway 2 v1.06
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC Driver Installer
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 7 Update 2
Java(TM) SE Development Kit 6 Update 23
Java(TM) SE Development Kit 7 Update 2
JavaFX 2.0.2
JavaFX 2.0.2 SDK
Juniper Networks Setup Client
Juniper Terminal Services Client
Kaspersky Internet Security 2012
Laptop Integrated Webcam Driver (1.04.01.1011)
LG PC Suite II
LibUSB-Win32-1.1.14.3
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MiniTool Partition Wizard Home Edition 6.0
MiniTool Power Data Recovery
Mp3tag v2.49
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NCH Toolbox
Nero 11 Kwik Themes Basic
Nero Audio Pack 1
Nero Core Components 11
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Update
nero.prerequisites.msi
NirSoft BlueScreenView
Plato DVD Ripper Professional 6.66.14
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RollerCoaster Tycoon 2
Search Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
SimCity 2000® Special Edition
Slice Audio File Splitter
Smart Defrag 2
SpeedFan (remove only)
SpyHunter
System Requirements Lab
The Simpsons Hit & Run(TM)
The Sims™ 3
Theseus and the Minotaur
Total Immersion D'Fusion @Home Web Plug-In
TreeSize Free V2.5
Undeleter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VLC media player 1.1.11
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
WinUAE 2.3.2
WinX DVD Ripper 5.5.3
WinX Free DVD Ripper 4.5.14
Xirrus Wi-Fi Inspector
Xvid 1.2.2 final uninstall
YAMB
.
==== Event Viewer Messages From Past Week ========
.
31/01/2012 22:07:25, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
31/01/2012 22:00:17, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KScsiPrt
31/01/2012 21:58:45, Error: EventLog [6008] - The previous system shutdown at 21:56:55 on 31/01/2012 was unexpected.
31/01/2012 17:11:21, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Laptop\Ben SID (S-1-5-21-2538719701-67948745-70993998-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
30/01/2012 19:20:46, Error: bowser [8003] - The master browser has received a server announcement from the computer BEN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AB682872-103B-4BA6-9875-89098262FF1. The master browser is stopping or an election is being forced.
30/01/2012 19:13:15, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
26/01/2012 21:04:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
26/01/2012 21:04:44, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 21:04:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
26/01/2012 20:51:08, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
26/01/2012 20:46:30, Error: EventLog [6008] - The previous system shutdown at 20:43:03 on 26/01/2012 was unexpected.
26/01/2012 15:46:54, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001F3C2E60F2. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
02/02/2012 07:34:46, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
02/02/2012 07:30:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom OCDE tdx tpcdrdrv
02/02/2012 07:30:18, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
02/02/2012 07:30:18, Error: Service Control Manager [7023] - The Amfilter service terminated with the following error: Amfilter is not a valid Win32 application.
02/02/2012 07:30:18, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
02/02/2012 07:30:18, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
02/02/2012 07:30:18, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 07:30:18, Error: Service Control Manager [7001] - The DHCP Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 07:30:18, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02/02/2012 01:14:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC kl2 KLIF KLIM6 NetBIOS netbt nsiproxy OCDE PSched RasAcd rdbss Smb spldr sptd tdx tpcdrdrv Wanarpv6
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/02/2012 01:14:13, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
02/02/2012 01:14:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/02/2012 01:13:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/02/2012 01:13:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/02/2012 01:13:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
02/02/2012 01:13:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/02/2012 01:13:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/02/2012 01:12:53, Error: EventLog [6008] - The previous system shutdown at 01:10:37 on 02/02/2012 was unexpected.
02/02/2012 01:12:11, Error: sptd [4] - Driver detected an internal error in its data structures for .
02/02/2012 00:19:24, Error: EventLog [6008] - The previous system shutdown at 00:17:20 on 02/02/2012 was unexpected.
02/02/2012 00:01:46, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "193" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
01/02/2012 23:57:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: OCDE tdx tpcdrdrv
01/02/2012 23:56:51, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
01/02/2012 23:27:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: OCDE tpcdrdrv
01/02/2012 22:22:33, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
01/02/2012 22:22:33, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/02/2012 22:21:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
01/02/2012 22:21:55, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/02/2012 22:21:13, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
01/02/2012 22:03:46, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
01/02/2012 22:03:28, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {6295DF2D-35EE-11D1-8707-00C04FD93327} as /. The error: "5" Happened while starting this command: C:\Windows\System32\mobsync.exe -Embedding
01/02/2012 20:43:54, Error: Service Control Manager [7023] -
01/02/2012 20:33:16, Error: EventLog [6008] - The previous system shutdown at 20:31:29 on 01/02/2012 was unexpected.
01/02/2012 20:19:37, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy OCDE PSched RasAcd rdbss Smb spldr sptd tdx tpcdrdrv Wanarpv6
01/02/2012 20:18:20, Error: EventLog [6008] - The previous system shutdown at 20:13:19 on 01/02/2012 was unexpected.
01/02/2012 20:12:49, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
01/02/2012 16:53:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tpcdrdrv
01/02/2012 16:47:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx tpcdrdrv Wanarpv6
01/02/2012 16:47:15, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
01/02/2012 16:46:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
01/02/2012 16:25:15, Error: EventLog [6008] - The previous system shutdown at 16:23:26 on 01/02/2012 was unexpected.
.
==== End Of File ===========================
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am
Advertisement
Register to Remove

Re: Started with google redirection now no network

Unread postby Gary R » February 2nd, 2012, 6:46 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Started with google redirection now no network

Unread postby Gary R » February 2nd, 2012, 6:48 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Your DDS logs show that you have a Zero Access rootkit infection. This infection has remote access capabilitities.

You should do the following ....

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, and financial institutions. Inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer, because the attacker will get the new passwords and transaction information.

If you use your computer for online banking, you should seriously consider reformatting your hard drive and reinstalling Windows

Some versions of this infection are extremely difficult to remove, and if you opt for us to clean your computer there is a possibility that you may lose connection to the internet, in which case you'll need to have access to another computer so you can contact us. We will of course attempt to resolve the connection issues if they happen, but I can give no guarantee that you may not have to reformat after all.

If you decide to attempt a clean up, please do the following .....

First

If you haven't already done so, back up your personal files and folders to some external device.

Next

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 7:45 am

Hi,
Huge thanks for the help. Unfortunately I'm having an issue with running combofix - it reports Microsoft security essentials as being active (both antivirus and antispyware). However these were allegedly removed when kaspersky was installed so I have no way of disabling them, any suggestions?
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby Gary R » February 2nd, 2012, 8:07 am

Try following the instructions for removing MSE under "Fix it for me" on this webpage .... http://blogs.msdn.com/b/securitytipstal ... tials.aspx
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 8:47 am

Thanks, I tried that, but can't be sure if it worked or not as the combofix dialogue showing MSE was still on screen (but that may have still been reporting from before the fix was run).
Anyway, I let combofix run and as expected it reported z-access. It then rebooted and popped up a blue administrator window on startup, which got populated with several (approx 8-10) messages saying "system cannot execute the specified program".
Eventually when the system was back up and running I had no text output and no C:\combofix.txt file.
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby Gary R » February 2nd, 2012, 11:18 am

OK, please try the following for me ....

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • IF IT FINDS ANYTHING, DO NOT TRY TO FIX IT AT THIS POINT
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 11:36 am

Results of TDSSKiller:

