Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple problems (Google redirect, Whitesmoke Translator, and others)


  • Please log in to reply
5 replies to this topic

#1 Starrk

Starrk

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 18 December 2010 - 08:03 PM

Hello bleeping computer community. As the title says I've run into multiple problems with my home computer and I'm not entirely sure if all are related, but I'm going to post a description of all of them just in case. I'm on a Dell Dimension C521 running Windows Vista Home Premium SP 2.

-Google Redirect: About a month and a half ago I started getting redirects on my Google searches in Firefox. At the same time a program called System Defragmenter was installed without my downloading it. After about a week I followed instructions on how to deal with both using ATF Cleaner and Malwarebytes. It seemingly worked. But about a week ago I started getting Google redirects again. And unlike the time before it started to redirect my searches within Chrome Browser as well. Its also affected IE 8.

-Whitesmoke Translator: Whitesmoke Translator appeared in the same way that System Defragmenter did. It first appeared yesterday even though I hadn't downloaded it. Something that I think may be related to it, although I might entirely sure, is a dll error that appears once I sign into one of my computer's accounts. Here's an image of what it looks like:

http://img214.imageshack.us/i/dllerror.jpg/

-Other problems that started to occur at around the same time:

-There are times when I try to logon to an account and I get a message along the lines of "The Group Policy Client service failed the logon."

-Blue screen error- I've gotten two messages during the blue screen error. "driver_irql_not_less_or_equal", which has been appearing most often whenever I log onto my computer's admin account. I also get a more random blue screen error, which I believe is the "NTFS_FILE_SYSTEM" error.

I'm not entirely sure if those errors are related, but I am sure that they only started to appear after the first two made their apperances.

Malwarebytes scan log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5351

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975

12/18/2010 7:24:24 PM
mbam-log-2010-12-18 (19-24-03).txt

Scan type: Quick scan
Objects scanned: 230869
Time elapsed: 14 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 31
Files Infected: 152

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82} (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F} (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{F33928A1-8849-48DE-BECB-829D7727AAF2} (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter.1 (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{064E314E-2382-46F2-A93A-239C7115579A} (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{54DE313F-2261-4B8E-A699-9AE1D69BC7C9} (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3D8A3085-A097-4312-B6A4-49FF1A4A460B} (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\WCaptureX.WResult.1 (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\WCaptureX.WResult (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C7E06D1D-4099-43D4-8C22-718E39713773} (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{68D76969-99CA-4057-9C66-9D0C6F497528} (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{BB283CBF-EB78-4438-BC3A-7563ED7FEDBF} (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\WMonitorX.WMonitorX.1 (PUP.WhiteSmoke) -> No action taken.
HKEY_CLASSES_ROOT\WMonitorX.WMonitorX (PUP.WhiteSmoke) -> No action taken.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wroge (Trojan.Hiloti) -> Value: Wroge -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sykpxown (Trojan.FakeAV.Gen) -> Value: sykpxown -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xviraderotegixi (Trojan.Agent.U) -> Value: Xviraderotegixi -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\whitesmoke translator (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\iepngfix (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\style (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\style (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\style (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\style (PUP.WhiteSmoke) -> No action taken.
c:\Users\Admin\AppData\Roaming\whitesmoketranslator (PUP.WhiteSmoke) -> No action taken.
c:\Users\oscar santana\AppData\Roaming\whitesmoketranslator (PUP.WhiteSmoke) -> No action taken.

