Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Numerous Issues from Multiple Attacks


  • Please log in to reply
3 replies to this topic

#1 UglyZombie

UglyZombie

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 22 February 2011 - 01:44 AM

Hello,

This is my first time posting to this board, as I feel I'm completely out of options. I recently ran into a pretty malicious attack, and I've used about every reasonable method available to try and rid my self of it. After 13 hours of using detection programs, safe mode, re-installs, uninstalls, etc - I'm at my wits end. I have numerous annoying symptoms, and I've not been able to clean it out entirely. This is my last bastion of hope. Here's a brief:

Symptoms:

System slow down
Google searches being redirected to advertisements
Microsoft Windows Update connections blocked
Every 1 hour, I get a system host fail / windows solution popup
A "fast browser search" tool bar that will not go away, and cannot be removed
I bought a 1 year license to Ad-Aware in hopes for resolution. Ad-Aware keeps notifying me that it's blocking a connection from various IP addresses through svchost.exe

I'm gone from Malware Bytes to Ad-Aware. Ad-Aware did indeed find numerous issues and cleaned them out. However, the symptoms remain, and I fear that the problem is slowly spiraling out of control again. My system is taking major performance hits. Even as I type this, it's slowing down here and there to a crawl, and I'm barely able to type.

If anyone out there can provide any assistance, I would be most grateful.

I'm running Windows Vista 32bit.

Thanks,

Noah

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:47 AM

Posted 22 February 2011 - 09:40 AM

mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products). Ad-Aware has even been placed into the Installers Hall of Shame for bundling and pre-checking Google Chrome during the installation. Also read Lavasoft Turning to the Dark Side? written by a former volunteer (now a MVP) who provided support for Ad-Aware but no longer uses the program.


Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Step 7 instructs you to scan your computer using Malwarebytes Anti-Malware. Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 UglyZombie

UglyZombie
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 22 February 2011 - 11:32 PM

First off, I would like to sincerely thank you for taking your time and providing the helpful information above! I've done the steps you listed above. Here are the logs provided:

Kaspersky TDSS Killer:

2011/02/22 18:32:54.0371 3892 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/22 18:32:54.0382 3892 ================================================================================
2011/02/22 18:32:54.0382 3892 SystemInfo:
2011/02/22 18:32:54.0382 3892
2011/02/22 18:32:54.0382 3892 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/22 18:32:54.0382 3892 Product type: Workstation
2011/02/22 18:32:54.0382 3892 ComputerName: HADES
2011/02/22 18:32:54.0382 3892 UserName: Umbrae
2011/02/22 18:32:54.0382 3892 Windows directory: C:\Windows
2011/02/22 18:32:54.0382 3892 System windows directory: C:\Windows
2011/02/22 18:32:54.0382 3892 Processor architecture: Intel x86
2011/02/22 18:32:54.0382 3892 Number of processors: 2
2011/02/22 18:32:54.0382 3892 Page size: 0x1000
2011/02/22 18:32:54.0382 3892 Boot type: Normal boot
2011/02/22 18:32:54.0382 3892 ================================================================================
2011/02/22 18:32:54.0661 3892 Initialize success
2011/02/22 18:32:58.0178 3824 ================================================================================
2011/02/22 18:32:58.0178 3824 Scan started
2011/02/22 18:32:58.0178 3824 Mode: Manual;
2011/02/22 18:32:58.0178 3824 ================================================================================
2011/02/22 18:32:59.0473 3824 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/22 18:32:59.0745 3824 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/22 18:32:59.0862 3824 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/22 18:32:59.0931 3824 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/22 18:33:00.0415 3824 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/22 18:33:00.0816 3824 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/22 18:33:00.0865 3824 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/02/22 18:33:00.0905 3824 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/22 18:33:00.0945 3824 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/22 18:33:01.0250 3824 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/22 18:33:01.0470 3824 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/22 18:33:01.0512 3824 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/22 18:33:01.0552 3824 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/22 18:33:01.0602 3824 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/22 18:33:01.0639 3824 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/22 18:33:01.0724 3824 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/22 18:33:01.0784 3824 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/22 18:33:01.0842 3824 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
2011/02/22 18:33:01.0961 3824 BCMH43XX (86027e0b68af21e7b8f34d26a8715fc8) C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
2011/02/22 18:33:02.0430 3824 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/22 18:33:02.0635 3824 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/22 18:33:02.0669 3824 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/22 18:33:02.0699 3824 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/22 18:33:02.0761 3824 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/22 18:33:02.0785 3824 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/22 18:33:02.0814 3824 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/22 18:33:02.0873 3824 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/22 18:33:02.0916 3824 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/22 18:33:02.0972 3824 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/22 18:33:03.0390 3824 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/22 18:33:03.0496 3824 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/22 18:33:03.0546 3824 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\Windows\system32\DRIVERS\cledx.sys
2011/02/22 18:33:03.0628 3824 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/22 18:33:03.0716 3824 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/22 18:33:03.0807 3824 COMMONFX (03f56bc37574158cb0170847366dda51) C:\Windows\system32\drivers\COMMONFX.SYS
2011/02/22 18:33:03.0846 3824 COMMONFX.SYS (03f56bc37574158cb0170847366dda51) C:\Windows\System32\drivers\COMMONFX.SYS
2011/02/22 18:33:04.0309 3824 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/02/22 18:33:04.0690 3824 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/02/22 18:33:04.0810 3824 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/22 18:33:04.0858 3824 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/22 18:33:05.0183 3824 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/02/22 18:33:05.0550 3824 CT20XUT (533e4378f35812b816e0dce29301df0b) C:\Windows\system32\drivers\CT20XUT.SYS
2011/02/22 18:33:05.0625 3824 CT20XUT.SYS (533e4378f35812b816e0dce29301df0b) C:\Windows\System32\drivers\CT20XUT.SYS
2011/02/22 18:33:05.0677 3824 ctac32k (d3351e400994fc7bad1d419f71d11783) C:\Windows\system32\drivers\ctac32k.sys
2011/02/22 18:33:05.0736 3824 ctaud2k (44ba002a2b546827e15ba70985b5d548) C:\Windows\system32\drivers\ctaud2k.sys
2011/02/22 18:33:05.0813 3824 CTAUDFX (800bc63085473d89f0b2b71f57db53ee) C:\Windows\system32\drivers\CTAUDFX.SYS
2011/02/22 18:33:06.0014 3824 CTAUDFX.SYS (800bc63085473d89f0b2b71f57db53ee) C:\Windows\System32\drivers\CTAUDFX.SYS
2011/02/22 18:33:06.0362 3824 CTEAPSFX (d196c42a67f08148202168c68a9f1db0) C:\Windows\system32\drivers\CTEAPSFX.SYS
2011/02/22 18:33:06.0728 3824 CTEAPSFX.SYS (d196c42a67f08148202168c68a9f1db0) C:\Windows\System32\drivers\CTEAPSFX.SYS
2011/02/22 18:33:06.0898 3824 CTEDSPFX (2bf904a5ddb1c5b4360c6578ce55ff7a) C:\Windows\system32\drivers\CTEDSPFX.SYS
2011/02/22 18:33:07.0165 3824 CTEDSPFX.SYS (2bf904a5ddb1c5b4360c6578ce55ff7a) C:\Windows\System32\drivers\CTEDSPFX.SYS
2011/02/22 18:33:07.0248 3824 CTEDSPIO (c970bf995ba4ff88f3d84ff86788c77a) C:\Windows\system32\drivers\CTEDSPIO.SYS
2011/02/22 18:33:07.0513 3824 CTEDSPIO.SYS (c970bf995ba4ff88f3d84ff86788c77a) C:\Windows\System32\drivers\CTEDSPIO.SYS
2011/02/22 18:33:07.0648 3824 CTEDSPSY (4b9f25f9ec8650b863931c6f9db8129d) C:\Windows\system32\drivers\CTEDSPSY.SYS
2011/02/22 18:33:08.0597 3824 CTEDSPSY.SYS (4b9f25f9ec8650b863931c6f9db8129d) C:\Windows\System32\drivers\CTEDSPSY.SYS
2011/02/22 18:33:09.0004 3824 CTERFXFX (7704603e320eaeca739b8f5fac28fc77) C:\Windows\system32\drivers\CTERFXFX.SYS
2011/02/22 18:33:09.0412 3824 CTERFXFX.SYS (7704603e320eaeca739b8f5fac28fc77) C:\Windows\System32\drivers\CTERFXFX.SYS
2011/02/22 18:33:09.0662 3824 CTEXFIFX (9679883f725a09e91e785f6470d195fb) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/02/22 18:33:09.0737 3824 CTEXFIFX.SYS (9679883f725a09e91e785f6470d195fb) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/02/22 18:33:09.0827 3824 CTHWIUT (032cc81c4b051b6c5fd7c87764711064) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/02/22 18:33:09.0876 3824 CTHWIUT.SYS (032cc81c4b051b6c5fd7c87764711064) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/02/22 18:33:09.0903 3824 ctprxy2k (731317ec684a113125896e8be4f2a7c7) C:\Windows\system32\drivers\ctprxy2k.sys
2011/02/22 18:33:09.0965 3824 CTSBLFX (402311cde19e17015d58d4a1e6a59062) C:\Windows\system32\drivers\CTSBLFX.SYS
2011/02/22 18:33:10.0256 3824 CTSBLFX.SYS (402311cde19e17015d58d4a1e6a59062) C:\Windows\System32\drivers\CTSBLFX.SYS
2011/02/22 18:33:10.0797 3824 ctsfm2k (009d247e58f36c4fbd2b23fdc1d766d8) C:\Windows\system32\drivers\ctsfm2k.sys
2011/02/22 18:33:11.0095 3824 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/22 18:33:11.0284 3824 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/22 18:33:11.0338 3824 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/02/22 18:33:11.0478 3824 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/02/22 18:33:11.0540 3824 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/02/22 18:33:11.0617 3824 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/22 18:33:11.0850 3824 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/22 18:33:11.0955 3824 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/22 18:33:12.0006 3824 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/22 18:33:12.0044 3824 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/22 18:33:12.0184 3824 emupia (c27193a799a8e567dc5a037424562479) C:\Windows\system32\drivers\emupia2k.sys
