Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WebSearch infection?


  • Please log in to reply
9 replies to this topic

#1 Elminac

Elminac

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 17 June 2011 - 01:33 PM

Hey guys, was wondering if I could get some help on this.
I am effectively having a browser hijack or something, when using google I search for my intended stuff and when I click on the results, instead it diverts me to a site like a web searching site, or a advertisement for a product. I was advised by a tech support team to try combofix, after using that it removed something called zisu.exe and a few other files which I cant remember. But after reading the red notice at the top of these boards, makes me worry if I should of used combofix..

Anywaay, I have performed scans with AVG, Malware Antibytes, Spybot Search & Destroy and also IOBit Malware Fighter, none seem to have fixed it. I wasnt really noticing it after zisu was deleted(if it was that), but today its back again and diverting me again. PLEASE HELP

Also could someone link me to a donator scheme or something?, you guys are doing the dirty work people cant do, and well you deserve something for it =3

PS; I think I have a problem with DDS also, as i run the file it goes successfully i think, scans and these |||||| symbols fill one entire line (or there abouts) and then it just stalls in a sense.. keep retrying it and it always gets to the same point and stalls.

Edited by hamluis, 17 June 2011 - 01:59 PM.
No logs, moved from MRL to AII, PM sent.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:03 AM

Posted 17 June 2011 - 02:02 PM

Hello, plese run these,post back the logs and tell us how it is now.

Your topic was moved to the Am I Infected forum.

Also I recommernd removing Iobit.It uses MBAM's technology and MBAM is better,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



Now do an Online scan.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 Elminac

Elminac
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 17 June 2011 - 09:31 PM

Hi, thanks for the spreedy response, most appreciated.

No infected files from TDSS;
2011/06/17 20:08:38.0169 62048 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/17 20:08:39.0611 62048 ================================================================================
2011/06/17 20:08:39.0611 62048 SystemInfo:
2011/06/17 20:08:39.0611 62048
2011/06/17 20:08:39.0611 62048 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/17 20:08:39.0611 62048 Product type: Workstation
2011/06/17 20:08:39.0611 62048 ComputerName: KEVIN-PC
2011/06/17 20:08:39.0612 62048 UserName: kevin
2011/06/17 20:08:39.0612 62048 Windows directory: C:\Windows
2011/06/17 20:08:39.0612 62048 System windows directory: C:\Windows
2011/06/17 20:08:39.0612 62048 Running under WOW64
2011/06/17 20:08:39.0612 62048 Processor architecture: Intel x64
2011/06/17 20:08:39.0612 62048 Number of processors: 6
2011/06/17 20:08:39.0612 62048 Page size: 0x1000
2011/06/17 20:08:39.0612 62048 Boot type: Normal boot
2011/06/17 20:08:39.0612 62048 ================================================================================
2011/06/17 20:08:42.0192 62048 Initialize success
2011/06/17 20:08:53.0909 60076 ================================================================================
2011/06/17 20:08:53.0909 60076 Scan started
2011/06/17 20:08:53.0909 60076 Mode: Manual;
2011/06/17 20:08:53.0909 60076 ================================================================================
2011/06/17 20:08:54.0753 60076 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/17 20:08:54.0805 60076 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/17 20:08:54.0883 60076 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/17 20:08:54.0973 60076 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/06/17 20:08:55.0067 60076 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/17 20:08:55.0129 60076 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/17 20:08:55.0212 60076 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/17 20:08:55.0264 60076 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/17 20:08:55.0337 60076 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/17 20:08:55.0405 60076 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/17 20:08:55.0658 60076 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/17 20:08:55.0733 60076 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/06/17 20:08:55.0813 60076 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/17 20:08:56.0016 60076 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/17 20:08:56.0265 60076 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/17 20:08:56.0310 60076 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/17 20:08:56.0381 60076 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/17 20:08:56.0407 60076 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/17 20:08:56.0436 60076 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/17 20:08:56.0521 60076 AODDriver2 (6a488397b2e020ec24ce1aacfc830f90) C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
2011/06/17 20:08:56.0720 60076 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/17 20:08:56.0853 60076 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/17 20:08:56.0876 60076 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/17 20:08:56.0981 60076 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/17 20:08:57.0012 60076 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/17 20:08:57.0112 60076 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
2011/06/17 20:08:57.0188 60076 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/17 20:08:57.0297 60076 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/17 20:08:57.0431 60076 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
2011/06/17 20:08:57.0516 60076 AVGIDSDriver (eee718457f24f2154f23a7fad1a0cea3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/17 20:08:57.0627 60076 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/06/17 20:08:57.0688 60076 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/17 20:08:57.0754 60076 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/06/17 20:08:57.0821 60076 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/06/17 20:08:57.0876 60076 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/06/17 20:08:57.0996 60076 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/06/17 20:08:58.0098 60076 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/17 20:08:58.0153 60076 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/17 20:08:58.0244 60076 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/17 20:08:58.0289 60076 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/17 20:08:58.0457 60076 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/17 20:08:58.0752 60076 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/17 20:08:58.0829 60076 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/17 20:08:58.0868 60076 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/17 20:08:58.0889 60076 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/17 20:08:58.0957 60076 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/17 20:08:58.0989 60076 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/17 20:08:59.0016 60076 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/17 20:08:59.0126 60076 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/17 20:08:59.0169 60076 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/17 20:08:59.0265 60076 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/17 20:08:59.0296 60076 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/17 20:08:59.0422 60076 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/17 20:08:59.0445 60076 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/17 20:08:59.0519 60076 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/17 20:08:59.0628 60076 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/17 20:08:59.0683 60076 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/17 20:08:59.0775 60076 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
2011/06/17 20:08:59.0879 60076 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/17 20:08:59.0949 60076 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/06/17 20:09:00.0042 60076 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/17 20:09:00.0073 60076 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/17 20:09:00.0137 60076 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/17 20:09:00.0197 60076 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/17 20:09:00.0335 60076 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/17 20:09:00.0461 60076 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/17 20:09:00.0684 60076 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/17 20:09:00.0734 60076 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/17 20:09:00.0810 60076 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/17 20:09:00.0860 60076 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/17 20:09:00.0914 60076 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/17 20:09:00.0985 60076 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/17 20:09:01.0105 60076 FileMonitor (2b609f74fa2884c36471743322652a16) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
2011/06/17 20:09:01.0172 60076 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/17 20:09:01.0216 60076 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/17 20:09:01.0295 60076 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/17 20:09:01.0332 60076 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/17 20:09:01.0407 60076 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/17 20:09:01.0488 60076 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/17 20:09:01.0625 60076 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/17 20:09:01.0712 60076 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/06/17 20:09:01.0813 60076 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/17 20:09:01.0966 60076 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/17 20:09:02.0008 60076 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/17 20:09:02.0102 60076 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/17 20:09:02.0127 60076 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/17 20:09:02.0152 60076 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/17 20:09:02.0233 60076 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/17 20:09:02.0288 60076 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/17 20:09:02.0379 60076 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/17 20:09:02.0419 60076 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/17 20:09:02.0446 60076 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/17 20:09:02.0524 60076 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/17 20:09:02.0643 60076 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/17 20:09:02.0764 60076 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/17 20:09:02.0851 60076 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/17 20:09:02.0922 60076 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/17 20:09:02.0984 60076 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/17 20:09:03.0045 60076 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/17 20:09:03.0104 60076 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/17 20:09:03.0167 60076 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/17 20:09:03.0222 60076 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/17 20:09:03.0287 60076 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/17 20:09:03.0340 60076 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/17 20:09:03.0400 60076 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/17 20:09:03.0456 60076 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/17 20:09:03.0529 60076 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/17 20:09:03.0582 60076 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/17 20:09:03.0696 60076 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/06/17 20:09:03.0737 60076 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/17 20:09:03.0800 60076 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/17 20:09:03.0859 60076 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/17 20:09:03.0918 60076 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/17 20:09:03.0977 60076 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/17 20:09:04.0041 60076 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/17 20:09:04.0157 60076 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/17 20:09:04.0188 60076 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/17 20:09:04.0281 60076 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/17 20:09:04.0315 60076 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/17 20:09:04.0403 60076 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/17 20:09:04.0427 60076 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/17 20:09:04.0516 60076 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/17 20:09:04.0549 60076 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/17 20:09:04.0583 60076 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/17 20:09:04.0612 60076 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/17 20:09:04.0707 60076 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/17 20:09:04.0734 60076 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/17 20:09:04.0761 60076 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/17 20:09:04.0838 60076 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/17 20:09:04.0878 60076 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/17 20:09:04.0917 60076 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/17 20:09:04.0983 60076 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/17 20:09:05.0019 60076 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/17 20:09:05.0099 60076 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/17 20:09:05.0120 60076 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/17 20:09:05.0134 60076 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/17 20:09:05.0157 60076 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/17 20:09:05.0185 60076 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/17 20:09:05.0262 60076 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/17 20:09:05.0290 60076 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/17 20:09:05.0312 60076 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/17 20:09:05.0411 60076 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/17 20:09:05.0530 60076 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/17 20:09:05.0565 60076 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/17 20:09:05.0644 60076 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/17 20:09:05.0680 60076 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/17 20:09:05.0702 60076 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/17 20:09:05.0785 60076 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/17 20:09:05.0818 60076 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/17 20:09:05.0844 60076 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/17 20:09:05.0948 60076 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/17 20:09:05.0979 60076 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/17 20:09:06.0005 60076 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/17 20:09:06.0102 60076 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/17 20:09:06.0141 60076 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/17 20:09:06.0222 60076 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/06/17 20:09:06.0296 60076 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
2011/06/17 20:09:06.0389 60076 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/17 20:09:06.0433 60076 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/17 20:09:06.0512 60076 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/17 20:09:06.0545 60076 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/17 20:09:06.0619 60076 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/17 20:09:06.0679 60076 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/17 20:09:06.0768 60076 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
2011/06/17 20:09:06.0839 60076 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/17 20:09:06.0856 60076 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/17 20:09:06.0881 60076 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/17 20:09:06.0993 60076 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/06/17 20:09:07.0033 60076 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/17 20:09:07.0101 60076 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/17 20:09:07.0298 60076 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/17 20:09:07.0338 60076 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/17 20:09:07.0440 60076 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/17 20:09:07.0513 60076 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/17 20:09:07.0599 60076 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/17 20:09:07.0628 60076 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/17 20:09:07.0714 60076 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/17 20:09:07.0755 60076 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/17 20:09:07.0778 60076 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/17 20:09:07.0854 60076 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/17 20:09:07.0892 60076 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/17 20:09:07.0919 60076 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/17 20:09:07.0984 60076 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/17 20:09:08.0008 60076 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/17 20:09:08.0038 60076 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/06/17 20:09:08.0093 60076 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/17 20:09:08.0141 60076 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/17 20:09:08.0167 60076 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/17 20:09:08.0250 60076 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/17 20:09:08.0322 60076 RecFltr (038cf37253ffca7f339989d050eed076) C:\Windows\system32\drivers\RecFltr.sys
2011/06/17 20:09:08.0460 60076 RegFilter (8ccf1201a14d5ad7568e192b835abb7e) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
2011/06/17 20:09:08.0577 60076 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/17 20:09:08.0620 60076 rt61x64 (ec7f0030d58886b0fcd3eefb1c51f8e2) C:\Windows\system32\DRIVERS\netr6164.sys
2011/06/17 20:09:08.0699 60076 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/17 20:09:08.0920 60076 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/17 20:09:08.0998 60076 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/17 20:09:09.0071 60076 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/17 20:09:09.0132 60076 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/17 20:09:09.0189 60076 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/17 20:09:09.0212 60076 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/17 20:09:09.0306 60076 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/17 20:09:09.0381 60076 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/17 20:09:09.0445 60076 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/17 20:09:09.0508 60076 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/17 20:09:09.0595 60076 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/17 20:09:09.0640 60076 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/17 20:09:09.0725 60076 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2011/06/17 20:09:09.0791 60076 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/17 20:09:10.0056 60076 SNP325 (be35cc81081328b1cfb2a5ab5cf0ce33) C:\Windows\system32\DRIVERS\snp325.sys
2011/06/17 20:09:10.0306 60076 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/17 20:09:10.0397 60076 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/06/17 20:09:10.0398 60076 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/06/17 20:09:10.0410 60076 sptd - detected LockedFile.Multi.Generic (1)
2011/06/17 20:09:10.0509 60076 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
2011/06/17 20:09:10.0566 60076 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/17 20:09:10.0677 60076 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/17 20:09:10.0738 60076 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/17 20:09:10.0817 60076 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/17 20:09:10.0848 60076 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/17 20:09:10.0874 60076 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/17 20:09:11.0010 60076 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
2011/06/17 20:09:11.0070 60076 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/06/17 20:09:11.0190 60076 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/17 20:09:11.0226 60076 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/17 20:09:11.0290 60076 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/17 20:09:11.0308 60076 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/17 20:09:11.0341 60076 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/17 20:09:11.0359 60076 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/17 20:09:11.0455 60076 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/17 20:09:11.0487 60076 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/17 20:09:11.0511 60076 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/17 20:09:11.0542 60076 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/17 20:09:11.0625 60076 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/17 20:09:11.0671 60076 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/17 20:09:11.0759 60076 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/17 20:09:11.0901 60076 UrlFilter (1aa6ca6b150f85f07804cba5f814d9b2) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
2011/06/17 20:09:11.0999 60076 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/06/17 20:09:12.0036 60076 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/17 20:09:12.0065 60076 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/17 20:09:12.0156 60076 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/17 20:09:12.0236 60076 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/17 20:09:12.0321 60076 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/17 20:09:12.0350 60076 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/17 20:09:12.0376 60076 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/17 20:09:12.0480 60076 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/17 20:09:12.0618 60076 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/17 20:09:12.0701 60076 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/17 20:09:12.0736 60076 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/17 20:09:12.0776 60076 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/17 20:09:12.0835 60076 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/17 20:09:12.0863 60076 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/17 20:09:12.0891 60076 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/17 20:09:12.0920 60076 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/17 20:09:12.0981 60076 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/17 20:09:13.0005 60076 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/17 20:09:13.0090 60076 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/17 20:09:13.0129 60076 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/17 20:09:13.0211 60076 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/17 20:09:13.0240 60076 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/17 20:09:13.0341 60076 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/06/17 20:09:13.0386 60076 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/06/17 20:09:13.0426 60076 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/17 20:09:13.0529 60076 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/06/17 20:09:13.0566 60076 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/17 20:09:13.0587 60076 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/17 20:09:13.0667 60076 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/17 20:09:13.0699 60076 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/17 20:09:13.0802 60076 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/17 20:09:13.0822 60076 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/17 20:09:13.0877 60076 WinDriver6 (6ec754e32e6090d4f8cc04b9260457fb) C:\Windows\system32\drivers\windrvr6.sys
2011/06/17 20:09:14.0015 60076 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/17 20:09:14.0072 60076 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/17 20:09:14.0165 60076 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/17 20:09:14.0234 60076 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/17 20:09:14.0319 60076 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/17 20:09:14.0396 60076 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/17 20:09:14.0411 60076 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
2011/06/17 20:09:14.0497 60076 ================================================================================
2011/06/17 20:09:14.0497 60076 Scan finished
2011/06/17 20:09:14.0497 60076 ================================================================================
2011/06/17 20:09:14.0507 64144 Detected object count: 1
2011/06/17 20:09:14.0507 64144 Actual detected object count: 1
2011/06/17 20:10:15.0610 64144 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/17 20:10:28.0868 63928 Deinitialize success
----




ESET SCAN:


C:\Users\kevin\AppData\Local\3T6uEem\fVMNMnYFe.cpl a variant of Win32/Sefnit.AL trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\kevin\AppData\Local\Temp\NODFC8F.tmp a variant of Win32/Sefnit.AL trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\711fce00-63411717 multiple threats deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\35ace28a-23ef3d69 probably a variant of Win32/Agent.LMMBFXF trojan cleaned by deleting - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-7b88b556 multiple threats deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\21a4db8c-5d077ed5 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\392ecc4e-6b5d9a3c multiple threats deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1d24b7d2-4849af7e multiple threats deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-492dfbce probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1e71cfc6 multiple threats deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\63305a1f-132d1bea OSX/Exploit.Smid.C trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\63305a1f-79bd57fb probably a variant of OSX/Exploit.Smid.D trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\40591084-4843d9a7 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\1bf50929-4134115a Java/Exploit.CVE-2010-0844.A trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-2fc3b12f probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-6ead57d3 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\f2b0d73-1f948d89 a variant of OSX/Exploit.Smid.D trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-1ed9c99e multiple threats deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\640c67b5-4a559850 Java/TrojanDownloader.Agent.NBM trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fa8f07a-1b713ac1 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3f5641c8-7ae0d431 Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined
C:\Users\kevin\Desktop\Mass Menu\Menu\CYx\HSS-1.56-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application deleted - quarantined
C:\Windows\FixCamera.exe a variant of Win32/KillProc.A application cleaned by deleting - quarantined

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:03 AM

Posted 17 June 2011 - 09:50 PM

Hell, I forgot to say that you should not run ComboFix on your own, Tho it went well this time if it shut you down you would be in a tough spot.
How is it now??

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 Elminac

Elminac
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 18 June 2011 - 09:21 AM

Hey, yes thankfully ComboFix didn't really screw me.
I havent really noticed the search stuff happening, I did do an MBAM scan however unsure how to get the log.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:03 AM

Posted 18 June 2011 - 02:22 PM

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 Elminac

Elminac
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 19 June 2011 - 03:46 AM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6886

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/06/2011 15:02:13
mbam-log-2011-06-18 (15-02-13).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 531063
Time elapsed: 1 hour(s), 19 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\fVMNMnYFe (Trojan.CTRLRedir.Gen) -> Value: fVMNMnYFe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Elminac, 19 June 2011 - 03:46 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:03 AM

Posted 19 June 2011 - 11:47 AM

OK, I don't see any more Websearch and this loks pretty good.
How is it runnning now?
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#9 Elminac

Elminac
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 19 June 2011 - 05:36 PM

Hey Boop,
I think it is resolved dude, I havent really had it occur since, so thank you for the assistance, its been a smash!!
In future cases, should I just repeat the steps shown?, TDSS Killer, MBAM, ESET ?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:03 AM

Posted 20 June 2011 - 10:36 AM

Hello, looks good here. Yes you can do that after updayimg. You should update and runa an MBAM quick scan every3 days.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users