15:22:49.0250 0328 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
15:22:49.0312 0328 ============================================================
15:22:49.0312 0328 Current date / time: 2012/02/02 15:22:49.0312
15:22:49.0312 0328 SystemInfo:
15:22:49.0312 0328
15:22:49.0312 0328 OS Version: 6.0.6002 ServicePack: 2.0
15:22:49.0312 0328 Product type: Workstation
15:22:49.0312 0328 ComputerName: LAPTOP
15:22:49.0328 0328 UserName: Admin
15:22:49.0328 0328 Windows directory: C:\Windows
15:22:49.0328 0328 System windows directory: C:\Windows
15:22:49.0328 0328 Processor architecture: Intel x86
15:22:49.0328 0328 Number of processors: 2
15:22:49.0328 0328 Page size: 0x1000
15:22:49.0328 0328 Boot type: Normal boot
15:22:49.0328 0328 ============================================================
15:22:51.0527 0328 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:22:51.0527 0328 \Device\Harddisk0\DR0:
15:22:51.0527 0328 MBR used
15:22:51.0527 0328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
15:22:51.0558 0328 Initialize success
15:22:51.0558 0328 ============================================================
15:23:00.0747 3056 ============================================================
15:23:00.0747 3056 Scan started
15:23:00.0747 3056 Mode: Manual;
15:23:00.0747 3056 ============================================================
15:23:02.0385 3056 .cdrom - ok
15:23:02.0588 3056 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:23:02.0588 3056 ACPI - ok
15:23:02.0681 3056 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:23:02.0697 3056 adp94xx - ok
15:23:02.0728 3056 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:23:02.0744 3056 adpahci - ok
15:23:02.0759 3056 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:23:02.0759 3056 adpu160m - ok
15:23:02.0790 3056 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:23:02.0790 3056 adpu320 - ok
15:23:02.0900 3056 AFD (5cc6170fd1149ca647145ed166938195) C:\Windows\system32\drivers\afd.sys
15:23:02.0900 3056 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 5cc6170fd1149ca647145ed166938195, Fake md5: 3911b972b55fea0478476b2e777b29fa
15:23:02.0900 3056 AFD ( Virus.Win32.ZAccess.c ) - infected
15:23:02.0900 3056 AFD - detected Virus.Win32.ZAccess.c (0)
15:23:02.0946 3056 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:23:02.0946 3056 agp440 - ok
15:23:02.0962 3056 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:23:02.0962 3056 aic78xx - ok
15:23:03.0009 3056 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
15:23:03.0009 3056 aliide - ok
15:23:03.0040 3056 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:23:03.0040 3056 amdagp - ok
15:23:03.0056 3056 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
15:23:03.0056 3056 amdide - ok
15:23:03.0087 3056 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:23:03.0087 3056 AmdK7 - ok
15:23:03.0118 3056 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:23:03.0118 3056 AmdK8 - ok
15:23:03.0165 3056 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:23:03.0165 3056 arc - ok
15:23:03.0180 3056 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:23:03.0180 3056 arcsas - ok
15:23:03.0258 3056 AsAudioDevice_349 (85ece26f326c2d07ba77a60343468272) C:\Windows\system32\drivers\AsAudioDevice_349.sys
15:23:03.0258 3056 AsAudioDevice_349 - ok
15:23:03.0336 3056 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:23:03.0336 3056 AsyncMac - ok
15:23:03.0352 3056 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:23:03.0352 3056 atapi - ok
15:23:03.0399 3056 BazisVirtualCDBus (a2ecece11639fea1ccb66d853451f7e2) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
15:23:03.0414 3056 BazisVirtualCDBus - ok
15:23:03.0446 3056 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:23:03.0446 3056 Beep - ok
15:23:03.0477 3056 blbdrive - ok
15:23:03.0524 3056 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:23:03.0539 3056 bowser - ok
15:23:03.0555 3056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:23:03.0555 3056 BrFiltLo - ok
15:23:03.0570 3056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:23:03.0570 3056 BrFiltUp - ok
15:23:03.0586 3056 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:23:03.0586 3056 Brserid - ok
15:23:03.0648 3056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:23:03.0664 3056 BrSerWdm - ok
15:23:03.0664 3056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:23:03.0664 3056 BrUsbMdm - ok
15:23:03.0680 3056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:23:03.0695 3056 BrUsbSer - ok
15:23:03.0742 3056 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
15:23:03.0742 3056 BthEnum - ok
15:23:03.0758 3056 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:23:03.0758 3056 BTHMODEM - ok
15:23:03.0789 3056 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
15:23:03.0789 3056 BthPan - ok
15:23:03.0851 3056 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
15:23:03.0867 3056 BTHPORT - ok
15:23:03.0960 3056 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
15:23:03.0960 3056 BTHUSB - ok
15:23:04.0038 3056 catchme - ok
15:23:04.0085 3056 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:23:04.0085 3056 cdfs - ok
15:23:04.0101 3056 cdrom - ok
15:23:04.0132 3056 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:23:04.0132 3056 circlass - ok
15:23:04.0179 3056 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:23:04.0179 3056 CLFS - ok
15:23:04.0257 3056 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:23:04.0257 3056 CmBatt - ok
15:23:04.0288 3056 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
15:23:04.0304 3056 cmdide - ok
15:23:04.0319 3056 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:23:04.0319 3056 Compbatt - ok
15:23:04.0350 3056 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:23:04.0350 3056 crcdisk - ok
15:23:04.0366 3056 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:23:04.0366 3056 Crusoe - ok
15:23:04.0553 3056 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:23:04.0616 3056 DfsC - ok
15:23:04.0818 3056 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:23:04.0818 3056 disk - ok
15:23:04.0865 3056 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:23:04.0865 3056 drmkaud - ok
15:23:04.0959 3056 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:23:04.0959 3056 dtsoftbus01 - ok
15:23:05.0021 3056 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:23:05.0037 3056 DXGKrnl - ok
15:23:05.0052 3056 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:23:05.0052 3056 E1G60 - ok
15:23:05.0099 3056 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:23:05.0099 3056 Ecache - ok
15:23:05.0146 3056 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:23:05.0146 3056 elxstor - ok
15:23:05.0208 3056 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:23:05.0208 3056 exfat - ok
15:23:05.0286 3056 Ext2fs (920ae11441c78c00c6cf084993c817f8) C:\Windows\system32\DRIVERS\ext2fs.sys
15:23:05.0286 3056 Ext2fs - ok
15:23:05.0333 3056 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:23:05.0333 3056 fastfat - ok
15:23:05.0364 3056 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:23:05.0364 3056 fdc - ok
15:23:05.0396 3056 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:23:05.0411 3056 FileInfo - ok
15:23:05.0442 3056 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:23:05.0442 3056 Filetrace - ok
15:23:05.0458 3056 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:23:05.0474 3056 flpydisk - ok
15:23:05.0505 3056 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:23:05.0520 3056 FltMgr - ok
15:23:05.0536 3056 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:23:05.0536 3056 Fs_Rec - ok
15:23:05.0567 3056 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:23:05.0567 3056 gagp30kx - ok
15:23:05.0598 3056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:23:05.0645 3056 GEARAspiWDM - ok
15:23:05.0708 3056 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
15:23:05.0708 3056 giveio - ok
15:23:05.0832 3056 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:23:05.0832 3056 HdAudAddService - ok
15:23:05.0864 3056 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:23:05.0879 3056 HDAudBus - ok
15:23:05.0910 3056 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:23:05.0910 3056 HidBth - ok
15:23:05.0942 3056 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:23:05.0942 3056 HidIr - ok
15:23:05.0973 3056 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:23:05.0973 3056 HidUsb - ok
15:23:06.0004 3056 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:23:06.0004 3056 HpCISSs - ok
15:23:06.0051 3056 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:23:06.0066 3056 HSFHWAZL - ok
15:23:06.0113 3056 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:23:06.0144 3056 HSF_DPV - ok
15:23:06.0191 3056 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:23:06.0191 3056 HTCAND32 - ok
15:23:06.0300 3056 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
15:23:06.0300 3056 htcnprot - ok
15:23:06.0363 3056 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:23:06.0378 3056 HTTP - ok
15:23:06.0394 3056 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:23:06.0394 3056 i2omp - ok
15:23:06.0456 3056 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:23:06.0472 3056 i8042prt - ok
15:23:06.0612 3056 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:23:06.0628 3056 iaStorV - ok
15:23:06.0659 3056 IfsMount - ok
15:23:06.0784 3056 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:23:06.0846 3056 igfx - ok
15:23:06.0893 3056 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:23:06.0893 3056 iirsp - ok
15:23:07.0018 3056 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
15:23:07.0018 3056 IntcHdmiAddService - ok
15:23:07.0065 3056 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:23:07.0065 3056 intelide - ok
15:23:07.0112 3056 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:23:07.0112 3056 intelppm - ok
15:23:07.0190 3056 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:23:07.0190 3056 IpFilterDriver - ok
15:23:07.0205 3056 IpInIp - ok
15:23:07.0236 3056 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:23:07.0236 3056 IPMIDRV - ok
15:23:07.0268 3056 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:23:07.0268 3056 IPNAT - ok
15:23:07.0330 3056 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:23:07.0330 3056 IRENUM - ok
15:23:07.0361 3056 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:23:07.0377 3056 isapnp - ok
15:23:07.0408 3056 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:23:07.0408 3056 iScsiPrt - ok
15:23:07.0439 3056 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:23:07.0439 3056 iteatapi - ok
15:23:07.0455 3056 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:23:07.0455 3056 iteraid - ok
15:23:07.0533 3056 jatmlano (5012f080fccf701e2cd6b045ac7814d9) C:\Users\Dave\AppData\Local\Temp\jatmlano.sys
15:23:07.0533 3056 jatmlano - ok
15:23:07.0580 3056 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:23:07.0580 3056 kbdclass - ok
15:23:07.0626 3056 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:23:07.0626 3056 kbdhid - ok
15:23:07.0704 3056 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
15:23:07.0704 3056 KL1 - ok
15:23:07.0736 3056 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
15:23:07.0736 3056 kl2 - ok
15:23:07.0798 3056 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
15:23:07.0814 3056 KLIF - ok
15:23:07.0876 3056 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
15:23:07.0876 3056 KLIM6 - ok
15:23:07.0907 3056 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
15:23:07.0907 3056 klmouflt - ok
15:23:07.0985 3056 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:23:07.0985 3056 KSecDD - ok
15:23:08.0110 3056 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:23:08.0110 3056 Lavasoft Kernexplorer - ok
15:23:08.0141 3056 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
15:23:08.0141 3056 Lbd - ok
15:23:08.0188 3056 libusb0 (9ca5457634090eb1f2923f40eac4b6df) C:\Windows\system32\drivers\libusb0.sys
15:23:08.0188 3056 libusb0 - ok
15:23:08.0204 3056 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:23:08.0204 3056 lltdio - ok
15:23:08.0235 3056 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:23:08.0235 3056 LSI_FC - ok
15:23:08.0250 3056 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:23:08.0250 3056 LSI_SAS - ok
15:23:08.0297 3056 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:23:08.0297 3056 LSI_SCSI - ok
15:23:08.0375 3056 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:23:08.0375 3056 luafv - ok
15:23:08.0469 3056 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\Windows\system32\drivers\mbamswissarmy.sys
15:23:08.0469 3056 MBAMSwissArmy - ok
15:23:08.0516 3056 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:23:08.0516 3056 megasas - ok
15:23:08.0578 3056 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:23:08.0578 3056 Modem - ok
15:23:08.0625 3056 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:23:08.0625 3056 monitor - ok
15:23:08.0672 3056 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:23:08.0672 3056 mouclass - ok
15:23:08.0703 3056 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:23:08.0703 3056 mouhid - ok
15:23:08.0765 3056 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:23:08.0765 3056 MountMgr - ok
15:23:08.0828 3056 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:23:08.0843 3056 mpio - ok
15:23:08.0859 3056 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:23:08.0859 3056 mpsdrv - ok
15:23:08.0890 3056 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:23:08.0890 3056 Mraid35x - ok
15:23:08.0937 3056 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:23:08.0937 3056 MRxDAV - ok
15:23:08.0984 3056 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:23:08.0984 3056 mrxsmb - ok
15:23:09.0046 3056 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:23:09.0062 3056 mrxsmb10 - ok
15:23:09.0077 3056 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:23:09.0093 3056 mrxsmb20 - ok
15:23:09.0124 3056 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:23:09.0124 3056 msahci - ok
15:23:09.0155 3056 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:23:09.0155 3056 msdsm - ok
15:23:09.0233 3056 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:23:09.0233 3056 Msfs - ok
15:23:09.0280 3056 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:23:09.0280 3056 msisadrv - ok
15:23:09.0327 3056 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:23:09.0327 3056 MSKSSRV - ok
15:23:09.0374 3056 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:23:09.0374 3056 MSPCLOCK - ok
15:23:09.0420 3056 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:23:09.0420 3056 MSPQM - ok
15:23:09.0452 3056 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:23:09.0452 3056 MsRPC - ok
15:23:09.0483 3056 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:23:09.0483 3056 mssmbios - ok