2011/02/22 18:33:12.0226 3824 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\Windows\system32\DRIVERS\ENTECH.sys
2011/02/22 18:33:12.0325 3824 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/22 18:33:12.0433 3824 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/22 18:33:12.0486 3824 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/22 18:33:12.0529 3824 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/22 18:33:12.0565 3824 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/22 18:33:12.0611 3824 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/22 18:33:12.0673 3824 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/22 18:33:12.0768 3824 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/22 18:33:12.0833 3824 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/22 18:33:12.0870 3824 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/02/22 18:33:13.0053 3824 ha10kx2k (136eba16c8a10226757d103db5ffe66a) C:\Windows\system32\drivers\ha10kx2k.sys
2011/02/22 18:33:13.0228 3824 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/02/22 18:33:13.0561 3824 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/22 18:33:13.0901 3824 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/22 18:33:14.0099 3824 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/22 18:33:14.0447 3824 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/22 18:33:14.0568 3824 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/22 18:33:14.0656 3824 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/22 18:33:14.0689 3824 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/22 18:33:14.0794 3824 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/22 18:33:14.0837 3824 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/22 18:33:14.0891 3824 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/22 18:33:14.0931 3824 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/02/22 18:33:14.0956 3824 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/22 18:33:15.0165 3824 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/22 18:33:15.0371 3824 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/22 18:33:15.0464 3824 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/22 18:33:15.0582 3824 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/22 18:33:15.0623 3824 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/22 18:33:15.0725 3824 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/22 18:33:15.0756 3824 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/22 18:33:15.0791 3824 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/22 18:33:15.0825 3824 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/22 18:33:15.0864 3824 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/22 18:33:15.0968 3824 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/22 18:33:16.0040 3824 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/02/22 18:33:16.0111 3824 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/22 18:33:16.0223 3824 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/02/22 18:33:16.0400 3824 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/02/22 18:33:16.0539 3824 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/02/22 18:33:16.0601 3824 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/22 18:33:16.0647 3824 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/22 18:33:16.0687 3824 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/22 18:33:16.0784 3824 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/22 18:33:16.0870 3824 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
2011/02/22 18:33:16.0901 3824 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/22 18:33:16.0963 3824 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/22 18:33:17.0005 3824 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/22 18:33:17.0065 3824 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/22 18:33:17.0126 3824 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/22 18:33:17.0192 3824 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/22 18:33:17.0243 3824 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/22 18:33:17.0292 3824 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/22 18:33:17.0341 3824 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/22 18:33:17.0655 3824 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/22 18:33:17.0772 3824 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/22 18:33:17.0838 3824 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/22 18:33:17.0903 3824 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/22 18:33:17.0983 3824 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/22 18:33:18.0063 3824 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/22 18:33:18.0116 3824 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/22 18:33:18.0163 3824 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/22 18:33:18.0220 3824 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/22 18:33:18.0289 3824 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/22 18:33:18.0325 3824 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/22 18:33:18.0382 3824 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/22 18:33:18.0459 3824 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/22 18:33:18.0560 3824 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/22 18:33:18.0606 3824 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/02/22 18:33:18.0653 3824 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/22 18:33:18.0798 3824 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/22 18:33:18.0868 3824 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/22 18:33:18.0945 3824 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/22 18:33:19.0009 3824 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/22 18:33:19.0114 3824 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/22 18:33:19.0215 3824 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/22 18:33:19.0261 3824 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/22 18:33:19.0346 3824 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/22 18:33:19.0423 3824 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/22 18:33:19.0588 3824 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\DRIVERS\npf.sys
2011/02/22 18:33:19.0672 3824 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/22 18:33:19.0744 3824 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/22 18:33:19.0786 3824 Nsynas32 (4b4a21e158c039ee0888741bfe1d24e0) C:\Windows\system32\drivers\Nsynas32.sys
2011/02/22 18:33:20.0130 3824 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/22 18:33:20.0284 3824 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/22 18:33:20.0331 3824 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/22 18:33:20.0426 3824 NVENETFD (74c825c573aa6e115590d94e7bf86901) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/02/22 18:33:21.0896 3824 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/22 18:33:22.0088 3824 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/02/22 18:33:22.0153 3824 nvstor32 (a1ce1a6fd74c046f029448fcfa5e386d) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/02/22 18:33:22.0211 3824 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/22 18:33:22.0562 3824 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/22 18:33:22.0682 3824 ossrv (2da4ec415b4d309b59b19e29f277ef3f) C:\Windows\system32\drivers\ctoss2k.sys
