Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to random sites


  • Please log in to reply
3 replies to this topic

#1 jorgelorenzo

jorgelorenzo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 18 January 2011 - 01:34 PM

Hi
After searching on google and clicking a link from the results I often get redirected to random advert sites. Also occasionally popups appear from nowhere when not even using the computer. I have Malwarebytes Antimalware which I have done a quick scan but it doesnt pick anything up. Neither does my Norton Antivirus. Any help would be much appreciated.

Edited by Budapest, 18 January 2011 - 04:17 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:50 PM

Posted 18 January 2011 - 10:06 PM

Hello and welcome. let's do this...

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Reboot to Normal mode and rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post TDSS,SAS amd MBAM logs and Let us know how the PC is running now.

Edited by boopme, 18 January 2011 - 10:07 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jorgelorenzo

jorgelorenzo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 19 January 2011 - 06:43 PM

Hi
I followed the instructions all the way through, but still have the same problem. The other house mates I live with say they have the same problem as me, is it possible for something like this to travel over the wireless network from computer to computer?

Here are the logs you asked for:

2011/01/19 18:48:06.0410 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/19 18:48:06.0410 ================================================================================
2011/01/19 18:48:06.0410 SystemInfo:
2011/01/19 18:48:06.0410
2011/01/19 18:48:06.0410 OS Version: 6.0.6002 ServicePack: 2.0
2011/01/19 18:48:06.0410 Product type: Workstation
2011/01/19 18:48:06.0410 ComputerName: BEX-LAPTOP
2011/01/19 18:48:06.0411 UserName: Bex
2011/01/19 18:48:06.0411 Windows directory: C:\Windows
2011/01/19 18:48:06.0411 System windows directory: C:\Windows
2011/01/19 18:48:06.0411 Processor architecture: Intel x86
2011/01/19 18:48:06.0411 Number of processors: 2
2011/01/19 18:48:06.0411 Page size: 0x1000
2011/01/19 18:48:06.0411 Boot type: Normal boot
2011/01/19 18:48:06.0411 ================================================================================
2011/01/19 18:48:06.0875 Initialize success
2011/01/19 18:49:33.0460 ================================================================================
2011/01/19 18:49:33.0460 Scan started
2011/01/19 18:49:33.0460 Mode: Manual;
2011/01/19 18:49:33.0460 ================================================================================
2011/01/19 18:49:35.0835 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/01/19 18:49:36.0463 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/01/19 18:49:37.0102 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/01/19 18:49:37.0548 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/01/19 18:49:38.0236 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/01/19 18:49:38.0960 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/01/19 18:49:39.0690 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/01/19 18:49:40.0090 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/01/19 18:49:40.0703 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/01/19 18:49:41.0199 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/01/19 18:49:41.0875 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/01/19 18:49:42.0293 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/01/19 18:49:42.0448 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/01/19 18:49:42.0514 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/01/19 18:49:42.0603 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/01/19 18:49:43.0258 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/01/19 18:49:43.0768 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/19 18:49:44.0154 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/01/19 18:49:45.0217 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/01/19 18:49:45.0578 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/01/19 18:49:45.0980 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2011/01/19 18:49:46.0165 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/01/19 18:49:46.0657 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/19 18:49:47.0064 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/19 18:49:47.0204 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/01/19 18:49:47.0818 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/01/19 18:49:48.0195 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/01/19 18:49:48.0673 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/19 18:49:49.0071 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/01/19 18:49:49.0653 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/01/19 18:49:50.0398 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys
2011/01/19 18:49:51.0144 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/19 18:49:51.0552 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/19 18:49:51.0968 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/01/19 18:49:52.0211 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/01/19 18:49:52.0683 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/19 18:49:53.0177 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/01/19 18:49:55.0430 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/19 18:49:55.0509 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/01/19 18:49:55.0553 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/01/19 18:49:55.0782 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/01/19 18:49:56.0080 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/01/19 18:49:56.0515 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/01/19 18:49:57.0090 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/19 18:49:57.0644 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/01/19 18:49:58.0015 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/01/19 18:49:58.0500 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/01/19 18:49:58.0793 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/19 18:49:59.0335 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/01/19 18:49:59.0980 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/19 18:50:00.0105 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/01/19 18:50:00.0237 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/01/19 18:50:00.0287 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/01/19 18:50:00.0343 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/19 18:50:00.0484 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/01/19 18:50:00.0784 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/01/19 18:50:01.0202 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/19 18:50:01.0992 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/01/19 18:50:02.0520 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2011/01/19 18:50:03.0040 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/19 18:50:03.0610 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/19 18:50:03.0882 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/01/19 18:50:04.0114 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/19 18:50:04.0161 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/01/19 18:50:04.0251 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/01/19 18:50:04.0305 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/19 18:50:04.0341 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/01/19 18:50:05.0078 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/01/19 18:50:05.0650 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/01/19 18:50:06.0242 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/01/19 18:50:06.0702 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/01/19 18:50:07.0300 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/19 18:50:07.0954 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/01/19 18:50:08.0310 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/01/19 18:50:08.0973 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110117.001\IDSvix86.sys