15:23:09.0514 3056 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:23:09.0514 3056 MSTEE - ok
15:23:09.0530 3056 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:23:09.0545 3056 Mup - ok
15:23:09.0608 3056 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:23:09.0608 3056 NativeWifiP - ok
15:23:09.0654 3056 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:23:09.0670 3056 NDIS - ok
15:23:09.0748 3056 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:23:09.0748 3056 NdisTapi - ok
15:23:09.0779 3056 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:23:09.0779 3056 Ndisuio - ok
15:23:09.0966 3056 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:23:10.0029 3056 NdisWan - ok
15:23:10.0122 3056 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:23:10.0122 3056 NDProxy - ok
15:23:10.0154 3056 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:23:10.0154 3056 NetBIOS - ok
15:23:10.0200 3056 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:23:10.0200 3056 netbt - ok
15:23:10.0310 3056 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:23:10.0372 3056 NETw3v32 - ok
15:23:10.0419 3056 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:23:10.0419 3056 nfrd960 - ok
15:23:10.0434 3056 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:23:10.0450 3056 Npfs - ok
15:23:10.0481 3056 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:23:10.0481 3056 nsiproxy - ok
15:23:10.0544 3056 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:23:10.0575 3056 Ntfs - ok
15:23:10.0606 3056 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:23:10.0606 3056 ntrigdigi - ok
15:23:10.0637 3056 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:23:10.0637 3056 Null - ok
15:23:10.0668 3056 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
15:23:10.0668 3056 nvraid - ok
15:23:10.0684 3056 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
15:23:10.0700 3056 nvstor - ok
15:23:10.0762 3056 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:23:10.0762 3056 nv_agp - ok
15:23:10.0778 3056 NwlnkFlt - ok
15:23:10.0793 3056 NwlnkFwd - ok
15:23:10.0809 3056 OCDE - ok
15:23:10.0871 3056 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
15:23:10.0871 3056 OEM02Dev - ok
15:23:10.0887 3056 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
15:23:10.0887 3056 OEM02Vfx - ok
15:23:10.0949 3056 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:23:10.0949 3056 ohci1394 - ok
15:23:10.0996 3056 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:23:11.0012 3056 Parport - ok
15:23:11.0043 3056 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:23:11.0043 3056 partmgr - ok
15:23:11.0074 3056 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:23:11.0074 3056 Parvdm - ok
15:23:11.0121 3056 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:23:11.0121 3056 pci - ok
15:23:11.0136 3056 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
15:23:11.0136 3056 pciide - ok
15:23:11.0168 3056 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:23:11.0183 3056 pcmcia - ok
15:23:11.0230 3056 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:23:11.0261 3056 PEAUTH - ok
15:23:11.0324 3056 phmburnr (2d68e43d19682fcb8cf0358b3bd5e7fe) C:\Windows\system32\DRIVERS\phmburnr.sys
15:23:11.0324 3056 phmburnr - ok
15:23:11.0386 3056 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:23:11.0386 3056 PptpMiniport - ok
15:23:11.0402 3056 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:23:11.0402 3056 Processor - ok
15:23:11.0448 3056 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:23:11.0448 3056 PSched - ok
15:23:11.0495 3056 pwdrvio (31c396331f61990ce235b046a03be0a1) C:\Windows\system32\pwdrvio.sys
15:23:11.0495 3056 pwdrvio - ok
15:23:11.0573 3056 pwdspio (cee974ef297015b9600dcd16a82821b4) C:\Windows\system32\pwdspio.sys
15:23:11.0589 3056 pwdspio - ok
15:23:11.0620 3056 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:23:11.0651 3056 ql2300 - ok
15:23:11.0682 3056 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:23:11.0682 3056 ql40xx - ok
15:23:11.0729 3056 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:23:11.0729 3056 QWAVEdrv - ok
15:23:11.0776 3056 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:23:11.0776 3056 RasAcd - ok
15:23:11.0854 3056 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:23:11.0854 3056 Rasl2tp - ok
15:23:11.0901 3056 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:23:11.0901 3056 RasPppoe - ok
15:23:11.0932 3056 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:23:11.0932 3056 RasSstp - ok
15:23:11.0979 3056 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:23:11.0994 3056 rdbss - ok
15:23:12.0026 3056 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:23:12.0026 3056 RDPCDD - ok
15:23:12.0057 3056 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:23:12.0057 3056 rdpdr - ok
15:23:12.0088 3056 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:23:12.0104 3056 RDPENCDD - ok
15:23:12.0135 3056 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:23:12.0135 3056 RDPWD - ok
15:23:12.0213 3056 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
15:23:12.0213 3056 RFCOMM - ok
15:23:12.0291 3056 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys
15:23:12.0291 3056 rimmptsk - ok
15:23:12.0322 3056 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys
15:23:12.0338 3056 rimsptsk - ok
15:23:12.0369 3056 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:23:12.0369 3056 rismxdp - ok
15:23:12.0416 3056 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:23:12.0416 3056 rspndr - ok
15:23:12.0431 3056 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:23:12.0431 3056 sbp2port - ok
15:23:12.0478 3056 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
15:23:12.0478 3056 sdbus - ok
15:23:12.0509 3056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:23:12.0509 3056 secdrv - ok
15:23:12.0540 3056 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:23:12.0540 3056 Serenum - ok
15:23:12.0572 3056 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:23:12.0572 3056 Serial - ok
15:23:12.0618 3056 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:23:12.0618 3056 sermouse - ok
15:23:12.0665 3056 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
15:23:12.0665 3056 sffdisk - ok
15:23:12.0696 3056 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:23:12.0696 3056 sffp_mmc - ok
15:23:12.0728 3056 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:23:12.0728 3056 sffp_sd - ok
15:23:12.0759 3056 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:23:12.0759 3056 sfloppy - ok
15:23:12.0790 3056 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:23:12.0790 3056 sisagp - ok
15:23:12.0821 3056 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:23:12.0821 3056 SiSRaid2 - ok
15:23:12.0868 3056 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:23:12.0884 3056 SiSRaid4 - ok
15:23:12.0946 3056 SmartDefragDriver (cc48f88fe17bb8e5eb6fa1a8a9477006) C:\Windows\system32\Drivers\SmartDefragDriver.sys
15:23:12.0946 3056 SmartDefragDriver - ok
15:23:12.0962 3056 Smb - ok
15:23:13.0024 3056 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
15:23:13.0024 3056 snapman - ok
15:23:13.0086 3056 SndTAudio (58f25291031de092c19f0e9320a23296) C:\Windows\system32\drivers\SndTAudio.sys
15:23:13.0086 3056 SndTAudio - ok
15:23:13.0133 3056 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
15:23:13.0133 3056 speedfan - ok
15:23:13.0164 3056 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:23:13.0164 3056 spldr - ok
15:23:13.0242 3056 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys
15:23:13.0242 3056 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
15:23:13.0242 3056 sptd ( LockedFile.Multi.Generic ) - warning
15:23:13.0242 3056 sptd - detected LockedFile.Multi.Generic (1)
15:23:13.0336 3056 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:23:13.0352 3056 srv - ok
15:23:13.0383 3056 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:23:13.0398 3056 srv2 - ok
15:23:13.0445 3056 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:23:13.0445 3056 srvnet - ok
15:23:13.0523 3056 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:23:13.0523 3056 swenum - ok
15:23:13.0554 3056 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:23:13.0554 3056 Symc8xx - ok
15:23:13.0570 3056 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:23:13.0570 3056 Sym_hi - ok
15:23:13.0586 3056 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:23:13.0586 3056 Sym_u3 - ok
15:23:13.0664 3056 tbhsd (d7f411c5af992bb44e86083a6aa7b045) C:\Windows\system32\drivers\tbhsd.sys
15:23:13.0679 3056 tbhsd - ok
15:23:13.0757 3056 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
15:23:13.0804 3056 Tcpip - ok
15:23:13.0835 3056 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
15:23:13.0851 3056 Tcpip6 - ok
15:23:13.0913 3056 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
15:23:13.0913 3056 tcpipreg - ok
15:23:13.0960 3056 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:23:13.0960 3056 TDPIPE - ok
15:23:13.0991 3056 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:23:13.0991 3056 TDTCP - ok
15:23:14.0007 3056 tdx - ok
15:23:14.0054 3056 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:23:14.0054 3056 TermDD - ok
15:23:14.0085 3056 tpcdrdrv - ok
15:23:14.0147 3056 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:23:14.0147 3056 tssecsrv - ok
15:23:14.0194 3056 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:23:14.0194 3056 tunmp - ok
15:23:14.0241 3056 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:23:14.0241 3056 tunnel - ok
15:23:14.0256 3056 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:23:14.0272 3056 uagp35 - ok
15:23:14.0319 3056 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:23:14.0334 3056 udfs - ok
15:23:14.0381 3056 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:23:14.0381 3056 uliagpkx - ok
15:23:14.0412 3056 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:23:14.0412 3056 uliahci - ok
15:23:14.0428 3056 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:23:14.0444 3056 UlSata - ok
15:23:14.0475 3056 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:23:14.0475 3056 ulsata2 - ok
15:23:14.0506 3056 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:23:14.0522 3056 umbus - ok
15:23:14.0568 3056 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
15:23:14.0568 3056 USBAAPL - ok
15:23:14.0631 3056 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:23:14.0631 3056 usbccgp - ok
15:23:14.0678 3056 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:23:14.0678 3056 usbcir - ok
15:23:14.0756 3056 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:23:14.0771 3056 usbehci - ok
15:23:14.0865 3056 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:23:14.0865 3056 usbhub - ok
15:23:14.0896 3056 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:23:14.0896 3056 usbohci - ok
15:23:14.0958 3056 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:23:14.0958 3056 usbprint - ok
15:23:15.0036 3056 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:23:15.0036 3056 USBSTOR - ok
15:23:15.0083 3056 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:23:15.0114 3056 usbuhci - ok
15:23:15.0161 3056 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
15:23:15.0161 3056 usbvideo - ok
15:23:15.0208 3056 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:23:15.0208 3056 vga - ok
15:23:15.0255 3056 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:23:15.0255 3056 VgaSave - ok
15:23:15.0286 3056 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:23:15.0302 3056 viaagp - ok
15:23:15.0317 3056 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:23:15.0317 3056 ViaC7 - ok
15:23:15.0364 3056 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
15:23:15.0364 3056 viaide - ok
15:23:15.0395 3056 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:23:15.0395 3056 volmgr - ok
15:23:15.0442 3056 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:23:15.0442 3056 volmgrx - ok
15:23:15.0473 3056 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:23:15.0473 3056 volsnap - ok
15:23:15.0504 3056 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:23:15.0504 3056 vsmraid - ok
15:23:15.0536 3056 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:23:15.0551 3056 WacomPen - ok
15:23:15.0582 3056 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:23:15.0598 3056 Wanarp - ok
15:23:15.0614 3056 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:23:15.0614 3056 Wanarpv6 - ok
15:23:15.0645 3056 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:23:15.0645 3056 Wd - ok
15:23:15.0692 3056 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:23:15.0707 3056 Wdf01000 - ok
15:23:15.0770 3056 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:23:15.0785 3056 winachsf - ok
15:23:15.0863 3056 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
15:23:15.0863 3056 WinUSB - ok
15:23:15.0894 3056 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:23:15.0894 3056 WmiAcpi - ok
15:23:15.0957 3056 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:23:15.0957 3056 WpdUsb - ok
15:23:16.0004 3056 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:23:16.0004 3056 ws2ifsl - ok
15:23:16.0066 3056 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
15:23:16.0066 3056 WsAudio_DeviceS(1) - ok
15:23:16.0113 3056 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
15:23:16.0128 3056 WsAudio_DeviceS(2) - ok
15:23:16.0144 3056 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
15:23:16.0144 3056 WsAudio_DeviceS(3) - ok
15:23:16.0206 3056 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
15:23:16.0206 3056 WsAudio_DeviceS(4) - ok
15:23:16.0238 3056 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
15:23:16.0238 3056 WsAudio_DeviceS(5) - ok
15:23:16.0300 3056 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:23:16.0300 3056 WUDFRd - ok
15:23:16.0362 3056 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
15:23:16.0378 3056 yukonwlh - ok
15:23:16.0409 3056 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:23:16.0456 3056 \Device\Harddisk0\DR0 - ok
15:23:16.0456 3056 Boot (0x1200) (ec9581a9fac5af6c461446a739dc23ca) \Device\Harddisk0\DR0\Partition0
15:23:16.0456 3056 \Device\Harddisk0\DR0\Partition0 - ok
15:23:16.0456 3056 ============================================================
15:23:16.0456 3056 Scan finished
15:23:16.0456 3056 ============================================================
15:23:16.0472 3544 Detected object count: 2
15:23:16.0472 3544 Actual detected object count: 2
15:23:34.0146 3544 AFD ( Virus.Win32.ZAccess.c ) - skipped by user
15:23:34.0146 3544 AFD ( Virus.Win32.ZAccess.c ) - User select action: Skip
15:23:34.0146 3544 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:23:34.0146 3544 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:24:38.0200 2376 Deinitialize success
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby Gary R » February 2nd, 2012, 12:05 pm