2011/02/22 18:33:22.0767 3824 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/02/22 18:33:22.0857 3824 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/22 18:33:22.0891 3824 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/02/22 18:33:23.0051 3824 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/22 18:33:23.0110 3824 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/02/22 18:33:23.0177 3824 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/22 18:33:23.0523 3824 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/22 18:33:23.0646 3824 pfc (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
2011/02/22 18:33:23.0812 3824 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\Windows\system32\DRIVERS\LV561AV.SYS
2011/02/22 18:33:23.0952 3824 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/22 18:33:24.0015 3824 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/22 18:33:24.0093 3824 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/22 18:33:24.0148 3824 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/22 18:33:24.0223 3824 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/22 18:33:24.0294 3824 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/22 18:33:24.0404 3824 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/22 18:33:24.0452 3824 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/22 18:33:24.0567 3824 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/22 18:33:24.0614 3824 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/22 18:33:24.0678 3824 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/22 18:33:24.0714 3824 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/22 18:33:24.0808 3824 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/02/22 18:33:24.0845 3824 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/22 18:33:24.0918 3824 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/22 18:33:25.0051 3824 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2011/02/22 18:33:25.0192 3824 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/22 18:33:25.0260 3824 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/22 18:33:25.0329 3824 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\Windows\system32\drivers\SBREdrv.sys
2011/02/22 18:33:25.0400 3824 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
2011/02/22 18:33:25.0457 3824 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/22 18:33:25.0505 3824 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/22 18:33:25.0528 3824 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/02/22 18:33:25.0601 3824 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/22 18:33:25.0693 3824 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/02/22 18:33:25.0728 3824 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/22 18:33:25.0758 3824 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/22 18:33:25.0812 3824 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/22 18:33:25.0883 3824 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/02/22 18:33:25.0964 3824 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/22 18:33:26.0055 3824 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/22 18:33:26.0155 3824 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/22 18:33:26.0214 3824 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/22 18:33:26.0337 3824 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/02/22 18:33:26.0516 3824 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/22 18:33:26.0597 3824 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/22 18:33:26.0711 3824 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/22 18:33:26.0770 3824 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/22 18:33:26.0821 3824 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/22 18:33:26.0844 3824 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/22 18:33:26.0870 3824 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/22 18:33:27.0171 3824 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/22 18:33:27.0246 3824 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/22 18:33:27.0384 3824 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/22 18:33:27.0463 3824 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/22 18:33:27.0510 3824 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/22 18:33:27.0622 3824 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/22 18:33:27.0700 3824 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/22 18:33:27.0812 3824 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/22 18:33:27.0877 3824 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/22 18:33:27.0938 3824 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/22 18:33:28.0007 3824 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/22 18:33:28.0144 3824 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/22 18:33:28.0215 3824 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/22 18:33:28.0264 3824 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/22 18:33:28.0345 3824 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/22 18:33:28.0402 3824 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/22 18:33:28.0439 3824 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/22 18:33:28.0510 3824 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/22 18:33:28.0613 3824 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/02/22 18:33:28.0642 3824 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/22 18:33:28.0688 3824 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/22 18:33:28.0729 3824 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/22 18:33:28.0813 3824 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/22 18:33:28.0845 3824 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/22 18:33:28.0890 3824 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/02/22 18:33:28.0972 3824 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/22 18:33:29.0016 3824 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/22 18:33:29.0124 3824 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/02/22 18:33:29.0313 3824 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/22 18:33:29.0359 3824 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/22 18:33:29.0390 3824 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/22 18:33:29.0422 3824 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/22 18:33:29.0465 3824 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/02/22 18:33:29.0515 3824 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/22 18:33:29.0646 3824 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/22 18:33:29.0727 3824 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/22 18:33:29.0773 3824 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/22 18:33:29.0854 3824 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/22 18:33:29.0909 3824 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 18:33:29.0921 3824 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 18:33:30.0078 3824 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/22 18:33:30.0150 3824 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/22 18:33:30.0265 3824 WIBUKEY (09ebc00530cc3493df55219d0da5e03a) C:\Windows\system32\DRIVERS\Wibukey.sys
2011/02/22 18:33:30.0385 3824 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/22 18:33:30.0588 3824 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/22 18:33:30.0671 3824 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/22 18:33:30.0715 3824 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/02/22 18:33:30.0815 3824 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/22 18:33:30.0912 3824 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/22 18:33:30.0916 3824 ================================================================================
2011/02/22 18:33:30.0916 3824 Scan finished
2011/02/22 18:33:30.0916 3824 ================================================================================
2011/02/22 18:33:30.0928 1064 Detected object count: 1
2011/02/22 18:33:43.0383 1064 \HardDisk0 - will be cured after reboot
2011/02/22 18:33:43.0383 1064 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/22 18:33:57.0741 0444 Deinitialize success