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\nsipcf.dll (Trojan.Hiloti) -> No action taken.
c:\Windows\Temp\ytfayrfcl\otahxohaffm.exe (Trojan.FakeAV.Gen) -> No action taken.
c:\Windows\Temp\fcmepok.exe (Trojan.Hiloti) -> No action taken.
c:\Windows\Temp\wgfedg.exe (Adware.Agent) -> No action taken.
c:\Windows\Temp\xgfuvkeq.exe (Trojan.FakeAV.Gen) -> No action taken.
c:\Windows\Temp\hyme\setup.exe (Trojan.Dropper) -> No action taken.
c:\Users\Public\documents\Server\admin.txt (Malware.Trace) -> No action taken.
c:\Users\Public\documents\Server\server.dat (Malware.Trace) -> No action taken.
c:\Windows\Fonts\EQIqw3KV.com (Malware.Generic) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\arivajiy.dll (Trojan.Agent.U) -> No action taken.
c:\program files\whitesmoke translator\buy.ico (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\comvistaelevator.dll (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\dictionary48x48.ico (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\license_agreement_translator.txt (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\osmax.ocx (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\secman.dll (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\settings.ini (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\TCCons.dll (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\WCapture.dll (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\wcapturex.dll (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\WCustom.dll (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\WHook.dll (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\wmonitorx.dll (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\wsdicthookdll.dll (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\WSLogger.exe (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\iepngfix\blank.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\iepngfix\checkerboard.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\iepngfix\helix.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\iepngfix\iepngfix.htc (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\iepngfix\iepngfix.html (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\iepngfix\opacity.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\js\common.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\js\pngfix.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\js\prototype.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\common\js\xmlhttp.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\index.html (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\spacer.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\ajax-loader.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\bottom_bg.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\bottom_left_corner.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_bottom_left.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_bottom_right.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_top_left.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_top_right.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\down_arrow.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\empty.jpg (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\input_bg.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\left_input.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\loading_dictionary.swf (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\resize.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\right_input.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\search_strip_bg3.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_disabled.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_press.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\down_arrow.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_disabled.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_press.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_disabled.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_press.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_disabled.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_press.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_normal.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_pressed.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_rollover.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_disabled.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_press.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_down.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_down.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_down.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_off.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_press.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_roll_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip_right_corner.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip_right_corner.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_off.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_press.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_roll_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\logo.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg_bottom.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg_top.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_captionbar_press.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_captionbar_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\common.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\contextmenu.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\dictinterface.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\jquery.combobox.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\jquery.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\prototype.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\xmlhttp.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\style\combobox.css (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\style\contextmenu.css (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientdic\style\dictionary.css (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\index.html (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\body_bg.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\congra.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_click.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\intro.jpg (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\welcome.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_down.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\logo.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\js\reginterface.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientregistration\style\registration.css (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\index.html (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\welcome_all.html (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\welcome_expired.html (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\buy_button.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_down.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_over.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_up.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button_down.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\expired_bg.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.jpg (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.jpg (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic\use_ws_bgnew.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\arrow_white.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\left_bot_chunk.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\right_bot_chunk.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\white_x_button.gif (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\js\iframeinterface.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\style\welcome.css (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\js\welcomeinterface.js (PUP.WhiteSmoke) -> No action taken.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\style\welcomescreen.css (PUP.WhiteSmoke) -> No action taken.


Edited by Starrk, 18 December 2010 - 08:30 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:54 PM

Posted 18 December 2010 - 11:38 PM

Hello, you did click the Remove Selected button in that scan?


The WhiteSmoke web site indicates it makes English grammar correction software, translation software, and other specialized English writing tools. However, many users have reported they did not know how WhiteSmoke was downloaded or installed. From our investigation and dealings with this software we are also finding many cases of it with a TDSS rootkit infection. So depending on the severity of system infection will determine how the disinfection process goes.

The web site says the software can be removed through Add/Remove Programs or Programs and Features if using Vista/Windows 7 so check there first, highlight anything with the name "Whitesmoke", select Remove and restart the computer normally. This appears to work in most cases with the Whitesmoke Toolbar but not with the Translator.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 18 December 2010 - 11:40 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Starrk

Starrk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 19 December 2010 - 12:07 AM

Thanks for the reply. I was able to uninstall Whitesmoke through Add/Remove Programs. I thought I had checked to see if I could find it there before, but I guess I hadn't.

Here's the TDSSkiller log:

2010/12/18 19:29:34.0111 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/18 19:29:34.0111 ================================================================================
2010/12/18 19:29:34.0111 SystemInfo:
2010/12/18 19:29:34.0111
2010/12/18 19:29:34.0111 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/18 19:29:34.0111 Product type: Workstation
2010/12/18 19:29:34.0111 ComputerName: ADMIN-PC
2010/12/18 19:29:34.0111 UserName: Admin
2010/12/18 19:29:34.0111 Windows directory: C:\Windows
2010/12/18 19:29:34.0111 System windows directory: C:\Windows
2010/12/18 19:29:34.0111 Processor architecture: Intel x86
2010/12/18 19:29:34.0111 Number of processors: 2
2010/12/18 19:29:34.0111 Page size: 0x1000
2010/12/18 19:29:34.0111 Boot type: Safe boot with network
2010/12/18 19:29:34.0111 ================================================================================
2010/12/18 19:29:34.0486 Initialize success
2010/12/18 19:29:39.0852 ================================================================================
2010/12/18 19:29:39.0852 Scan started
2010/12/18 19:29:39.0852 Mode: Manual;
2010/12/18 19:29:39.0852 ================================================================================
2010/12/18 19:29:42.0036 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/18 19:29:42.0114 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/18 19:29:42.0176 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/18 19:29:42.0239 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/18 19:29:42.0301 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/18 19:29:42.0395 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/18 19:29:42.0473 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/12/18 19:29:42.0520 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/18 19:29:42.0629 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2010/12/18 19:29:42.0660 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/12/18 19:29:42.0691 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2010/12/18 19:29:42.0754 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/18 19:29:42.0785 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/18 19:29:42.0847 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/18 19:29:42.0910 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/18 19:29:42.0988 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/18 19:29:43.0034 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
2010/12/18 19:29:43.0424 atikmdag (38973519d2a61e33e49a09c6b05621cd) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/18 19:29:43.0705 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/12/18 19:29:43.0783 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/18 19:29:44.0392 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/18 19:29:44.0516 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/18 19:29:44.0563 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/18 19:29:44.0657 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/18 19:29:44.0719 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/18 19:29:44.0750 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/18 19:29:44.0813 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/18 19:29:44.0860 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/18 19:29:44.0969 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
2010/12/18 19:29:45.0047 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/18 19:29:45.0125 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/18 19:29:45.0187 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/18 19:29:45.0250 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/18 19:29:45.0343 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2010/12/18 19:29:45.0390 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/12/18 19:29:45.0437 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/18 19:29:45.0484 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/18 19:29:45.0562 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/18 19:29:45.0671 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/18 19:29:45.0749 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2010/12/18 19:29:45.0796 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2010/12/18 19:29:45.0842 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2010/12/18 19:29:45.0889 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
2010/12/18 19:29:45.0920 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2010/12/18 19:29:45.0967 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2010/12/18 19:29:46.0030 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2010/12/18 19:29:46.0076 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2010/12/18 19:29:46.0108 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2010/12/18 19:29:46.0139 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2010/12/18 19:29:46.0264 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/18 19:29:46.0295 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2010/12/18 19:29:46.0342 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2010/12/18 19:29:46.0466 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/12/18 19:29:46.0529 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys
2010/12/18 19:29:46.0638 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/18 19:29:46.0732 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/18 19:29:46.0825 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/18 19:29:46.0888 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/18 19:29:47.0012 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/18 19:29:47.0168 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/18 19:29:47.0231 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/18 19:29:47.0278 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/18 19:29:47.0356 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/18 19:29:47.0418 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/18 19:29:47.0480 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/18 19:29:47.0590 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/18 19:29:47.0683 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/18 19:29:47.0746 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/18 19:29:47.0808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/12/18 19:29:47.0886 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/18 19:29:47.0964 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/18 19:29:47.0995 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/18 19:29:48.0026 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/18 19:29:48.0058 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/18 19:29:48.0089 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/18 19:29:48.0198 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/18 19:29:48.0292 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/12/18 19:29:48.0401 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/18 19:29:48.0448 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/18 19:29:48.0526 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/18 19:29:48.0588 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/18 19:29:48.0650 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/18 19:29:48.0775 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2010/12/18 19:29:48.0822 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/18 19:29:48.0900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/18 19:29:48.0994 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/18 19:29:49.0056 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/18 19:29:49.0134 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/18 19:29:49.0228 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/12/18 19:29:49.0290 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/18 19:29:49.0368 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/18 19:29:49.0586 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/18 19:29:49.0789 Jukebox (e1599fdae5bf62ef54af7027ac4115b5) C:\Windows\system32\DRIVERS\ctpdusb2.sys
2010/12/18 19:29:49.0867 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/18 19:29:49.0976 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/18 19:29:50.0054 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/18 19:29:50.0195 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/18 19:29:50.0273 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/18 19:29:50.0382 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/18 19:29:50.0444 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/18 19:29:50.0554 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/18 19:29:50.0741 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/18 19:29:50.0819 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/18 19:29:50.0912 mfeavfk (6ecb15c5bfc558fbaae281a31d47d2da) C:\Windows\system32\drivers\mfeavfk.sys
2010/12/18 19:29:50.0944 mfebopk (8def79edaecfcd2b4e4401dd80ae78b8) C:\Windows\system32\drivers\mfebopk.sys
2010/12/18 19:29:50.0975 mfehidk (9aa314e724b082a085a447e023450c03) C:\Windows\system32\drivers\mfehidk.sys
2010/12/18 19:29:51.0037 mferkdk (90cb36d70120ec2454ae5ec21bfeb15e) C:\Windows\system32\drivers\mferkdk.sys
2010/12/18 19:29:51.0084 mfesmfk (633573ae75463a05c78ff35732e615da) C:\Windows\system32\drivers\mfesmfk.sys
2010/12/18 19:29:51.0146 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/18 19:29:51.0256 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/18 19:29:51.0318 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/18 19:29:51.0365 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/18 19:29:51.0427 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/18 19:29:51.0521 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/18 19:29:51.0599 MPFP (c5c360df921a892c46ae8ba7c0aadb4c) C:\Windows\system32\Drivers\Mpfp.sys
2010/12/18 19:29:51.0677 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/18 19:29:51.0739 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/18 19:29:51.0817 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/18 19:29:51.0880 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/18 19:29:51.0973 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/18 19:29:52.0020 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/18 19:29:52.0082 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/18 19:29:52.0145 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/18 19:29:52.0207 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2010/12/18 19:29:52.0254 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/18 19:29:52.0301 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/18 19:29:52.0348 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/18 19:29:52.0457 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/18 19:29:52.0566 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/18 19:29:52.0644 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/18 19:29:52.0706 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/18 19:29:52.0784 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/18 19:29:52.0862 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/18 19:29:52.0925 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/18 19:29:53.0034 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/18 19:29:53.0112 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/18 19:29:53.0221 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/18 19:29:53.0393 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/18 19:29:53.0471 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/18 19:29:53.0533 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/18 19:29:53.0596 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/18 19:29:53.0642 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/18 19:29:53.0736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/18 19:29:53.0814 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/18 19:29:53.0876 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/18 19:29:53.0954 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/18 19:29:54.0032 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/18 19:29:54.0095 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/18 19:29:54.0266 nvlddmkm (b02587fa997723297384c95f424e78fa) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/18 19:29:54.0454 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/18 19:29:54.0516 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2010/12/18 19:29:54.0578 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/12/18 19:29:54.0719 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/18 19:29:54.0812 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/18 19:29:54.0875 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/18 19:29:54.0922 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/18 19:29:55.0000 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/18 19:29:55.0062 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
2010/12/18 19:29:55.0124 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/18 19:29:55.0234 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/18 19:29:55.0405 PnkBstrK (02b76eeecc9ad70d26ff9653929b5740) C:\Windows\system32\drivers\PnkBstrK.sys
2010/12/18 19:29:55.0483 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/18 19:29:55.0530 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/18 19:29:55.0592 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/18 19:29:55.0670 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/18 19:29:55.0733 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/18 19:29:55.0795 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/18 19:29:55.0842 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/18 19:29:56.0045 R300 (38973519d2a61e33e49a09c6b05621cd) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/18 19:29:56.0123 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/18 19:29:56.0216 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/18 19:29:56.0294 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/18 19:29:56.0341 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/18 19:29:56.0404 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/18 19:29:56.0466 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/18 19:29:56.0513 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/12/18 19:29:56.0560 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/18 19:29:56.0622 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/18 19:29:56.0700 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/18 19:29:56.0778 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\Windows\system32\DRIVERS\rt25usbap.sys
2010/12/18 19:29:56.0856 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/18 19:29:56.0887 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/12/18 19:29:56.0950 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/12/18 19:29:57.0043 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/18 19:29:57.0121 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/18 19:29:57.0168 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/18 19:29:57.0184 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/18 19:29:57.0230 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/18 19:29:57.0277 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/12/18 19:29:57.0308 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/18 19:29:57.0340 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/18 19:29:57.0371 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/18 19:29:57.0433 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/12/18 19:29:57.0496 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/18 19:29:57.0542 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/18 19:29:57.0605 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/18 19:29:57.0698 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/18 19:29:57.0776 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/12/18 19:29:57.0901 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/18 19:29:57.0979 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/18 19:29:58.0057 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/18 19:29:58.0151 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
2010/12/18 19:29:58.0291 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/18 19:29:58.0338 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/18 19:29:58.0385 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/18 19:29:58.0447 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/18 19:29:58.0556 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/18 19:29:58.0666 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/18 19:29:58.0759 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/18 19:29:58.0806 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/18 19:29:58.0853 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/18 19:29:58.0931 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/18 19:29:59.0009 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/18 19:29:59.0102 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/18 19:29:59.0165 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/18 19:29:59.0227 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/18 19:29:59.0274 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/18 19:29:59.0368 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/18 19:29:59.0446 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/18 19:29:59.0539 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/18 19:29:59.0602 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/18 19:29:59.0664 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/18 19:29:59.0726 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/18 19:29:59.0836 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/18 19:29:59.0898 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/18 19:29:59.0976 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
2010/12/18 19:30:00.0038 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/18 19:30:00.0070 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/18 19:30:00.0116 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2010/12/18 19:30:00.0194 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/18 19:30:00.0319 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/18 19:30:00.0382 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2010/12/18 19:30:00.0428 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/18 19:30:00.0491 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/18 19:30:00.0553 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/18 19:30:00.0584 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/18 19:30:00.0631 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/18 19:30:00.0678 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/18 19:30:00.0725 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/12/18 19:30:00.0787 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/18 19:30:00.0850 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2010/12/18 19:30:00.0943 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/18 19:30:01.0021 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/18 19:30:01.0115 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/18 19:30:01.0177 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/18 19:30:01.0224 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/18 19:30:01.0286 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/18 19:30:01.0302 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/18 19:30:01.0380 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/18 19:30:01.0458 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/18 19:30:01.0614 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/18 19:30:01.0723 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2010/12/18 19:30:01.0801 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/18 19:30:01.0895 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/18 19:30:01.0973 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/18 19:30:02.0113 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/18 19:30:02.0176 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/18 19:30:02.0222 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/18 19:30:02.0316 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/18 19:30:02.0316 ================================================================================
2010/12/18 19:30:02.0316 Scan finished
2010/12/18 19:30:02.0316 ================================================================================
2010/12/18 19:30:02.0347 Detected object count: 1
2010/12/18 19:30:52.0220 \HardDisk0 - will be cured after reboot
2010/12/18 19:30:52.0220 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/18 19:31:02.0579 Deinitialize success