OK, looks like your infection is still present.

I need you to do the following in the order given ....

First

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Into the Search box type AFD.sys
  • Click Search Files
  • FSS will run a scan, and when finished a log will open.
  • Please post me the log.

Next

  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished a list of detected items should be displayed.
  • Check to make sure the Cure option is selected in the drop down options. If cure is not available DO NOT select either Delete or Quarantine, just select Skip and let me know.
  • Please click on Continue
  • TDSSKiller will now attempt to clean the infection from your computer.
  • It will now ask for a reboot to complete the process, please click on Reboot now
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller.2.4.0.0_DD.MM.YYYY_HH.MM.SS_log.txt (where DD.MM.YYYY_HH.MM.SS are the date and time the tool was run)
  • Post the contents in your next reply please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 12:31 pm

FSS log:

Farbar Service Scanner Version: 01-02-2012 03
Ran by Admin (administrator) on 02-02-2012 at 16:16:47
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

************************************************
======== Search: "afd.sys" =========

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2011-06-16 15:22] - [2011-04-21 13:28] - 0273920 ____A (Microsoft Corporation) 70EE0FC7A0F384DBD929A01384AEEB4B

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011-06-16 15:22] - [2011-04-21 13:58] - 0273408 ____A (Microsoft Corporation) 3911B972B55FEA0478476B2E777B29FA

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2009-08-22 12:00] - [2009-04-11 04:47] - 0273920 ____A (Microsoft Corporation) A201207363AA900ABF1A388468688570

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
[2011-06-16 15:22] - [2011-04-21 13:12] - 0273920 ____A (Microsoft Corporation) C8AF25017CECB75906A571AC70D2D306

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011-06-16 15:22] - [2011-04-21 13:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009-05-29 10:28] - [2008-01-19 05:57] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2006-11-02 08:58] - [2006-11-02 08:58] - 0270336 ____A (Microsoft Corporation) 5D24CAF8EFD924A875698FF28384DB8B

C:\Windows\System32\drivers\afd.sys
[2011-06-16 15:22] - [2011-04-21 13:58] - 0273408 ____A (Microsoft Corporation) 3911B972B55FEA0478476B2E777B29FA

====== End Of Search ======

TDSSKiller log in next post...
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 12:31 pm

TDSSKiller log:

16:21:13.0006 2680 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
16:21:13.0068 2680 ============================================================
16:21:13.0068 2680 Current date / time: 2012/02/02 16:21:13.0068
16:21:13.0068 2680 SystemInfo:
16:21:13.0068 2680
16:21:13.0068 2680 OS Version: 6.0.6002 ServicePack: 2.0
16:21:13.0068 2680 Product type: Workstation
16:21:13.0068 2680 ComputerName: LAPTOP
16:21:13.0068 2680 UserName: Admin
16:21:13.0068 2680 Windows directory: C:\Windows
16:21:13.0068 2680 System windows directory: C:\Windows
16:21:13.0068 2680 Processor architecture: Intel x86
16:21:13.0068 2680 Number of processors: 2
16:21:13.0068 2680 Page size: 0x1000
16:21:13.0068 2680 Boot type: Normal boot
16:21:13.0068 2680 ============================================================
16:21:15.0361 2680 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:21:15.0377 2680 Drive \Device\Harddisk1\DR6 - Size: 0x3BC000000 (14.94 Gb), SectorSize: 0x200, Cylinders: 0x79D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:21:15.0377 2680 \Device\Harddisk0\DR0:
16:21:15.0377 2680 MBR used
16:21:15.0377 2680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
16:21:15.0377 2680 \Device\Harddisk1\DR6:
16:21:15.0377 2680 MBR used
16:21:15.0377 2680 \Device\Harddisk1\DR6\Partition0: MBR, Type 0xC, StartLBA 0x1, BlocksNum 0x1CEBD9B
16:21:15.0393 2680 Initialize success
16:21:15.0393 2680 ============================================================
16:21:17.0514 2388 ============================================================
16:21:17.0514 2388 Scan started
16:21:17.0514 2388 Mode: Manual;
16:21:17.0514 2388 ============================================================
16:21:19.0854 2388 .cdrom - ok
16:21:20.0135 2388 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:21:20.0135 2388 ACPI - ok
16:21:20.0197 2388 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:21:20.0197 2388 adp94xx - ok
16:21:20.0229 2388 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:21:20.0229 2388 adpahci - ok
16:21:20.0244 2388 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:21:20.0244 2388 adpu160m - ok
16:21:20.0275 2388 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:21:20.0275 2388 adpu320 - ok
16:21:20.0338 2388 AFD (5cc6170fd1149ca647145ed166938195) C:\Windows\system32\drivers\afd.sys
16:21:20.0338 2388 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 5cc6170fd1149ca647145ed166938195, Fake md5: 3911b972b55fea0478476b2e777b29fa
16:21:20.0338 2388 AFD ( Virus.Win32.ZAccess.c ) - infected
16:21:20.0338 2388 AFD - detected Virus.Win32.ZAccess.c (0)
16:21:20.0385 2388 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:21:20.0385 2388 agp440 - ok
16:21:20.0400 2388 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:21:20.0400 2388 aic78xx - ok
16:21:20.0431 2388 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
16:21:20.0431 2388 aliide - ok
16:21:20.0463 2388 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:21:20.0463 2388 amdagp - ok
16:21:20.0494 2388 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
16:21:20.0494 2388 amdide - ok
16:21:20.0525 2388 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:21:20.0525 2388 AmdK7 - ok
16:21:20.0541 2388 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:21:20.0541 2388 AmdK8 - ok
16:21:20.0603 2388 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:21:20.0603 2388 arc - ok
16:21:20.0619 2388 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:21:20.0619 2388 arcsas - ok
16:21:20.0697 2388 AsAudioDevice_349 (85ece26f326c2d07ba77a60343468272) C:\Windows\system32\drivers\AsAudioDevice_349.sys
16:21:20.0697 2388 AsAudioDevice_349 - ok
16:21:20.0790 2388 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:21:20.0790 2388 AsyncMac - ok
16:21:20.0821 2388 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:21:20.0821 2388 atapi - ok
16:21:20.0868 2388 BazisVirtualCDBus (a2ecece11639fea1ccb66d853451f7e2) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
16:21:20.0868 2388 BazisVirtualCDBus - ok
16:21:20.0946 2388 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:21:20.0946 2388 Beep - ok
16:21:21.0009 2388 blbdrive - ok
16:21:21.0071 2388 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:21:21.0071 2388 bowser - ok
16:21:21.0087 2388 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:21:21.0087 2388 BrFiltLo - ok
16:21:21.0102 2388 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:21:21.0102 2388 BrFiltUp - ok
16:21:21.0133 2388 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:21:21.0133 2388 Brserid - ok
16:21:21.0165 2388 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:21:21.0165 2388 BrSerWdm - ok
16:21:21.0180 2388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:21:21.0180 2388 BrUsbMdm - ok
16:21:21.0196 2388 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:21:21.0196 2388 BrUsbSer - ok
16:21:21.0243 2388 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
16:21:21.0243 2388 BthEnum - ok
16:21:21.0258 2388 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:21:21.0258 2388 BTHMODEM - ok
16:21:21.0289 2388 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
16:21:21.0289 2388 BthPan - ok
16:21:21.0352 2388 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
16:21:21.0352 2388 BTHPORT - ok
16:21:21.0430 2388 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
16:21:21.0430 2388 BTHUSB - ok
16:21:21.0523 2388 catchme - ok
16:21:21.0570 2388 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:21:21.0570 2388 cdfs - ok
16:21:21.0586 2388 cdrom - ok
16:21:21.0617 2388 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:21:21.0617 2388 circlass - ok
16:21:21.0664 2388 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:21:21.0664 2388 CLFS - ok
16:21:21.0742 2388 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:21:21.0742 2388 CmBatt - ok
16:21:21.0804 2388 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
16:21:21.0804 2388 cmdide - ok
16:21:21.0820 2388 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:21:21.0820 2388 Compbatt - ok
16:21:21.0851 2388 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:21:21.0851 2388 crcdisk - ok
16:21:21.0867 2388 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:21:21.0867 2388 Crusoe - ok
16:21:21.0945 2388 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:21:21.0945 2388 DfsC - ok
16:21:22.0023 2388 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:21:22.0023 2388 disk - ok
16:21:22.0085 2388 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:21:22.0085 2388 drmkaud - ok
16:21:22.0147 2388 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:21:22.0147 2388 dtsoftbus01 - ok
16:21:22.0225 2388 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:21:22.0225 2388 DXGKrnl - ok
16:21:22.0257 2388 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:21:22.0257 2388 E1G60 - ok
16:21:22.0303 2388 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:21:22.0303 2388 Ecache - ok
16:21:22.0335 2388 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:21:22.0350 2388 elxstor - ok
16:21:22.0397 2388 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:21:22.0413 2388 exfat - ok
16:21:22.0475 2388 Ext2fs (920ae11441c78c00c6cf084993c817f8) C:\Windows\system32\DRIVERS\ext2fs.sys
16:21:22.0475 2388 Ext2fs - ok
16:21:22.0522 2388 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:21:22.0522 2388 fastfat - ok
16:21:22.0537 2388 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:21:22.0537 2388 fdc - ok
16:21:22.0584 2388 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:21:22.0584 2388 FileInfo - ok
16:21:22.0615 2388 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:21:22.0615 2388 Filetrace - ok
16:21:22.0647 2388 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:21:22.0647 2388 flpydisk - ok
16:21:22.0693 2388 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:21:22.0693 2388 FltMgr - ok
16:21:22.0709 2388 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:21:22.0709 2388 Fs_Rec - ok
16:21:22.0756 2388 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:21:22.0771 2388 gagp30kx - ok
16:21:22.0803 2388 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:21:22.0803 2388 GEARAspiWDM - ok
16:21:22.0927 2388 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
16:21:22.0927 2388 giveio - ok
16:21:23.0083 2388 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
16:21:23.0083 2388 HdAudAddService - ok
16:21:23.0115 2388 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:21:23.0115 2388 HDAudBus - ok
16:21:23.0146 2388 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:21:23.0146 2388 HidBth - ok
16:21:23.0177 2388 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:21:23.0177 2388 HidIr - ok
16:21:23.0193 2388 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:21:23.0193 2388 HidUsb - ok
16:21:23.0208 2388 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:21:23.0224 2388 HpCISSs - ok
16:21:23.0255 2388 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:21:23.0271 2388 HSFHWAZL - ok
16:21:23.0317 2388 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:21:23.0317 2388 HSF_DPV - ok
16:21:23.0380 2388 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:21:23.0380 2388 HTCAND32 - ok
16:21:23.0411 2388 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
16:21:23.0411 2388 htcnprot - ok
16:21:23.0442 2388 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:21:23.0458 2388 HTTP - ok
16:21:23.0473 2388 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:21:23.0473 2388 i2omp - ok
16:21:23.0536 2388 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:21:23.0536 2388 i8042prt - ok
16:21:23.0583 2388 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:21:23.0583 2388 iaStorV - ok
16:21:23.0598 2388 IfsMount - ok
16:21:23.0692 2388 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:21:23.0723 2388 igfx - ok
16:21:23.0754 2388 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:21:23.0754 2388 iirsp - ok
16:21:23.0879 2388 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
16:21:23.0879 2388 IntcHdmiAddService - ok
16:21:23.0941 2388 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:21:23.0941 2388 intelide - ok
16:21:23.0973 2388 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:21:23.0988 2388 intelppm - ok