Malwarebytes Quick Scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5848

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2/22/2011 7:53:42 PM
mbam-log-2011-02-22 (19-53-42).txt

Scan type: Quick scan
Objects scanned: 184338
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The TDSS Killer seems to have removed a rootkit that was causing the problem with google redirecting, as well as blocking Windows update. I'm not seeing performance issues anymore either. I'll give it an evening of use and see if any other problems arise. I'm a bit on edge, being as my computer has been kicking my butt for five days. Let me know if there's anything more I should do, or any other precautions to take.

Thanks again,

Noah

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:47 AM

Posted 23 February 2011 - 12:54 PM

This is the pertinent section of the log which indicates a TDSS rootkit infected the Master Boot Record (MBR) and that it will be cured after reboot.

2011/02/22 18:33:30.0912 3824 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/22 18:33:30.0916 3824 ================================================================================
2011/02/22 18:33:30.0916 3824 Scan finished
2011/02/22 18:33:30.0916 3824 ================================================================================
2011/02/22 18:33:30.0928 1064 Detected object count: 1
2011/02/22 18:33:43.0383 1064 \HardDisk0 - will be cured after reboot
2011/02/22 18:33:43.0383 1064 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

This particular malware alters the MBR of the system drive to ensure persistent execution of malicious code. Essentially, it overwrites the MBR of the hard disk with its own code and stores a copy of the original MBR at another sector using rootkit techniques to hide itself. For more specific analysis and explanation of the infection, please refer to:Please reboot if you have not done so already. Rerun TDSSKiller again and post the new log to confirm the infection was cured.

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image
  • Check Remove found threats
  • Click Advanced settings, then check Scan potentially unwanted applications and Enable Anti-Stealth technology.
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users