Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus - assistance requested


  • Please log in to reply
17 replies to this topic

#1 brasha

brasha

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 26 July 2010 - 12:17 AM

I believe my PC has been infected with the Google Redirect virus.
Running Windows XP Home SP2, connected to Internet through a router and cable modem.
Major symptoms being experienced are web pages being launched that are not the intended ones and my detection that downloads of updated virus patterns for my Trend Micro Internet Security software have been failing for about 1 week.
Have Internet Explorer 6 along with an old Netscape 7.1 browsers installed in my PC.
Some Internet searching this evening suggests to me the Google Redirect virus has become a major problem.
Your assistance would be most appreciated.
Thanks,
Brad

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:25 AM

Posted 26 July 2010 - 02:42 PM

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 brasha

brasha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 26 July 2010 - 10:46 PM

Downloaded MBAM, installed it, but failed to download the definition updates.
Error: "MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)"
Tried "Check for Updates" from the MBAM Update tab, but got same error.
Tried getting to many many many websites to get latest rules definiton file, rules.exe, without success - Page not found errors, etc - I believe the redirect virus on my PC is preventing this.
I will try tomorrow from a different PC to get the latest rules.exe.
If I am not successful at getting the latest rules.exe, should I run a Quick scan with the installed rules.ref dated Apr 29 2010 ?
Thanks...Brad

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:25 AM

Posted 27 July 2010 - 06:38 AM

If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected". Some flash drives have a switch on the side which could have accidentally been moved to write protect.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow the instructions provided on that same page for performing a scan or refer to these instructions.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions.
  • If you don't have an extracting program, then download TDSSKiller.exe and use that instead.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com).
  • Some types of malware will disable security tools so they will not run. Renaming helps to prevent the malware from doing this.
    If you do not see the file extension, please refer to
    How to change the file extension.
  • Double-click on TDSSKiller.exe or 123abc.com (if you renamed it) to run the tool for known TDSS variants.
  • Click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time.txt (i.e. TDSSKiller.2.3.2.2_20.07.2010.08.26.56_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 brasha

brasha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 27 July 2010 - 09:57 PM

Downloaded MBAM rules.exe from another PC and installed it on my home infected PC.
Ran Quick Scan - log results are:
************************************************************************
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

27/07/10 8:14:25 PM
mbam-log-2010-07-27 (20-14-25).txt

Scan type: Quick scan
Objects scanned: 202800
Time elapsed: 36 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\W34BCG2GRJ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.235,93.188.166.215 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d851edb9-ba7c-4930-806e-18936f298d70}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.235,93.188.166.215 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\ernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

************************************************************************
Downloaded,extracted and ran TDSSKiller.exe
1 suspicious object was found, but the program prompts were not as described in your last post.
The options available (in a dropdown list) were Skip, Quarantine, and Delete (Skip was the default)
I used the default 'Skip' action as I was uncertain on whether or not 'Quarantine' corresponds to the 'Cure' action you indicated in your email. ** Please let me know which option (skip, Quarantine, or Delete) I should use and I will run TDSSKiller.exe again.
The window showing the suspicious object indicated:
Service name: SIODRV
Servict type: Kernel driver (0x1)
Service start: Auto (0x2)
File: C:\WINDOWS\system32\drivers\SIODRV.SYS
MD5: 6fbba21e5ad173ecad3144ddff3a89bf
MD5(forged): f32fc556dfd8dbde6ed908220f157538

Log results are:
************************************************************************
2010/07/27 20:31:49.0125 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/27 20:31:49.0125 ================================================================================
2010/07/27 20:31:49.0125 SystemInfo:
2010/07/27 20:31:49.0125
2010/07/27 20:31:49.0125 OS Version: 5.1.2600 ServicePack: 2.0
2010/07/27 20:31:49.0125 Product type: Workstation
2010/07/27 20:31:49.0125 ComputerName: D9KNX081
2010/07/27 20:31:49.0125 UserName: Bradley
2010/07/27 20:31:49.0125 Windows directory: C:\WINDOWS
2010/07/27 20:31:49.0125 System windows directory: C:\WINDOWS
2010/07/27 20:31:49.0125 Processor architecture: Intel x86
2010/07/27 20:31:49.0125 Number of processors: 2
2010/07/27 20:31:49.0125 Page size: 0x1000
2010/07/27 20:31:49.0125 Boot type: Normal boot
2010/07/27 20:31:49.0125 ================================================================================
2010/07/27 20:31:49.0765 Initialize success
2010/07/27 20:32:00.0750 ================================================================================
2010/07/27 20:32:00.0750 Scan started
2010/07/27 20:32:00.0750 Mode: Manual;
2010/07/27 20:32:00.0750 ================================================================================
2010/07/27 20:32:01.0437 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/07/27 20:32:01.0468 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/27 20:32:01.0515 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/27 20:32:01.0593 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/07/27 20:32:01.0687 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/07/27 20:32:01.0765 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/07/27 20:32:01.0796 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/07/27 20:32:01.0828 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/07/27 20:32:01.0875 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/07/27 20:32:01.0890 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/07/27 20:32:01.0921 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/07/27 20:32:01.0953 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/07/27 20:32:01.0968 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/07/27 20:32:02.0015 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/07/27 20:32:02.0031 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/07/27 20:32:02.0109 AngelUsb (3e36632373073b984c0114e0c03cc41a) C:\WINDOWS\system32\DRIVERS\AngelUsb.sys
2010/07/27 20:32:02.0171 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/07/27 20:32:02.0203 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/07/27 20:32:02.0234 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/07/27 20:32:02.0265 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/27 20:32:02.0359 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/27 20:32:02.0468 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/07/27 20:32:02.0562 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/27 20:32:02.0593 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/27 20:32:02.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/27 20:32:02.0656 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/07/27 20:32:02.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/27 20:32:02.0750 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/07/27 20:32:02.0781 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/07/27 20:32:02.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/27 20:32:02.0843 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/27 20:32:02.0906 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/27 20:32:02.0937 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/07/27 20:32:02.0968 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/07/27 20:32:03.0031 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/07/27 20:32:03.0093 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/07/27 20:32:03.0125 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/07/27 20:32:03.0171 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/07/27 20:32:03.0203 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/27 20:32:03.0281 DLABMFSM (7a1e8f722479ef934d71798ac3617ed7) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/07/27 20:32:03.0359 DLABOIOM (2281b5c596c04645426b3771a3bd5657) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/07/27 20:32:03.0390 DLACDBHM (43749294a1d9f22fe164a62c1a42919d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/07/27 20:32:03.0406 DLADResM (54a3f9ebd1ddc975736f8e18a9b8fce9) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/07/27 20:32:03.0468 DLAIFS_M (e0fbaf0146bfceec29f31f07452db4ad) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/07/27 20:32:03.0500 DLAOPIOM (d3ce0c76496a5332032399639485774f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/07/27 20:32:03.0531 DLAPoolM (fce1882364d4c324b937a841ef9c58ac) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/07/27 20:32:03.0562 DLARTL_M (14183a8eff683eb0c1774802578ed0f4) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/07/27 20:32:03.0593 DLAUDFAM (2ef8c92ab8411589387845f58534c7d9) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/07/27 20:32:03.0640 DLAUDF_M (a2096fd7b5037085a3dc580e2891d2c4) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/07/27 20:32:03.0703 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/27 20:32:03.0796 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/27 20:32:03.0843 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/27 20:32:03.0921 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/27 20:32:03.0953 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/07/27 20:32:03.0984 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/27 20:32:04.0031 drvmcdb (1fb11e1eac27668754fd18a079cccfb3) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/07/27 20:32:04.0078 drvnddm (9628dfa16b1a47615c65318f8776f233) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/07/27 20:32:04.0218 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/07/27 20:32:04.0265 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/07/27 20:32:04.0281 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/27 20:32:04.0359 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/27 20:32:04.0421 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/27 20:32:04.0468 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/27 20:32:04.0515 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/07/27 20:32:04.0562 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/27 20:32:04.0593 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/27 20:32:04.0656 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/07/27 20:32:04.0703 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2010/07/27 20:32:04.0812 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/27 20:32:04.0875 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/27 20:32:04.0937 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/07/27 20:32:05.0000 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/27 20:32:05.0015 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/07/27 20:32:05.0046 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/07/27 20:32:05.0140 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/27 20:32:05.0203 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/27 20:32:05.0265 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/07/27 20:32:05.0375 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2010/07/27 20:32:05.0546 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2010/07/27 20:32:05.0640 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2010/07/27 20:32:05.0671 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/07/27 20:32:05.0703 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/27 20:32:05.0750 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/07/27 20:32:05.0781 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/27 20:32:05.0812 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/27 20:32:05.0875 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/27 20:32:05.0890 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/27 20:32:05.0937 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/27 20:32:05.0953 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/27 20:32:06.0000 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/27 20:32:06.0046 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/07/27 20:32:06.0125 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/27 20:32:06.0187 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/27 20:32:06.0234 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/27 20:32:06.0312 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/07/27 20:32:06.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/27 20:32:06.0406 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/27 20:32:06.0421 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/07/27 20:32:06.0468 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2010/07/27 20:32:06.0484 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/27 20:32:06.0531 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/27 20:32:06.0546 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/27 20:32:06.0578 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/07/27 20:32:06.0656 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/27 20:32:06.0734 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/27 20:32:06.0812 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/27 20:32:06.0843 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/27 20:32:06.0890 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/27 20:32:06.0921 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/27 20:32:06.0953 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/27 20:32:07.0000 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/07/27 20:32:07.0015 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/27 20:32:07.0093 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2010/07/27 20:32:07.0125 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/07/27 20:32:07.0171 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/27 20:32:07.0218 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/07/27 20:32:07.0250 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/27 20:32:07.0281 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/27 20:32:07.0343 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/27 20:32:07.0390 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/27 20:32:07.0453 NEOFLTR_650_15255 (1240d1a4ae8346a6ec16c43f04faacb4) C:\WINDOWS\system32\Drivers\NEOFLTR_650_15255.SYS
2010/07/27 20:32:07.0484 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/27 20:32:07.0531 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/27 20:32:07.0562 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/27 20:32:07.0640 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/27 20:32:07.0703 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/27 20:32:07.0843 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/27 20:32:07.0968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/27 20:32:08.0000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/27 20:32:08.0093 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/07/27 20:32:08.0156 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/07/27 20:32:08.0250 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
2010/07/27 20:32:08.0406 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/27 20:32:08.0468 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/27 20:32:08.0531 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/27 20:32:08.0625 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/27 20:32:08.0687 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/27 20:32:08.0750 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/27 20:32:08.0828 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/07/27 20:32:08.0843 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/07/27 20:32:08.0921 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2010/07/27 20:32:08.0953 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
2010/07/27 20:32:09.0000 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/27 20:32:09.0031 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/27 20:32:09.0093 PSMounter (a34811dd55c70e7bff960b8ca7a8c6d1) C:\WINDOWS\system32\drivers\psmounter.sys
2010/07/27 20:32:09.0171 pssnap (599dac0114eaf8edaf88b44d0c6183f6) C:\WINDOWS\system32\DRIVERS\pssnap.sys
2010/07/27 20:32:09.0250 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/27 20:32:09.0296 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/27 20:32:09.0468 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2010/07/27 20:32:09.0750 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/07/27 20:32:09.0796 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/07/27 20:32:09.0828 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/07/27 20:32:09.0859 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/07/27 20:32:09.0890 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/07/27 20:32:09.0921 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/27 20:32:10.0015 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/27 20:32:10.0046 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/27 20:32:10.0078 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/27 20:32:10.0140 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/27 20:32:10.0171 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/27 20:32:10.0218 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/27 20:32:10.0296 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/27 20:32:10.0375 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/27 20:32:10.0515 RxFilter (78f204f3a885de987d41b12f9bb8dffb) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2010/07/27 20:32:10.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/27 20:32:10.0703 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2010/07/27 20:32:10.0781 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/27 20:32:10.0812 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/27 20:32:10.0890 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
2010/07/27 20:32:10.0968 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/07/27 20:32:11.0046 SIODRV (6fbba21e5ad173ecad3144ddff3a89bf) C:\WINDOWS\system32\drivers\SIODRV.SYS
2010/07/27 20:32:11.0046 Suspicious file (Forged): C:\WINDOWS\system32\drivers\SIODRV.SYS. Real md5: 6fbba21e5ad173ecad3144ddff3a89bf, Fake md5: f32fc556dfd8dbde6ed908220f157538
2010/07/27 20:32:11.0046 SIODRV - detected Forged file (1)
2010/07/27 20:32:11.0125 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/07/27 20:32:11.0203 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/07/27 20:32:11.0265 sonypvf3 (f576ee7cc67a9b1e6a0f6a9ec1b1e6ab) C:\WINDOWS\system32\drivers\sonypvf3.sys
2010/07/27 20:32:11.0375 sonypvl3 (9b70d51a35fe6230814d031e66f34651) C:\WINDOWS\system32\drivers\sonypvl3.sys
2010/07/27 20:32:11.0437 sonypvt3 (6db72277b2d0db32d6b4a3882e966a97) C:\WINDOWS\system32\drivers\sonypvt3.sys
2010/07/27 20:32:11.0515 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/07/27 20:32:11.0609 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2010/07/27 20:32:11.0671 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/27 20:32:11.0703 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/27 20:32:11.0781 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/27 20:32:11.0859 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/07/27 20:32:11.0890 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/27 20:32:11.0984 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/27 20:32:12.0031 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/07/27 20:32:12.0062 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/07/27 20:32:12.0093 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/07/27 20:32:12.0125 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/07/27 20:32:12.0156 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/27 20:32:12.0234 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/27 20:32:12.0296 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/27 20:32:12.0328 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/27 20:32:12.0359 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/27 20:32:12.0437 tmactmon (582f43830daa5d9aad7aa514843d8905) C:\WINDOWS\system32\drivers\tmactmon.sys
2010/07/27 20:32:12.0515 tmcfw (fcfa40e475ff5549f5cd335f4046aba4) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2010/07/27 20:32:12.0625 tmcomm (949ef0df929a71d6cc77494dfcb1ddeb) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/07/27 20:32:12.0687 tmevtmgr (9d38ac83d56f9b5274a65d2666da9779) C:\WINDOWS\system32\drivers\tmevtmgr.sys
2010/07/27 20:32:12.0734 tmpreflt (c7c7959ec0940e0eddfc881fed8ec214) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2010/07/27 20:32:12.0796 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2010/07/27 20:32:12.0828 tmxpflt (3e615f370f0c7db414b6bcd1c18399d4) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
2010/07/27 20:32:12.0906 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/07/27 20:32:13.0000 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/27 20:32:13.0031 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/07/27 20:32:13.0093 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/27 20:32:13.0187 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/07/27 20:32:13.0281 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/27 20:32:13.0312 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/27 20:32:13.0343 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/27 20:32:13.0468 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/27 20:32:13.0546 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/27 20:32:13.0625 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
2010/07/27 20:32:13.0718 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
2010/07/27 20:32:13.0796 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/27 20:32:13.0828 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/27 20:32:13.0859 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/07/27 20:32:13.0890 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/07/27 20:32:13.0921 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/07/27 20:32:13.0953 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/27 20:32:14.0062 vsapint (60dfbc34228ca36221b03460789f5d4e) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2010/07/27 20:32:14.0203 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/27 20:32:14.0296 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/27 20:32:14.0406 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/07/27 20:32:14.0484 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/07/27 20:32:14.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/27 20:32:14.0609 ================================================================================
2010/07/27 20:32:14.0609 Scan finished
2010/07/27 20:32:14.0609 ================================================================================
2010/07/27 20:32:14.0640 Detected object count: 1
2010/07/27 20:35:24.0328 Forged file(SIODRV) - User select action: Skip
2010/07/27 20:35:42.0671 ================================================================================
2010/07/27 20:35:42.0671 Scan started
2010/07/27 20:35:42.0671 Mode: Manual;
2010/07/27 20:35:42.0671 ================================================================================
2010/07/27 20:35:43.0062 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/07/27 20:35:43.0078 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/27 20:35:43.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/27 20:35:43.0140 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/07/27 20:35:43.0218 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/07/27 20:35:43.0265 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/07/27 20:35:43.0281 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/07/27 20:35:43.0296 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/07/27 20:35:43.0312 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/07/27 20:35:43.0328 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/07/27 20:35:43.0328 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/07/27 20:35:43.0343 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/07/27 20:35:43.0359 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/07/27 20:35:43.0375 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/07/27 20:35:43.0375 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/07/27 20:35:43.0437 AngelUsb (3e36632373073b984c0114e0c03cc41a) C:\WINDOWS\system32\DRIVERS\AngelUsb.sys
2010/07/27 20:35:43.0468 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/07/27 20:35:43.0484 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/07/27 20:35:43.0500 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/07/27 20:35:43.0515 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/27 20:35:43.0531 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/27 20:35:43.0593 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/07/27 20:35:43.0625 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/27 20:35:43.0640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/27 20:35:43.0656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/27 20:35:43.0671 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/07/27 20:35:43.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/27 20:35:43.0734 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/07/27 20:35:43.0750 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/07/27 20:35:43.