16:21:24.0051 2388 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:21:24.0051 2388 IpFilterDriver - ok
16:21:24.0051 2388 IpInIp - ok
16:21:24.0082 2388 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:21:24.0082 2388 IPMIDRV - ok
16:21:24.0129 2388 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:21:24.0129 2388 IPNAT - ok
16:21:24.0191 2388 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:21:24.0191 2388 IRENUM - ok
16:21:24.0207 2388 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:21:24.0207 2388 isapnp - ok
16:21:24.0253 2388 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:21:24.0253 2388 iScsiPrt - ok
16:21:24.0285 2388 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:21:24.0285 2388 iteatapi - ok
16:21:24.0300 2388 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:21:24.0300 2388 iteraid - ok
16:21:24.0378 2388 jatmlano (5012f080fccf701e2cd6b045ac7814d9) C:\Users\Dave\AppData\Local\Temp\jatmlano.sys
16:21:24.0378 2388 jatmlano - ok
16:21:24.0425 2388 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:21:24.0425 2388 kbdclass - ok
16:21:24.0472 2388 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:21:24.0472 2388 kbdhid - ok
16:21:24.0550 2388 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
16:21:24.0550 2388 KL1 - ok
16:21:24.0565 2388 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
16:21:24.0581 2388 kl2 - ok
16:21:24.0628 2388 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
16:21:24.0628 2388 KLIF - ok
16:21:24.0690 2388 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
16:21:24.0690 2388 KLIM6 - ok
16:21:24.0706 2388 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
16:21:24.0706 2388 klmouflt - ok
16:21:24.0784 2388 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:21:24.0784 2388 KSecDD - ok
16:21:24.0893 2388 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
16:21:24.0893 2388 Lavasoft Kernexplorer - ok
16:21:24.0924 2388 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
16:21:24.0940 2388 Lbd - ok
16:21:25.0252 2388 libusb0 (9ca5457634090eb1f2923f40eac4b6df) C:\Windows\system32\drivers\libusb0.sys
16:21:25.0252 2388 libusb0 - ok
16:21:25.0267 2388 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:21:25.0283 2388 lltdio - ok
16:21:25.0314 2388 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:21:25.0314 2388 LSI_FC - ok
16:21:25.0330 2388 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:21:25.0330 2388 LSI_SAS - ok
16:21:25.0377 2388 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:21:25.0377 2388 LSI_SCSI - ok
16:21:25.0439 2388 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:21:25.0455 2388 luafv - ok
16:21:25.0533 2388 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\Windows\system32\drivers\mbamswissarmy.sys
16:21:25.0533 2388 MBAMSwissArmy - ok
16:21:25.0564 2388 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:21:25.0579 2388 megasas - ok
16:21:25.0626 2388 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:21:25.0626 2388 Modem - ok
16:21:25.0673 2388 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:21:25.0673 2388 monitor - ok
16:21:25.0704 2388 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:21:25.0704 2388 mouclass - ok
16:21:25.0751 2388 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:21:25.0751 2388 mouhid - ok
16:21:25.0782 2388 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:21:25.0782 2388 MountMgr - ok
16:21:25.0813 2388 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:21:25.0813 2388 mpio - ok
16:21:25.0845 2388 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:21:25.0845 2388 mpsdrv - ok
16:21:25.0876 2388 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:21:25.0876 2388 Mraid35x - ok
16:21:25.0907 2388 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:21:25.0923 2388 MRxDAV - ok
16:21:25.0954 2388 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:21:25.0954 2388 mrxsmb - ok
16:21:26.0016 2388 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:21:26.0016 2388 mrxsmb10 - ok
16:21:26.0032 2388 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:21:26.0047 2388 mrxsmb20 - ok
16:21:26.0079 2388 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
16:21:26.0079 2388 msahci - ok
16:21:26.0094 2388 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:21:26.0110 2388 msdsm - ok
16:21:26.0172 2388 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:21:26.0172 2388 Msfs - ok
16:21:26.0219 2388 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:21:26.0219 2388 msisadrv - ok
16:21:26.0281 2388 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:21:26.0281 2388 MSKSSRV - ok
16:21:26.0328 2388 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:21:26.0328 2388 MSPCLOCK - ok
16:21:26.0375 2388 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:21:26.0375 2388 MSPQM - ok
16:21:26.0406 2388 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:21:26.0406 2388 MsRPC - ok
16:21:26.0469 2388 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:21:26.0469 2388 mssmbios - ok
16:21:26.0500 2388 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:21:26.0500 2388 MSTEE - ok
16:21:26.0515 2388 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:21:26.0515 2388 Mup - ok
16:21:26.0578 2388 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:21:26.0593 2388 NativeWifiP - ok
16:21:26.0625 2388 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:21:26.0640 2388 NDIS - ok
16:21:26.0687 2388 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:21:26.0687 2388 NdisTapi - ok
16:21:26.0734 2388 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:21:26.0734 2388 Ndisuio - ok
16:21:26.0765 2388 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:21:26.0781 2388 NdisWan - ok
16:21:26.0843 2388 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:21:26.0843 2388 NDProxy - ok
16:21:26.0874 2388 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:21:26.0874 2388 NetBIOS - ok
16:21:26.0937 2388 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:21:26.0937 2388 netbt - ok
16:21:27.0061 2388 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
16:21:27.0124 2388 NETw3v32 - ok
16:21:27.0155 2388 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:21:27.0155 2388 nfrd960 - ok
16:21:27.0186 2388 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:21:27.0186 2388 Npfs - ok
16:21:27.0217 2388 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:21:27.0217 2388 nsiproxy - ok
16:21:27.0295 2388 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:21:27.0311 2388 Ntfs - ok
16:21:27.0327 2388 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:21:27.0342 2388 ntrigdigi - ok
16:21:27.0373 2388 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:21:27.0373 2388 Null - ok
16:21:27.0405 2388 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
16:21:27.0405 2388 nvraid - ok
16:21:27.0420 2388 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
16:21:27.0420 2388 nvstor - ok
16:21:27.0451 2388 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:21:27.0467 2388 nv_agp - ok
16:21:27.0483 2388 NwlnkFlt - ok
16:21:27.0498 2388 NwlnkFwd - ok
16:21:27.0514 2388 OCDE - ok
16:21:27.0576 2388 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
16:21:27.0576 2388 OEM02Dev - ok
16:21:27.0592 2388 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
16:21:27.0592 2388 OEM02Vfx - ok
16:21:27.0639 2388 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:21:27.0639 2388 ohci1394 - ok
16:21:27.0701 2388 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:21:27.0701 2388 Parport - ok
16:21:27.0748 2388 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:21:27.0748 2388 partmgr - ok
16:21:27.0779 2388 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:21:27.0779 2388 Parvdm - ok
16:21:27.0841 2388 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:21:27.0857 2388 pci - ok
16:21:27.0873 2388 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
16:21:27.0873 2388 pciide - ok
16:21:27.0904 2388 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:21:27.0904 2388 pcmcia - ok
16:21:27.0966 2388 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:21:27.0997 2388 PEAUTH - ok
16:21:28.0044 2388 phmburnr (2d68e43d19682fcb8cf0358b3bd5e7fe) C:\Windows\system32\DRIVERS\phmburnr.sys
16:21:28.0044 2388 phmburnr - ok
16:21:28.0107 2388 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:21:28.0107 2388 PptpMiniport - ok
16:21:28.0138 2388 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:21:28.0153 2388 Processor - ok
16:21:28.0200 2388 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:21:28.0200 2388 PSched - ok
16:21:28.0231 2388 pwdrvio (31c396331f61990ce235b046a03be0a1) C:\Windows\system32\pwdrvio.sys
16:21:28.0231 2388 pwdrvio - ok
16:21:28.0263 2388 pwdspio (cee974ef297015b9600dcd16a82821b4) C:\Windows\system32\pwdspio.sys
16:21:28.0263 2388 pwdspio - ok
16:21:28.0325 2388 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:21:28.0356 2388 ql2300 - ok
16:21:28.0372 2388 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:21:28.0387 2388 ql40xx - ok
16:21:28.0434 2388 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:21:28.0434 2388 QWAVEdrv - ok
16:21:28.0481 2388 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:21:28.0481 2388 RasAcd - ok
16:21:28.0528 2388 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:21:28.0528 2388 Rasl2tp - ok
16:21:28.0575 2388 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:21:28.0590 2388 RasPppoe - ok
16:21:28.0606 2388 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:21:28.0606 2388 RasSstp - ok
16:21:28.0668 2388 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:21:28.0668 2388 rdbss - ok
16:21:28.0699 2388 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:21:28.0699 2388 RDPCDD - ok
16:21:28.0731 2388 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:21:28.0731 2388 rdpdr - ok
16:21:28.0777 2388 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:21:28.0777 2388 RDPENCDD - ok
16:21:28.0840 2388 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:21:28.0855 2388 RDPWD - ok
16:21:28.0918 2388 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
16:21:28.0933 2388 RFCOMM - ok
16:21:28.0996 2388 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:21:28.0996 2388 rimmptsk - ok