2011/01/19 18:50:10.0005 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/01/19 18:50:10.0412 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/01/19 18:50:10.0765 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
2011/01/19 18:50:10.0885 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/19 18:50:10.0969 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/19 18:50:11.0025 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/19 18:50:11.0587 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/19 18:50:12.0140 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/19 18:50:12.0805 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/01/19 18:50:13.0150 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/01/19 18:50:13.0929 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/19 18:50:14.0085 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/01/19 18:50:14.0147 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/01/19 18:50:14.0896 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/19 18:50:15.0310 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/19 18:50:15.0765 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/19 18:50:16.0327 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/19 18:50:16.0777 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/19 18:50:17.0533 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/19 18:50:18.0038 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/19 18:50:18.0632 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/01/19 18:50:18.0952 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/01/19 18:50:19.0003 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/01/19 18:50:19.0069 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/01/19 18:50:19.0166 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/01/19 18:50:19.0231 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/19 18:50:19.0262 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/19 18:50:19.0295 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/19 18:50:19.0348 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/01/19 18:50:19.0424 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/01/19 18:50:20.0089 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/19 18:50:20.0283 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/19 18:50:20.0814 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/19 18:50:21.0226 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/19 18:50:21.0844 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/19 18:50:22.0406 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/19 18:50:22.0838 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/01/19 18:50:23.0534 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/01/19 18:50:24.0059 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/01/19 18:50:24.0557 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/01/19 18:50:24.0680 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/19 18:50:24.0729 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/19 18:50:24.0761 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/01/19 18:50:25.0245 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/01/19 18:50:25.0844 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/19 18:50:26.0262 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/01/19 18:50:26.0677 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/01/19 18:50:27.0077 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/19 18:50:27.0682 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110118.017\NAVENG.SYS
2011/01/19 18:50:28.0568 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110118.017\NAVEX15.SYS
2011/01/19 18:50:29.0098 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/01/19 18:50:29.0546 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/19 18:50:30.0053 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/19 18:50:30.0490 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/19 18:50:31.0048 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/01/19 18:50:31.0558 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/19 18:50:32.0035 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/19 18:50:32.0684 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/01/19 18:50:33.0213 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/01/19 18:50:33.0933 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/19 18:50:34.0755 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/01/19 18:50:35.0315 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/01/19 18:50:36.0060 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/01/19 18:50:36.0646 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/01/19 18:50:37.0226 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/01/19 18:50:38.0040 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/01/19 18:50:39.0676 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2011/01/19 18:50:40.0524 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2011/01/19 18:50:40.0938 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/19 18:50:41.0259 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/01/19 18:50:41.0772 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/01/19 18:50:42.0253 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/01/19 18:50:42.0870 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/01/19 18:50:43.0463 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/01/19 18:50:44.0016 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/01/19 18:50:44.0467 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/01/19 18:50:45.0113 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/01/19 18:50:45.0803 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/19 18:50:46.0372 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/01/19 18:50:47.0092 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/19 18:50:47.0996 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/01/19 18:50:48.0747 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/01/19 18:50:49.0294 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/19 18:50:50.0107 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/19 18:50:50.0817 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/19 18:50:51.0284 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/19 18:50:52.0055 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/19 18:50:52.0422 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/19 18:50:52.0899 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/19 18:50:53.0418 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/19 18:50:54.0100 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/01/19 18:50:54.0730 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/19 18:50:55.0554 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/01/19 18:50:55.0970 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/01/19 18:50:56.0109 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/01/19 18:50:56.0144 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/01/19 18:50:56.0232 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/19 18:50:56.0550 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/01/19 18:50:57.0273 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/19 18:50:57.0749 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/19 18:50:58.0208 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/01/19 18:50:58.0816 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/01/19 18:50:59.0101 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/01/19 18:50:59.0809 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/19 18:51:00.0809 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/19 18:51:01.0241 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/19 18:51:01.0765 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/01/19 18:51:02.0227 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/01/19 18:51:02.0605 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/01/19 18:51:03.0006 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/01/19 18:51:03.0433 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/01/19 18:51:03.0913 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/01/19 18:51:04.0389 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS
2011/01/19 18:51:04.0747 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS
2011/01/19 18:51:05.0157 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/01/19 18:51:05.0575 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/19 18:51:06.0071 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/19 18:51:06.0498 ssm_bus (df5c19f053eff7f8ba25d73aea899656) C:\Windows\system32\DRIVERS\ssm_bus.sys
2011/01/19 18:51:07.0051 ssm_mdfl (43ee5e9fda61a5e0eac4c1de699e6e4d) C:\Windows\system32\DRIVERS\ssm_mdfl.sys
2011/01/19 18:51:07.0214 ssm_mdm (918cfd32c7feb174f356a0a6fad11f4b) C:\Windows\system32\DRIVERS\ssm_mdm.sys
2011/01/19 18:51:07.0286 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\Windows\system32\DRIVERS\ss_bbus.sys
2011/01/19 18:51:07.0539 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
2011/01/19 18:51:08.0142 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\Windows\system32\DRIVERS\ss_bmdm.sys
2011/01/19 18:51:08.0804 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/01/19 18:51:09.0229 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/19 18:51:09.0299 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/01/19 18:51:09.0690 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS
2011/01/19 18:51:10.0198 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/01/19 18:51:10.0757 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS
2011/01/19 18:51:11.0130 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/01/19 18:51:11.0587 SYMNDISV (dcbf73da96cce94933c8cc6eded3c98b) C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
2011/01/19 18:51:12.0286 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2011/01/19 18:51:12.0818 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/01/19 18:51:13.0066 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/01/19 18:51:13.0851 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/01/19 18:51:14.0285 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/19 18:51:14.0717 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/19 18:51:15.0108 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/01/19 18:51:15.0293 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/01/19 18:51:15.0378 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/19 18:51:15.0440 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/19 18:51:15.0596 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/19 18:51:15.0663 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/01/19 18:51:15.0719 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/19 18:51:15.0763 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/01/19 18:51:15.0814 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/19 18:51:15.0883 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/19 18:51:15.0945 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/01/19 18:51:16.0410 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/01/19 18:51:16.0920 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/01/19 18:51:17.0436 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/19 18:51:17.0564 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/19 18:51:17.0608 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/01/19 18:51:17.0805 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/19 18:51:17.0858 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/19 18:51:17.0909 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/01/19 18:51:18.0467 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/19 18:51:18.0583 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/19 18:51:18.0632 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/19 18:51:18.0728 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/19 18:51:18.0799 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/19 18:51:18.0899 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/01/19 18:51:18.0930 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/01/19 18:51:18.0963 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/01/19 18:51:19.0062 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/01/19 18:51:19.0541 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/01/19 18:51:20.0098 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/01/19 18:51:20.0703 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/01/19 18:51:21.0312 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/01/19 18:51:22.0052 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/01/19 18:51:22.0800 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/19 18:51:22.0857 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/19 18:51:23.0622 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/01/19 18:51:24.0393 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/19 18:51:25.0330 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/01/19 18:51:26.0057 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/19 18:51:27.0008 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/01/19 18:51:27.0906 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/19 18:51:28.0427 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/19 18:51:29.0328 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/01/19 18:51:30.0066 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/01/19 18:51:30.0137 ================================================================================
2011/01/19 18:51:30.0137 Scan finished
2011/01/19 18:51:30.0137 ================================================================================
2011/01/19 19:00:02.0346 Deinitialize success






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/19/2011 at 09:34 PM

Application Version : 4.48.1000

Core Rules Database Version : 6234
Trace Rules Database Version: 4046

Scan type : Complete Scan
Total Scan Time : 01:36:48

Memory items scanned : 341
Memory threats detected : 0
Registry items scanned : 7855
Registry threats detected : 0
File items scanned : 151736
File threats detected : 110

Adware.Tracking Cookie
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\bex@myroitracking[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\bex@ads.bleepingcomputer[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\bex@doubleclick[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\bex@collective-media[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\bex@clicksor[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\bex@atdmt[1].txt
.divx.112.2o7.net [ C:\Users\Bex\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Bex\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
m1.emea.2mdn.net [ C:\Users\Bex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
2mdn.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
acvs.mediaonenetwork.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
ads1.msn.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
atdmt.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
cdn5.specificclick.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
cdn5.tribalfusion.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
content.oddcast.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
ds.serving-sys.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
ec.atdmt.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
bleepedhard18.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
googleads.g.doubleclick.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
ia.media-imdb.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
img-cdn.mediaplex.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
interclick.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
m.uk.2mdn.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
m1.2mdn.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
m1.emea.2mdn.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
media.mtvnservices.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
media.onsugar.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
media.resulthost.org [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
media.scanscout.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
media.socialvibe.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
media.tattomedia.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
media01.kyte.tv [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
mediaforgews.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
msntest.serving-sys.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
objects.tremormedia.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
oddcast.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
s0.2mdn.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
secure-uk.imrworldwide.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
secure-us.imrworldwide.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
serving-sys.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
spe.atdmt.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
stat.easydate.biz [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
static.2mdn.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
uk.2mdn.net [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
www.adserverplatform.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
www.pornhub.com [ C:\Users\Bex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XLWXYTS4 ]
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@122.2o7[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@a1.interclick[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@ad.zanox[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@adbrite[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@adbrite[3].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@adecn[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@admarketplace[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@ads.bleepingcomputer[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@ads.pubmatic[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@ads.rcs[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@adtech[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@advertise[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@advertising[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@adviva[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@apmebf[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@at.atwola[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@atdmt[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@bestquickfind[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@bestspeedfind[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@bridge2.admarketplace[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@bs.serving-sys[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@clicks.bestquickfind[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@clicks.bestspeedfind[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@clicks.blizzsearch[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@clicks.search312[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@clicksor[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@collective-media[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@crosscountrytrains.co[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@doubleclick[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@doubleclick[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@eas.apm.emediate[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@eyewonder[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@highbeam.122.2o7[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@imrworldwide[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@interclick[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@invitemedia[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@kaspersky.122.2o7[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@liveperson[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@liveperson[3].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@media6degrees[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@mediabrandsww[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@mediaplex[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@myroitracking[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@pro-market[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@questionmarket[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@revsci[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@rotator.adjuggler[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@ru4[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@server.lon.liveperson[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@serving-sys[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@smartadserver[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@specificclick[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@statcounter[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@statse.webtrendslive[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@tacoda.at.atwola[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@theclickcheck[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@tradedoubler[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@tribalfusion[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@uk.at.atwola[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@www.adserverplatform[1].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@www.buytickets.crosscountrytrains.co[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@www.clickmanage[2].txt
C:\Users\Bex\AppData\Roaming\Microsoft\Windows\Cookies\Low\bex@xiti[1].txt




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5541

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

19/01/2011 22:04:07
mbam-log-2011-01-19 (22-04-07).txt

Scan type: Quick scan
Objects scanned: 144917
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



As i say, I still have the same problem even though it seems like the final scan with MA did not find anything? What else can I do?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:50 PM

Posted 19 January 2011 - 09:44 PM

Ok it's possible that if you used a flash drive (it is infected) and tranferred it. But I think it is in the router.

First as there are other machines on this router they need to install and update MBAM,DO NOT run yet. You now need to disconnect from the internet. Then scan eacch PC then reset the router.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE.
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

As there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site HERE for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users