And the Malwarebytes log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5351

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975

12/19/2010 12:02:15 AM
mbam-log-2010-12-19 (00-02-15).txt

Scan type: Quick scan
Objects scanned: 229641
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wroge (Trojan.Hiloti) -> Value: Wroge -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xviraderotegixi (Trojan.Agent.U) -> Value: Xviraderotegixi -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Admin\AppData\Roaming\whitesmoketranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\oscar santana\AppData\Roaming\whitesmoketranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\nsipcf.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Public\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Public\documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\Fonts\EQIqw3KV.com (Malware.Generic) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\arivajiy.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:54 PM

Posted 19 December 2010 - 02:16 PM

OK, good the rootkit was there and removed. This is a stubborn mlaware,however I feel after these we should have it.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
Close all open browsers before using, especially FireFox. <-Important!!!
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Now an Online scan..
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.

One more look with MBAM...

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Starrk

Starrk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 20 December 2010 - 11:09 AM

I tried posting the SAS log, but it seems its too long. Is there anyway I could attach the txt file or maybe shorten it a bit?

As for my computer's performance, its been doing well since the TDSSKiller scan.I haven't had any crashes, no dll error messages, and no "Group Policy Client" errors. Also I hadn't been able to update Windows in a while. Every time I'd go to the Windows update site it wouldn't load. Yesterday my computer updated for the first time in a long time.

ESET log:

C:\ProgramData\AOL Downloads\triton_suite_install\6.1.32.1\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\Users\Didiel Santana.Admin-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8C817EL\install[1].exe Win32/Adware.BHO.DE application deleted - quarantined
C:\Users\Didiel Santana.Admin-PC\AppData\Local\{8E94F725-8C1B-4DBD-B9F5-A623113F7B57}\Pando.msi probably a variant of Win32/Agent.FGYWGLO trojan deleted - quarantined


MBAM Log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5361

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

12/20/2010 10:54:31 AM
mbam-log-2010-12-20 (10-54-31).txt

Scan type: Quick scan
Objects scanned: 234201
Time elapsed: 30 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Edited by Starrk, 20 December 2010 - 11:16 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:54 PM

Posted 20 December 2010 - 11:41 AM

Try just copy/paste the parts that are NOT cookies.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users