16:21:29.0043 2388 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:21:29.0043 2388 rimsptsk - ok
16:21:29.0074 2388 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:21:29.0089 2388 rismxdp - ok
16:21:29.0121 2388 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:21:29.0121 2388 rspndr - ok
16:21:29.0136 2388 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:21:29.0152 2388 sbp2port - ok
16:21:29.0199 2388 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:21:29.0199 2388 sdbus - ok
16:21:29.0214 2388 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:21:29.0214 2388 secdrv - ok
16:21:29.0245 2388 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:21:29.0261 2388 Serenum - ok
16:21:29.0292 2388 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:21:29.0292 2388 Serial - ok
16:21:29.0323 2388 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:21:29.0339 2388 sermouse - ok
16:21:29.0386 2388 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:21:29.0386 2388 sffdisk - ok
16:21:29.0417 2388 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:21:29.0417 2388 sffp_mmc - ok
16:21:29.0433 2388 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:21:29.0448 2388 sffp_sd - ok
16:21:29.0464 2388 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:21:29.0464 2388 sfloppy - ok
16:21:29.0511 2388 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:21:29.0511 2388 sisagp - ok
16:21:29.0526 2388 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:21:29.0542 2388 SiSRaid2 - ok
16:21:29.0557 2388 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:21:29.0557 2388 SiSRaid4 - ok
16:21:29.0651 2388 SmartDefragDriver (cc48f88fe17bb8e5eb6fa1a8a9477006) C:\Windows\system32\Drivers\SmartDefragDriver.sys
16:21:29.0651 2388 SmartDefragDriver - ok
16:21:29.0667 2388 Smb - ok
16:21:29.0729 2388 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
16:21:29.0729 2388 snapman - ok
16:21:29.0791 2388 SndTAudio (58f25291031de092c19f0e9320a23296) C:\Windows\system32\drivers\SndTAudio.sys
16:21:29.0791 2388 SndTAudio - ok
16:21:29.0823 2388 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
16:21:29.0838 2388 speedfan - ok
16:21:29.0885 2388 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:21:29.0885 2388 spldr - ok
16:21:29.0994 2388 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys
16:21:29.0994 2388 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
16:21:29.0994 2388 sptd ( LockedFile.Multi.Generic ) - warning
16:21:29.0994 2388 sptd - detected LockedFile.Multi.Generic (1)
16:21:30.0072 2388 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:21:30.0072 2388 srv - ok
16:21:30.0119 2388 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:21:30.0119 2388 srv2 - ok
16:21:30.0197 2388 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:21:30.0197 2388 srvnet - ok
16:21:30.0337 2388 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:21:30.0337 2388 swenum - ok
16:21:30.0369 2388 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:21:30.0369 2388 Symc8xx - ok
16:21:30.0384 2388 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:21:30.0384 2388 Sym_hi - ok
16:21:30.0415 2388 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:21:30.0415 2388 Sym_u3 - ok
16:21:30.0478 2388 tbhsd (d7f411c5af992bb44e86083a6aa7b045) C:\Windows\system32\drivers\tbhsd.sys
16:21:30.0478 2388 tbhsd - ok
16:21:30.0587 2388 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
16:21:30.0618 2388 Tcpip - ok
16:21:30.0649 2388 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
16:21:30.0649 2388 Tcpip6 - ok
16:21:30.0727 2388 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
16:21:30.0743 2388 tcpipreg - ok
16:21:30.0790 2388 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:21:30.0790 2388 TDPIPE - ok
16:21:30.0805 2388 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:21:30.0805 2388 TDTCP - ok
16:21:30.0821 2388 tdx - ok
16:21:30.0883 2388 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:21:30.0883 2388 TermDD - ok
16:21:30.0899 2388 tpcdrdrv - ok
16:21:30.0961 2388 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:21:30.0961 2388 tssecsrv - ok
16:21:31.0008 2388 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:21:31.0008 2388 tunmp - ok
16:21:31.0039 2388 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:21:31.0039 2388 tunnel - ok
16:21:31.0071 2388 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:21:31.0071 2388 uagp35 - ok
16:21:31.0133 2388 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:21:31.0149 2388 udfs - ok
16:21:31.0180 2388 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:21:31.0195 2388 uliagpkx - ok
16:21:31.0227 2388 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:21:31.0227 2388 uliahci - ok
16:21:31.0242 2388 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:21:31.0258 2388 UlSata - ok
16:21:31.0273 2388 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:21:31.0289 2388 ulsata2 - ok
16:21:31.0336 2388 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:21:31.0336 2388 umbus - ok
16:21:31.0398 2388 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
16:21:31.0398 2388 USBAAPL - ok
16:21:31.0445 2388 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:21:31.0445 2388 usbccgp - ok
16:21:31.0492 2388 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:21:31.0492 2388 usbcir - ok
16:21:31.0554 2388 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:21:31.0570 2388 usbehci - ok
16:21:31.0617 2388 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:21:31.0617 2388 usbhub - ok
16:21:31.0648 2388 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:21:31.0648 2388 usbohci - ok
16:21:31.0679 2388 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
16:21:31.0679 2388 usbprint - ok
16:21:31.0710 2388 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:21:31.0710 2388 USBSTOR - ok
16:21:31.0757 2388 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:21:31.0773 2388 usbuhci - ok
16:21:31.0882 2388 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
16:21:31.0882 2388 usbvideo - ok
16:21:31.0975 2388 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:21:31.0975 2388 vga - ok
16:21:32.0053 2388 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:21:32.0053 2388 VgaSave - ok
16:21:32.0085 2388 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:21:32.0100 2388 viaagp - ok
16:21:32.0131 2388 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:21:32.0131 2388 ViaC7 - ok
16:21:32.0178 2388 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
16:21:32.0178 2388 viaide - ok
16:21:32.0209 2388 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:21:32.0209 2388 volmgr - ok
16:21:32.0256 2388 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:21:32.0256 2388 volmgrx - ok
16:21:32.0287 2388 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:21:32.0287 2388 volsnap - ok
16:21:32.0319 2388 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:21:32.0334 2388 vsmraid - ok
16:21:32.0381 2388 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:21:32.0381 2388 WacomPen - ok
16:21:32.0428 2388 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:21:32.0428 2388 Wanarp - ok
16:21:32.0443 2388 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:21:32.0443 2388 Wanarpv6 - ok
16:21:32.0475 2388 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:21:32.0490 2388 Wd - ok
16:21:32.0537 2388 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:21:32.0553 2388 Wdf01000 - ok
16:21:32.0646 2388 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:21:32.0662 2388 winachsf - ok
16:21:32.0740 2388 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
16:21:32.0740 2388 WinUSB - ok
16:21:32.0818 2388 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:21:32.0818 2388 WmiAcpi - ok
16:21:32.0927 2388 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:21:32.0927 2388 WpdUsb - ok
16:21:32.0989 2388 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:21:32.0989 2388 ws2ifsl - ok
16:21:33.0052 2388 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
16:21:33.0052 2388 WsAudio_DeviceS(1) - ok
16:21:33.0114 2388 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
16:21:33.0114 2388 WsAudio_DeviceS(2) - ok
16:21:33.0130 2388 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
16:21:33.0130 2388 WsAudio_DeviceS(3) - ok
16:21:33.0192 2388 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
16:21:33.0192 2388 WsAudio_DeviceS(4) - ok
16:21:33.0223 2388 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
16:21:33.0223 2388 WsAudio_DeviceS(5) - ok
16:21:33.0286 2388 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:21:33.0301 2388 WUDFRd - ok
16:21:33.0348 2388 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
16:21:33.0364 2388 yukonwlh - ok
16:21:33.0395 2388 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:21:33.0426 2388 \Device\Harddisk0\DR0 - ok
16:21:33.0426 2388 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk1\DR6
16:21:36.0624 2388 \Device\Harddisk1\DR6 - ok
16:21:36.0624 2388 Boot (0x1200) (ec9581a9fac5af6c461446a739dc23ca) \Device\Harddisk0\DR0\Partition0
16:21:36.0624 2388 \Device\Harddisk0\DR0\Partition0 - ok
16:21:36.0624 2388 Boot (0x1200) (f76f86d79fed22e2548db6e3ee78cc7d) \Device\Harddisk1\DR6\Partition0
16:21:36.0640 2388 \Device\Harddisk1\DR6\Partition0 - ok
16:21:36.0640 2388 ============================================================
16:21:36.0640 2388 Scan finished
16:21:36.0640 2388 ============================================================
16:21:36.0640 3164 Detected object count: 2
16:21:36.0640 3164 Actual detected object count: 2
16:22:19.0243 3164 C:\Windows\system32\drivers\afd.sys - copied to quarantine
16:22:19.0665 3164 Backup copy not found, trying to cure infected file..
16:22:19.0696 3164 Cure success, using it..
16:22:19.0758 3164 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
16:22:23.0112 3164 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
16:22:23.0112 3164 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:22:23.0112 3164 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:22:31.0521 2424 Deinitialize success
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby Gary R » February 2nd, 2012, 1:53 pm