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/27 20:35:43.0781 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/27 20:35:43.0828 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/27 20:35:43.0859 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/07/27 20:35:43.0875 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/07/27 20:35:43.0921 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/07/27 20:35:43.0968 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/07/27 20:35:43.0984 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/07/27 20:35:44.0000 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/07/27 20:35:44.0015 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/27 20:35:44.0062 DLABMFSM (7a1e8f722479ef934d71798ac3617ed7) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/07/27 20:35:44.0078 DLABOIOM (2281b5c596c04645426b3771a3bd5657) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/07/27 20:35:44.0093 DLACDBHM (43749294a1d9f22fe164a62c1a42919d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/07/27 20:35:44.0109 DLADResM (54a3f9ebd1ddc975736f8e18a9b8fce9) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/07/27 20:35:44.0125 DLAIFS_M (e0fbaf0146bfceec29f31f07452db4ad) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/07/27 20:35:44.0140 DLAOPIOM (d3ce0c76496a5332032399639485774f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/07/27 20:35:44.0171 DLAPoolM (fce1882364d4c324b937a841ef9c58ac) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/07/27 20:35:44.0187 DLARTL_M (14183a8eff683eb0c1774802578ed0f4) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/07/27 20:35:44.0203 DLAUDFAM (2ef8c92ab8411589387845f58534c7d9) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/07/27 20:35:44.0218 DLAUDF_M (a2096fd7b5037085a3dc580e2891d2c4) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/07/27 20:35:44.0281 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/27 20:35:44.0312 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/27 20:35:44.0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/27 20:35:44.0390 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/27 20:35:44.0406 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/07/27 20:35:44.0468 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/27 20:35:44.0500 drvmcdb (1fb11e1eac27668754fd18a079cccfb3) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/07/27 20:35:44.0515 drvnddm (9628dfa16b1a47615c65318f8776f233) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/07/27 20:35:44.0625 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/07/27 20:35:44.0640 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/07/27 20:35:44.0671 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/27 20:35:44.0687 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/27 20:35:44.0718 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/27 20:35:44.0734 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/27 20:35:44.0765 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/07/27 20:35:44.0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/27 20:35:44.0812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/27 20:35:44.0843 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/07/27 20:35:44.0890 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2010/07/27 20:35:44.0937 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/27 20:35:44.0968 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/27 20:35:44.0984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/07/27 20:35:45.0046 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/27 20:35:45.0062 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/07/27 20:35:45.0078 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/07/27 20:35:45.0140 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/27 20:35:45.0171 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/27 20:35:45.0218 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/07/27 20:35:45.0328 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2010/07/27 20:35:45.0390 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2010/07/27 20:35:45.0406 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2010/07/27 20:35:45.0421 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/07/27 20:35:45.0468 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/27 20:35:45.0500 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/07/27 20:35:45.0515 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/27 20:35:45.0531 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/27 20:35:45.0578 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/27 20:35:45.0609 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/27 20:35:45.0671 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/27 20:35:45.0687 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/27 20:35:45.0718 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/27 20:35:45.0750 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/07/27 20:35:45.0812 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/27 20:35:45.0875 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/27 20:35:45.0937 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/27 20:35:46.0000 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/07/27 20:35:46.0015 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/27 20:35:46.0031 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/27 20:35:46.0046 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/07/27 20:35:46.0062 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2010/07/27 20:35:46.0078 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/27 20:35:46.0109 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/27 20:35:46.0125 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/27 20:35:46.0140 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/07/27 20:35:46.0203 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/27 20:35:46.0265 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/27 20:35:46.0281 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/27 20:35:46.0312 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/27 20:35:46.0375 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/27 20:35:46.0390 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/27 20:35:46.0406 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/27 20:35:46.0453 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/07/27 20:35:46.0468 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/27 20:35:46.0515 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2010/07/27 20:35:46.0546 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/07/27 20:35:46.0578 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/27 20:35:46.0593 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/07/27 20:35:46.0609 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/27 20:35:46.0640 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/27 20:35:46.0656 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/27 20:35:46.0671 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/27 20:35:46.0718 NEOFLTR_650_15255 (1240d1a4ae8346a6ec16c43f04faacb4) C:\WINDOWS\system32\Drivers\NEOFLTR_650_15255.SYS
2010/07/27 20:35:46.0734 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/27 20:35:46.0765 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/27 20:35:46.0781 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/27 20:35:46.0843 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/27 20:35:46.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/27 20:35:47.0015 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/27 20:35:47.0062 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/27 20:35:47.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/27 20:35:47.0203 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/07/27 20:35:47.0265 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/07/27 20:35:47.0312 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
2010/07/27 20:35:47.0343 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/27 20:35:47.0375 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/27 20:35:47.0421 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/27 20:35:47.0453 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/27 20:35:47.0500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/27 20:35:47.0546 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/27 20:35:47.0609 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/07/27 20:35:47.0609 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/07/27 20:35:47.0671 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2010/07/27 20:35:47.0703 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
2010/07/27 20:35:47.0718 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/27 20:35:47.0734 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/27 20:35:47.0781 PSMounter (a34811dd55c70e7bff960b8ca7a8c6d1) C:\WINDOWS\system32\drivers\psmounter.sys
2010/07/27 20:35:47.0843 pssnap (599dac0114eaf8edaf88b44d0c6183f6) C:\WINDOWS\system32\DRIVERS\pssnap.sys
2010/07/27 20:35:47.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/27 20:35:47.0890 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/27 20:35:47.0984 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2010/07/27 20:35:48.0046 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/07/27 20:35:48.0062 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/07/27 20:35:48.0078 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/07/27 20:35:48.0078 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/07/27 20:35:48.0093 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/07/27 20:35:48.0140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/27 20:35:48.0218 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/27 20:35:48.0234 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/27 20:35:48.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/27 20:35:48.0296 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/27 20:35:48.0312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/27 20:35:48.0375 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/27 20:35:48.0421 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/27 20:35:48.0453 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/27 20:35:48.0515 RxFilter (78f204f3a885de987d41b12f9bb8dffb) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2010/07/27 20:35:48.0562 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/27 20:35:48.0609 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2010/07/27 20:35:48.0640 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/27 20:35:48.0656 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/27 20:35:48.0703 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
2010/07/27 20:35:48.0750 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/07/27 20:35:48.0812 SIODRV (6fbba21e5ad173ecad3144ddff3a89bf) C:\WINDOWS\system32\drivers\SIODRV.SYS
2010/07/27 20:35:48.0812 Suspicious file (Forged): C:\WINDOWS\system32\drivers\SIODRV.SYS. Real md5: 6fbba21e5ad173ecad3144ddff3a89bf, Fake md5: f32fc556dfd8dbde6ed908220f157538
2010/07/27 20:35:48.0812 SIODRV - detected Forged file (1)
2010/07/27 20:35:48.0828 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/07/27 20:35:48.0890 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/07/27 20:35:48.0937 sonypvf3 (f576ee7cc67a9b1e6a0f6a9ec1b1e6ab) C:\WINDOWS\system32\drivers\sonypvf3.sys
2010/07/27 20:35:48.0968 sonypvl3 (9b70d51a35fe6230814d031e66f34651) C:\WINDOWS\system32\drivers\sonypvl3.sys
2010/07/27 20:35:49.0000 sonypvt3 (6db72277b2d0db32d6b4a3882e966a97) C:\WINDOWS\system32\drivers\sonypvt3.sys
2010/07/27 20:35:49.0015 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/07/27 20:35:49.0093 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2010/07/27 20:35:49.0140 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/27 20:35:49.0156 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/27 20:35:49.0234 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/27 20:35:49.0265 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/07/27 20:35:49.0281 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/27 20:35:49.0343 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/27 20:35:49.0359 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/07/27 20:35:49.0375 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/07/27 20:35:49.0390 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/07/27 20:35:49.0406 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/07/27 20:35:49.0421 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/27 20:35:49.0468 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/27 20:35:49.0515 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/27 20:35:49.0531 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/27 20:35:49.0546 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/27 20:35:49.0609 tmactmon (582f43830daa5d9aad7aa514843d8905) C:\WINDOWS\system32\drivers\tmactmon.sys
2010/07/27 20:35:49.0671 tmcfw (fcfa40e475ff5549f5cd335f4046aba4) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2010/07/27 20:35:49.0734 tmcomm (949ef0df929a71d6cc77494dfcb1ddeb) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/07/27 20:35:49.0796 tmevtmgr (9d38ac83d56f9b5274a65d2666da9779) C:\WINDOWS\system32\drivers\tmevtmgr.sys
2010/07/27 20:35:49.0828 tmpreflt (c7c7959ec0940e0eddfc881fed8ec214) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2010/07/27 20:35:49.0859 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2010/07/27 20:35:49.0890 tmxpflt (3e615f370f0c7db414b6bcd1c18399d4) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
2010/07/27 20:35:49.0906 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/07/27 20:35:49.0984 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/27 20:35:50.0000 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/07/27 20:35:50.0062 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/27 20:35:50.0125 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/07/27 20:35:50.0187 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/27 20:35:50.0203 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/27 20:35:50.0218 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/27 20:35:50.0265 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/27 20:35:50.0312 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/27 20:35:50.0359 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
2010/07/27 20:35:50.0406 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
2010/07/27 20:35:50.0453 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/27 20:35:50.0484 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/27 20:35:50.0546 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/07/27 20:35:50.0562 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/07/27 20:35:50.0562 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/07/27 20:35:50.0578 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/27 20:35:50.0671 vsapint (60dfbc34228ca36221b03460789f5d4e) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2010/07/27 20:35:50.0718 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/27 20:35:50.0796 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/27 20:35:50.0859 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/07/27 20:35:50.0921 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/07/27 20:35:50.0968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/27 20:35:51.0015 ================================================================================
2010/07/27 20:35:51.0015 Scan finished
2010/07/27 20:35:51.0015 ================================================================================
2010/07/27 20:35:51.0031 Detected object count: 1
2010/07/27 20:36:22.0281 Forged file(SIODRV) - User select action: Skip

************************************************************************
Thanks,
Brad

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:25 AM

Posted 28 July 2010 - 06:26 AM

Now rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to begin.
  • If offered the option to get information or buy software. Just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

    C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 brasha

brasha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 28 July 2010 - 04:59 PM

I did not receive a reply to the question I raised in my previous post regarding TSDDKiller.
I would rather wait for a reply to this question before proceeding with rescanning with MalwareBytes Anti-Malware followed by the ESET Online Scanner, particularly since my PC seemed to be functioning properly again after the action taken with MalwareBytes Anti-Malware.
My question regarding TSDDKiller was:
Downloaded,extracted and ran TDSSKiller.exe
1 suspicious object was found, but the program prompts were not as described in your last post.
The options available (in a dropdown list) were Skip, Quarantine, and Delete (Skip was the default)
I used the default 'Skip' action as I was uncertain on whether or not 'Quarantine' corresponds to the 'Cure' action you indicated in your email. ** Please let me know which option (skip, Quarantine, or Delete) I should use and I will run TDSSKiller.exe again.
The window showing the suspicious object indicated:
Service name: SIODRV
Servict type: Kernel driver (0x1)
Service start: Auto (0x2)
File: C:\WINDOWS\system32\drivers\SIODRV.SYS
MD5: 6fbba21e5ad173ecad3144ddff3a89bf
MD5(forged): f32fc556dfd8dbde6ed908220f157538

Thanks,
Brad

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:25 AM

Posted 28 July 2010 - 05:21 PM

Sorry I missed your question. The way it was written made it appear as part of the log itself which I scrolled through during my review.

My question regarding TSDDKiller was:
Downloaded,extracted and ran TDSSKiller.exe
1 suspicious object was found, but the program prompts were not as described in your last post.
The options available (in a dropdown list) were Skip, Quarantine, and Delete (Skip was the default)
I used the default 'Skip' action as I was uncertain on whether or not ' ' corresponds to the 'Cure' action you indicated in your email.


In the instructions I provided I said

Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.


I believe the default was changed to Cure when the tool was updated to a new version the other day. To be sure, delete that version and redownload it before running again.

If it still shows Skip as default, then change it to Cure when you rerun TSDDKiller. Quarantine moves the file to a safe location but does not repair the file which choosing Cure does.

When done with that, then continue with my instructions in Post #6.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 brasha

brasha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 28 July 2010 - 10:58 PM

Downloaded TDSSKiller.zip once more from the link provided in your earlier post.
Extracted TDSSKiller.exe - file is versin 2.4.0.0 created July 22 2010
Ran TDSSKiller.exe - same result as before:
1 Suspicious object found
Only options are:
Skip
Quarantine
Delete
There is no Cure option I left the option at Skip
Reading the documentation on the Kapersky site for TSSDKiller, Skip is the default for 'Suspicious' objects, whereas Cure or Delete is for 'Malicious' objects. I have a 'Suspicious' object and given the apparent now healthy behaviour of my PC, believe Skip is an appropriate choice.

Interestingly enough, when I clicked Close on the application, my PC blue-screened. It also did this last tiime.

I've also noticed there is an Event 7000 in the System event log indicating:
The SIODRV service failed to start due to the following error:
The specified driver is invalid.
*************
I will await your advice on whether
1. to run TDSSKiller again to choose Quarantine or Delete on the 'Suspicious' object
or
2. to continue with the instructions in your Post #6.
Thanks again,
Brad

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:25 AM

Posted 28 July 2010 - 11:37 PM

The scan log indicates the file is forged/has a Fake md5. Get a second opinion. Go to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, click the "browse" button and locate the following file:
C:\WINDOWS\System32\drivers\SIODRV.SYS <- this file
Click "Open", then click the "Submit" button.
-- Post back with the results of the file analysis in your next reply.

You can go ahead with the instructions in Post #6 and leave TDSSKiller alone for now.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 brasha

brasha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 July 2010 - 01:17 PM

1. Checked out C:\WINDOWS\System32\drivers\SIODRV.SYS with Jotti's virusscan and Virus Total - both reported OK - I've decided to leave it on my PC - service is failing to start each reboot anyway

2. Log from Malwarebytes Anti-Malware full scan
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4368

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

30/07/10 6:22:46 AM
mbam-log-2010-07-30 (06-22-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 479335
Time elapsed: 3 hour(s), 35 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Home_Backup_BRASHA\D-drive\InternetDownloads\MsgPlus-325.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Home_Backup_BRASHA\D-drive\Work\VisualBasic\TalkToComputer\Project1.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\InternetDownloads\AnalogX_SimpleServer_WWW.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

3. Log from ESET Online Antivirus Scanner
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a06ba6c28c295d4682c2cd2510dd9404
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-30 04:52:31
# local_time=2010-07-30 10:52:31 (-0700, Mountain Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=513 16777045 100 100 0 115358047 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=312505
# found=16
# cleaned=16
# scan_time=15018
C:\Documents and Settings\Erin\Local Settings\Temp\removalfile.bat Win32/Adware.Virtumonde application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Susan\Application Data\3b0b2b57.exe Win32/Olmarik.ABS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\C-drive\ezStub.exe a variant of Win32/Adware.Ezula application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\C-drive\ZFicons.exe a variant of Win32/Adware.Ezula application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\C-drive\Home\Erin\Netscape7\Profiles\Erin\0yaly9wi.slt\Mail\localhost\Inbox HTML/Phishing.gen trojan (contained infected files) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\C-drive\Home\Erin\Netscape7\Profiles\Erin\0yaly9wi.slt\Mail\localhost\Trash HTML/Phishing.gen trojan (contained infected files) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\C-drive\Home\Susan\Netscape7\Profiles\Susan\duy4fypd.slt\Mail\localhost\Inbox multiple threats (contained infected files) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\C-drive\Home\Susan\Netscape7\Profiles\Susan\duy4fypd.slt\Mail\localhost\Trash multiple threats (contained infected files) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\C-drive\Program Files\Kazaa\TopSearch.dll Win32/Adware.Altnet application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\C-drive\Program Files\Netscape\Communicator\Program\Plugins\npwthost.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\C-drive\WINDOWS\ezStub.exe a variant of Win32/Adware.Ezula application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\D-drive\Home_2005Aug02\Erin\Netscape7\Profiles\Erin\0yaly9wi.slt\Mail\localhost\Inbox HTML/Phishing.gen trojan (contained infected files) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\D-drive\Home_2005Aug02\Erin\Netscape7\Profiles\Erin\0yaly9wi.slt\Mail\localhost\Trash HTML/Phishing.gen trojan (contained infected files) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\D-drive\Home_2005Aug02\Susan\Netscape7\Profiles\Susan\duy4fypd.slt\Mail\localhost\Inbox HTML/Phishing.gen trojan (contained infected files) 00000000000000000000000000000000 C
C:\Home_Backup_BRASHA\D-drive\Home_2005Aug02\Susan\Netscape7\Profiles\Susan\duy4fypd.slt\Mail\localhost\Trash HTML/Phishing.gen trojan (contained infected files) 00000000000000000000000000000000 C
C:\RECYCLER\S-1-5-21-3689487953-1605432385-2519417945-1007\Dc5580.exe Win32/Olmarik.ABS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Thanks...Brad ... ? is there something I shoud do now in regards to System Restore points ?

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:25 AM

Posted 30 July 2010 - 02:27 PM

is there something I shoud do now in regards to System Restore points ?

Yes but first...how is your computer running now? Are there any more signs of infection or browser redirectis?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 brasha

brasha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 July 2010 - 05:28 PM

PC seems to be working normally now - now more browser redirects. Even after the first execution of MBAM when the strange DNS IP addresses were removed, I have not had browser redirects.
What would you recommend doing next ?

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:25 AM

Posted 30 July 2010 - 08:08 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 brasha

brasha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 31 July 2010 - 11:15 AM

I've completed the Post 14 instructions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users