Looks like TDSSKiller was successful, but to make sure I'd like to run some more scans.

  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it
Image


  • Click the SCAN button to start the scan.


Image
  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.

Next

I see you have Malwarebytes Anti-Malware installed ....

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • aswMBR log
  • MBAM log
  • E-Set log
  • Let me know how your computer is behaving now. Are there any programs on your computer that won't run?


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 4:48 pm

Logs for aswMBR and Malwarebytes below.
Please note however that I am unable to run an ESET scan as I still do not have network connectivity - the network only ever gets as far as "Identifying" with local area access only. All downloading of scan tools etc has to be done via my phone at the moment and transferred by usb cable!

aswMBR Log:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-02 20:08:51
-----------------------------
20:08:51.570 OS Version: Windows 6.0.6002 Service Pack 2
20:08:51.570 Number of processors: 2 586 0xF0D
20:08:51.570 ComputerName: LAPTOP UserName: Admin
20:08:54.721 Initialize success
20:09:22.338 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:09:22.354 Disk 0 Vendor: WDC_WD3200BPVT-00HXZT1 01.01A01 Size: 305245MB BusType: 3
20:09:22.401 Disk 0 MBR read successfully
20:09:22.401 Disk 0 MBR scan
20:09:22.401 Disk 0 Windows VISTA default MBR code
20:09:22.416 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
20:09:22.416 Disk 0 scanning sectors +625137345
20:09:22.494 Disk 0 scanning C:\Windows\system32\drivers
20:09:26.660 File: C:\Windows\system32\drivers\dfsc.sys **SUSPICIOUS**
20:09:36.363 Disk 0 trace - called modules:
20:09:36.441 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xaffdabc0]<<
20:09:36.441 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86659ac8]
20:09:36.456 3 CLASSPNP.SYS[88f6b8b3] -> nt!IofCallDriver -> [0xb8d628f8]
20:09:36.472 \Driver\00010519[0x80c9ee40] -> IRP_MJ_CREATE -> 0xaffdabc0
20:09:36.488 Scan finished successfully
20:09:58.624 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
20:09:58.640 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"


Malwarebytes log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912020107

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19170

02/02/2012 20:29:06
mbam-log-2012-02-02 (20-29-06).txt

Scan type: Quick scan
Objects scanned: 358613
Time elapsed: 14 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\icdsptsv.dll (Rootkit.0Access) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\icdsptsv.dll (Rootkit.0Access) -> Delete on reboot.
c:\Users\Admin\AppData\Local\Temp\{e9c1e1ac-c9b2-4c85-94de-9c1518918d02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
c:\Users\Ben\AppData\Local\Temp\{e9c1e1ac-c9b2-4c85-94de-9c1518918d02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
c:\Windows\serviceprofiles\localservice\AppData\Local\Temp\{e9c1e1ac-c9b2-4c85-94de-9c1518918d02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
c:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\{e9c1e1ac-c9b2-4c85-94de-9c1518918d02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
c:\Windows\Temp\{e9c1e1ac-c9b2-4c85-94de-9c1518918d02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby pompeyfan » February 2nd, 2012, 5:01 pm

Oh, sorry - you also asked how it was behaving...
Mostly it seems ok, except (as mentioned above) no network. Plus my CD drive is currently not showing up (I guess that's fairly minor in the grand scheme of things though?)
pompeyfan
Regular Member
 
Posts: 15
Joined: February 2nd, 2012, 3:49 am

Re: Started with google redirection now no network

Unread postby Gary R » February 2nd, 2012, 7:19 pm

OK, let's see if we can find out what's causing your connection problems. There are things we need to do, but without a working connection they will be difficult to achieve.

I need you to run a scan for me with Farbar Service Scan

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Make sure that Internet Services is checked.
  • Make sure that Windows Firewall is checked.
  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

Next

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • In the Search box type ... dfsc
  • Click on Export Service
  • When the scan finishes a log will be produced.
  • Please post me the log.

Next

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • In the Search box type ... dfsc.sys
  • Click on Search Files
  • When the scan finishes a log will be produced.
  • Please post me the log.

Next

  • Click Start, then type cmd in the Search programs and files box
  • Right click on the cmd.exe icon at the top of the find list, and select Run as an Administrator, OK any prompts.
  • Type the following into the command window ... sc query dfsc > "%userprofile%\desktop\export.txt" ... then hit Enter .... please be careful to type it out carefully and put spaces in the correct places or it won't work (after sc, after query, after dfsc, after >).
  • A file ... Export.txt ... should be produced on your Desktop.
  • Please post me the log.

Next

Reboot your computer.

Now run a new scan with Malwarebytes' Anti-Malware and post me the new log please. ..... (I want to see if the items it removed have been restored, in which case your infection is still active)

Summary of the logs I need from you in your next post:
  • FSS Scan log
  • FSS File scan log
  • FSS Service export log
  • Export.txt
  • MBAM log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware