Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google or yahoo search being redirected . Need help


  • Please log in to reply
9 replies to this topic

#1 starshine123

starshine123

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 March 2011 - 09:13 AM

Hi everybody,knew this forum after using hijack this.Need some help cos I think to have some malware in my computer. Everytime I search something with google or yahoo then when I click on the links , I ve been redirected to other sites that i dont know nothing about it.
I have an Hijackthis log but dont know if this is the right place to post it.
Thanks

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,776 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:30 PM

Posted 08 March 2011 - 01:47 PM

HijackThis logs are not permitted in this forum. Further, HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Therefore, it is limited in its ability to detect infection and generate a report outside these known hiding places and its log may not always reveal all the malware on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, OTL and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.

The Malware Response Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. Referrals are made to the Virus, Trojan, Spyware, and Malware Removal Logs forum if we cannot assist you here and we need to use more powerful tools or you don't mind waiting.

If you do not mind waiting and want someone to check your system thoroughly, then please follow the directions in the the "Preparation Guide". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log. Start a new topic, give it a relevant title and post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

If you want to try disinfection in this forum first, continue as follows:

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Step 7 instructs you to scan your computer using Malwarebytes Anti-Malware. Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 starshine123

starshine123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 09 March 2011 - 08:03 AM

Hi , thanks for your prompt reply. I have followed your instructions and scan with TDSSkiller , then reboot and
it seems that has solved the problem! Now I m not redirected again after google search.

I post here the TDSSkiller file log:


2011/03/09 12:28:37.0328 1096 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/09 12:28:39.0343 1096 ================================================================================
2011/03/09 12:28:39.0343 1096 SystemInfo:
2011/03/09 12:28:39.0343 1096
2011/03/09 12:28:39.0343 1096 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/09 12:28:39.0343 1096 Product type: Workstation
2011/03/09 12:28:39.0343 1096 ComputerName: PORTATILE
2011/03/09 12:28:39.0343 1096 UserName: Sergio
2011/03/09 12:28:39.0343 1096 Windows directory: C:\WINDOWS
2011/03/09 12:28:39.0343 1096 System windows directory: C:\WINDOWS
2011/03/09 12:28:39.0343 1096 Processor architecture: Intel x86
2011/03/09 12:28:39.0343 1096 Number of processors: 1
2011/03/09 12:28:39.0343 1096 Page size: 0x1000
2011/03/09 12:28:39.0343 1096 Boot type: Normal boot
2011/03/09 12:28:39.0343 1096 ================================================================================
2011/03/09 12:28:40.0531 1096 Initialize success
2011/03/09 12:31:06.0218 2420 ================================================================================
2011/03/09 12:31:06.0218 2420 Scan started
2011/03/09 12:31:06.0218 2420 Mode: Manual;
2011/03/09 12:31:06.0218 2420 ================================================================================
2011/03/09 12:31:23.0031 2420 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/03/09 12:31:24.0937 2420 ACPI (ad825cb3397c837d1fb91d566d78de04) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/09 12:31:25.0718 2420 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/09 12:31:27.0437 2420 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/03/09 12:31:28.0750 2420 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/03/09 12:31:29.0343 2420 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/03/09 12:31:29.0578 2420 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/03/09 12:31:30.0046 2420 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/03/09 12:31:30.0484 2420 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/09 12:31:30.0859 2420 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/09 12:31:31.0187 2420 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/03/09 12:31:31.0578 2420 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/09 12:31:31.0890 2420 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/09 12:31:32.0203 2420 ati2mtag (375eac7da270da658501ee766f960201) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/09 12:31:32.0656 2420 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/09 12:31:32.0937 2420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/09 12:31:33.0171 2420 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/03/09 12:31:33.0375 2420 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/03/09 12:31:33.0859 2420 BCM43XX (185a6dc6d655dc31c0b228cc94fb99ac) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/03/09 12:31:34.0781 2420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/09 12:31:35.0140 2420 btaudio (74ef010b27a2bf44dd5649dd331899a0) C:\WINDOWS\system32\drivers\btaudio.sys
2011/03/09 12:31:35.0671 2420 BTDriver (3c7c61c3d0b0f87136ad925ca624dc1c) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/03/09 12:31:35.0937 2420 BTKRNL (515617cc36e7c5bee744b3c62affb4f5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/03/09 12:31:36.0625 2420 BTWDNDIS (2ccd954aac705aaa98ad7e545bd44efe) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/03/09 12:31:36.0781 2420 btwhid (af60e6ffef11cc9653d5edc0b238893b) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/03/09 12:31:36.0890 2420 btwmodem (a1da2b09932f7ba210174695644f1490) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/03/09 12:31:37.0203 2420 BTWUSB (dceffeeae5672e57dd1343236fbb5763) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/03/09 12:31:37.0546 2420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/09 12:31:37.0718 2420 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/09 12:31:37.0937 2420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/09 12:31:38.0625 2420 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/09 12:31:38.0843 2420 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/09 12:31:39.0375 2420 ClntMgmt.sys (573da08641afc8d940e0431945867906) C:\WINDOWS\System32\Drivers\ClntMgmt.sys
2011/03/09 12:31:39.0531 2420 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/09 12:31:39.0750 2420 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/09 12:31:40.0218 2420 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/09 12:31:40.0734 2420 dmboot (6570b4c952f0d8fee4c6ef2ff5e10c08) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/09 12:31:41.0453 2420 dmio (c57d35621782c7f40770f3e5ca20a182) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/09 12:31:41.0640 2420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/09 12:31:41.0843 2420 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/09 12:31:42.0093 2420 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/09 12:31:42.0484 2420 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/09 12:31:42.0593 2420 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/09 12:31:42.0703 2420 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/03/09 12:31:42.0812 2420 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
2011/03/09 12:31:43.0078 2420 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/09 12:31:43.0593 2420 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/09 12:31:43.0734 2420 Fips (333fbbc71bdcbb46c58a3b51b3d51184) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/09 12:31:43.0890 2420 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/09 12:31:44.0078 2420 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/09 12:31:44.0234 2420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/09 12:31:44.0421 2420 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/09 12:31:45.0078 2420 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/09 12:31:45.0203 2420 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/09 12:31:45.0359 2420 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
2011/03/09 12:31:45.0734 2420 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/09 12:31:46.0109 2420 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/09 12:31:46.0265 2420 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/09 12:31:46.0640 2420 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/09 12:31:46.0875 2420 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/09 12:31:47.0718 2420 i8042prt (30e64dfa4efaacc8142ea07766181fb4) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/09 12:31:47.0875 2420 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/09 12:31:48.0468 2420 IntelIde (7c15b34147134381421d7044479a1d73) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/09 12:31:49.0453 2420 intelppm (e875951709126f96c1f535168ab8e6d6) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/09 12:31:50.0296 2420 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/09 12:31:50.0453 2420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/09 12:31:50.0625 2420 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/09 12:31:50.0765 2420 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/09 12:31:50.0984 2420 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/09 12:31:51.0171 2420 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/03/09 12:31:51.0484 2420 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/09 12:31:51.0671 2420 isapnp (ea3245a8e8758d6b84de189a5caaa75e) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/09 12:31:51.0906 2420 Kbdclass (e883ae6ea0b313e659225aa32e449ce9) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/09 12:31:52.0171 2420 kbdhid (24f4d51e89822c349044c28be255c8a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/09 12:31:52.0468 2420 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2011/03/09 12:31:52.0609 2420 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2011/03/09 12:31:52.0750 2420 KLFLTDEV (73eb94ad1c85b4a3c5a8b4d879f668b9) C:\WINDOWS\system32\DRIVERS\klfltdev.sys
2011/03/09 12:31:53.0312 2420 klif (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/03/09 12:31:54.0171 2420 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/03/09 12:31:54.0296 2420 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/03/09 12:31:54.0421 2420 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/09 12:31:54.0765 2420 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/09 12:31:55.0218 2420 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2011/03/09 12:31:55.0328 2420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/09 12:31:55.0468 2420 Modem (b30d2db351e3191bd71232036cfe711a) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/09 12:31:55.0843 2420 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/03/09 12:31:56.0296 2420 Mouclass (c458e314b8722253897c94a714c2e0c0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/09 12:31:56.0515 2420 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/09 12:31:56.0812 2420 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/09 12:31:57.0125 2420 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/09 12:31:57.0500 2420 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/09 12:31:57.0953 2420 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/03/09 12:31:58.0203 2420 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/09 12:31:58.0421 2420 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/09 12:31:58.0718 2420 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/09 12:31:59.0234 2420 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/09 12:32:00.0625 2420 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/09 12:32:01.0593 2420 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/09 12:32:02.0625 2420 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/09 12:32:03.0781 2420 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/09 12:32:05.0750 2420 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/09 12:32:06.0531 2420 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/09 12:32:06.0750 2420 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/09 12:32:07.0140 2420 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/09 12:32:07.0546 2420 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/09 12:32:07.0828 2420 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/09 12:32:08.0234 2420 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/09 12:32:08.0656 2420 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/09 12:32:08.0921 2420 NETMDUSB (55621d89ce500092cb3f136bed3c2854) C:\WINDOWS\system32\Drivers\NETMD052.sys
2011/03/09 12:32:09.0281 2420 NetworkX (9474486fc0e85906cdf42fe3f6e81ceb) C:\WINDOWS\system32\ckldrv.sys
2011/03/09 12:32:09.0453 2420 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/09 12:32:09.0875 2420 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/09 12:32:10.0437 2420 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/09 12:32:10.0875 2420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/09 12:32:11.0296 2420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/09 12:32:11.0437 2420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/09 12:32:11.0609 2420 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/09 12:32:12.0140 2420 Parport (3490ead0612bfd0e7c1b864ee24e6a4a) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/09 12:32:12.0453 2420 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/09 12:32:12.0609 2420 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/09 12:32:13.0015 2420 PCI (91fc1d483d900b1c0600a08b871c39d5) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/09 12:32:13.0937 2420 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/09 12:32:14.0375 2420 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
2011/03/09 12:32:14.0625 2420 Pcmcia (28f3538a2091993a03506311a05053e8) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/09 12:32:14.0812 2420 Pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/03/09 12:32:15.0703 2420 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/09 12:32:15.0875 2420 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/09 12:32:16.0203 2420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/09 12:32:16.0687 2420 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/09 12:32:16.0984 2420 RasAcd (cff3a747e35d7e05a4032a90f67949bb) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/09 12:32:17.0093 2420 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: cff3a747e35d7e05a4032a90f67949bb, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
2011/03/09 12:32:17.0093 2420 RasAcd - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/03/09 12:32:17.0234 2420 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/03/09 12:32:17.0750 2420 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/09 12:32:17.0953 2420 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/09 12:32:18.0140 2420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/09 12:32:18.0406 2420 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/09 12:32:18.0890 2420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/09 12:32:19.0125 2420 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/09 12:32:19.0343 2420 redbook (a8eee004a16af1d583d9de9f6de250e0) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/09 12:32:19.0500 2420 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/09 12:32:20.0062 2420 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/09 12:32:20.0203 2420 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/09 12:32:20.0359 2420 Serial (dbab3260e7eb3398cb87267d1410fad4) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/09 12:32:20.0531 2420 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/09 12:32:20.0859 2420 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/09 12:32:21.0500 2420 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/03/09 12:32:21.0796 2420 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/09 12:32:22.0515 2420 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
2011/03/09 12:32:22.0890 2420 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/09 12:32:23.0328 2420 sr (896f566afc498077172eae8a50e8baf8) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/09 12:32:23.0625 2420 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/09 12:32:24.0062 2420 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/09 12:32:24.0484 2420 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/03/09 12:32:24.0875 2420 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/03/09 12:32:25.0031 2420 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/03/09 12:32:25.0234 2420 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/09 12:32:25.0515 2420 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/03/09 12:32:25.0890 2420 StillCam (a95d6f47807301fcc940896b9eb45408) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/03/09 12:32:26.0140 2420 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/09 12:32:26.0515 2420 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/09 12:32:26.0906 2420 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/09 12:32:27.0281 2420 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/09 12:32:27.0640 2420 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/09 12:32:28.0046 2420 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/03/09 12:32:28.0234 2420 Tcpip (583e063fdc888ca30d05c2724b0d7ef4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/09 12:32:29.0187 2420 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/09 12:32:29.0500 2420 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/09 12:32:29.0640 2420 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/09 12:32:29.0921 2420 tfsnboio (2aceb9567639ff2db9d862104a80227a) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/09 12:32:30.0078 2420 tfsncofs (d9f936eac2a6d55e3de87bedff8137a9) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/09 12:32:30.0250 2420 tfsndrct (0fd9805bc047ada2cff540d4b7fa71fb) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/09 12:32:30.0343 2420 tfsndres (8abfdfae82b9389eca21220df8a4b136) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/09 12:32:30.0468 2420 tfsnifs (fb11349b31346290d098941f0216cc45) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/09 12:32:31.0015 2420 tfsnopio (1994265f3a90e23a9434bba687f1a069) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/09 12:32:31.0093 2420 tfsnpool (0b3d2bd550aa63bfd25ae8c5afbf7f76) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/09 12:32:31.0218 2420 tfsnudf (716edddba259a2d699332df95301edda) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/09 12:32:31.0312 2420 tfsnudfa (a8ee7bbdd0b8c01e38221d0dca2e7aaa) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/09 12:32:31.0546 2420 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
2011/03/09 12:32:31.0703 2420 TSP (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\drivers\klif.sys
2011/03/09 12:32:31.0765 2420 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/09 12:32:31.0968 2420 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/09 12:32:32.0078 2420 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/09 12:32:32.0203 2420 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/09 12:32:32.0296 2420 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/09 12:32:32.0390 2420 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/09 12:32:32.0437 2420 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/09 12:32:32.0593 2420 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/09 12:32:32.0718 2420 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/09 12:32:32.0843 2420 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/09 12:32:33.0296 2420 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/09 12:32:33.0515 2420 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/09 12:32:33.0812 2420 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/09 12:32:34.0031 2420 VolSnap (698869e82c57169f2140c04a272bf12b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/09 12:32:34.0750 2420 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/03/09 12:32:36.0453 2420 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/09 12:32:37.0640 2420 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/03/09 12:32:40.0125 2420 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/09 12:32:41.0937 2420 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/09 12:32:42.0578 2420 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/09 12:32:42.0687 2420 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/09 12:32:43.0484 2420 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/09 12:32:44.0000 2420 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/09 12:32:44.0515 2420 ================================================================================
2011/03/09 12:32:44.0515 2420 Scan finished
2011/03/09 12:32:44.0515 2420 ================================================================================
2011/03/09 12:32:44.0546 4516 Detected object count: 1
2011/03/09 12:34:11.0078 4516 RasAcd (cff3a747e35d7e05a4032a90f67949bb) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/09 12:34:11.0078 4516 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: cff3a747e35d7e05a4032a90f67949bb, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
2011/03/09 12:34:20.0781 4516 Backup copy found, using it..
2011/03/09 12:34:21.0140 4516 C:\WINDOWS\system32\DRIVERS\rasacd.sys - will be cured after reboot
2011/03/09 12:34:21.0140 4516 Rootkit.Win32.TDSS.tdl3(RasAcd) - User select action: Cure
2011/03/09 12:34:29.0500 0932 Deinitialize success


And this is MALWAREBYTES log file:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 5997

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

09/03/2011 12.53.29
mbam-log-2011-03-09 (12-53-29).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 165539
Tempo trascorso: 5 minuti, 29 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,776 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:30 PM

Posted 09 March 2011 - 08:14 AM

This is the pertinent section of the log which indicates a TDSS rootkit infection. The forged file was identified and will be cured after reboot.

2011/03/09 12:32:44.0546 4516 Detected object count: 1
2011/03/09 12:34:11.0078 4516 RasAcd (cff3a747e35d7e05a4032a90f67949bb) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/09 12:34:11.0078 4516 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: cff3a747e35d7e05a4032a90f67949bb, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
2011/03/09 12:34:20.0781 4516 Backup copy found, using it..
2011/03/09 12:34:21.0140 4516 C:\WINDOWS\system32\DRIVERS\rasacd.sys - will be cured after reboot
2011/03/09 12:34:21.0140 4516 Rootkit.Win32.TDSS.tdl3(RasAcd) - User select action: Cure

To learn more about this infection please refer to:Please reboot if you have not done so already. Rerun TDSSKiller again and post the new log to confirm the infection was cured.

Please perform a scan with SUPERAntiSpyware Online Safe Scan.
  • Be sure to follow the instructions provided on that same page.
  • When the scan is complete, please post the results in your next reply.
Note: If the link for the online scan opens to the Home Page, scroll down to the list of Popular links and click on the one for SUPERAntiSpyware Online Safe Scan.

-- If you encounter any problems using the online scan, try downloading and using the SUPERAntiSpyware Portable Scanner instead.
  • Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer.
  • Then double-click on it to launch and scan.
  • The file is randomly named to help keep malware from blocking the scanner.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 starshine123

starshine123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 11 March 2011 - 02:54 AM

This is the new TDSSkiller log file

2011/03/10 18:44:20.0453 1336 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/10 18:44:21.0453 1336 ================================================================================
2011/03/10 18:44:21.0453 1336 SystemInfo:
2011/03/10 18:44:21.0453 1336
2011/03/10 18:44:21.0453 1336 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/10 18:44:21.0453 1336 Product type: Workstation
2011/03/10 18:44:21.0453 1336 ComputerName: PORTATILE
2011/03/10 18:44:21.0453 1336 UserName: Sergio
2011/03/10 18:44:21.0453 1336 Windows directory: C:\WINDOWS
2011/03/10 18:44:21.0453 1336 System windows directory: C:\WINDOWS
2011/03/10 18:44:21.0453 1336 Processor architecture: Intel x86
2011/03/10 18:44:21.0453 1336 Number of processors: 1
2011/03/10 18:44:21.0453 1336 Page size: 0x1000
2011/03/10 18:44:21.0453 1336 Boot type: Normal boot
2011/03/10 18:44:21.0453 1336 ================================================================================
2011/03/10 18:44:24.0031 1336 Initialize success
2011/03/10 18:44:31.0359 2032 ================================================================================
2011/03/10 18:44:31.0359 2032 Scan started
2011/03/10 18:44:31.0359 2032 Mode: Manual;
2011/03/10 18:44:31.0359 2032 ================================================================================
2011/03/10 18:44:42.0281 2032 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/03/10 18:44:42.0453 2032 ACPI (ad825cb3397c837d1fb91d566d78de04) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/10 18:44:42.0593 2032 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/10 18:44:42.0750 2032 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/03/10 18:44:42.0937 2032 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/03/10 18:44:43.0062 2032 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/03/10 18:44:43.0218 2032 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/03/10 18:44:43.0359 2032 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/03/10 18:44:43.0718 2032 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/10 18:44:43.0906 2032 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/10 18:44:44.0140 2032 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/03/10 18:44:44.0281 2032 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/10 18:44:44.0453 2032 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/10 18:44:44.0625 2032 ati2mtag (375eac7da270da658501ee766f960201) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/10 18:44:44.0906 2032 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/10 18:44:45.0046 2032 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/10 18:44:45.0218 2032 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/03/10 18:44:45.0328 2032 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/03/10 18:44:45.0437 2032 BCM43XX (185a6dc6d655dc31c0b228cc94fb99ac) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/03/10 18:44:45.0531 2032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/10 18:44:45.0718 2032 btaudio (74ef010b27a2bf44dd5649dd331899a0) C:\WINDOWS\system32\drivers\btaudio.sys
2011/03/10 18:44:45.0828 2032 BTDriver (3c7c61c3d0b0f87136ad925ca624dc1c) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/03/10 18:44:45.0953 2032 BTKRNL (515617cc36e7c5bee744b3c62affb4f5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/03/10 18:44:46.0234 2032 BTWDNDIS (2ccd954aac705aaa98ad7e545bd44efe) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/03/10 18:44:46.0328 2032 btwhid (af60e6ffef11cc9653d5edc0b238893b) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/03/10 18:44:46.0421 2032 btwmodem (a1da2b09932f7ba210174695644f1490) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/03/10 18:44:46.0515 2032 BTWUSB (dceffeeae5672e57dd1343236fbb5763) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/03/10 18:44:46.0671 2032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/10 18:44:46.0812 2032 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/10 18:44:46.0937 2032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/10 18:44:47.0093 2032 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/10 18:44:47.0234 2032 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/10 18:44:47.0421 2032 ClntMgmt.sys (573da08641afc8d940e0431945867906) C:\WINDOWS\System32\Drivers\ClntMgmt.sys
2011/03/10 18:44:47.0515 2032 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/10 18:44:47.0687 2032 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/10 18:44:47.0906 2032 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/10 18:44:48.0093 2032 dmboot (6570b4c952f0d8fee4c6ef2ff5e10c08) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/10 18:44:48.0406 2032 dmio (c57d35621782c7f40770f3e5ca20a182) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/10 18:44:48.0578 2032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/10 18:44:48.0734 2032 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/10 18:44:48.0843 2032 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/10 18:44:48.0937 2032 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/10 18:44:49.0046 2032 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/10 18:44:49.0156 2032 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/03/10 18:44:49.0265 2032 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
2011/03/10 18:44:49.0375 2032 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/10 18:44:49.0796 2032 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/10 18:44:49.0937 2032 Fips (333fbbc71bdcbb46c58a3b51b3d51184) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/10 18:44:50.0078 2032 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/10 18:44:50.0203 2032 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/10 18:44:50.0343 2032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/10 18:44:50.0609 2032 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/10 18:44:50.0796 2032 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/10 18:44:50.0843 2032 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/10 18:44:51.0015 2032 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
2011/03/10 18:44:51.0140 2032 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/10 18:44:51.0296 2032 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/10 18:44:51.0406 2032 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/10 18:44:51.0484 2032 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/10 18:44:51.0703 2032 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/10 18:44:51.0875 2032 i8042prt (30e64dfa4efaacc8142ea07766181fb4) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/10 18:44:51.0984 2032 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/10 18:44:52.0187 2032 IntelIde (7c15b34147134381421d7044479a1d73) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/10 18:44:52.0296 2032 intelppm (e875951709126f96c1f535168ab8e6d6) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/10 18:44:52.0421 2032 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/10 18:44:52.0546 2032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/10 18:44:52.0687 2032 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/10 18:44:52.0828 2032 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/10 18:44:52.0937 2032 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/10 18:44:53.0093 2032 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/03/10 18:44:53.0218 2032 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/10 18:44:53.0390 2032 isapnp (ea3245a8e8758d6b84de189a5caaa75e) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/10 18:44:53.0484 2032 Kbdclass (e883ae6ea0b313e659225aa32e449ce9) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/10 18:44:53.0578 2032 kbdhid (24f4d51e89822c349044c28be255c8a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/10 18:44:53.0828 2032 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2011/03/10 18:44:53.0906 2032 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2011/03/10 18:44:53.0984 2032 KLFLTDEV (73eb94ad1c85b4a3c5a8b4d879f668b9) C:\WINDOWS\system32\DRIVERS\klfltdev.sys
2011/03/10 18:44:54.0078 2032 klif (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/03/10 18:44:54.0265 2032 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/03/10 18:44:54.0343 2032 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/03/10 18:44:54.0421 2032 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/10 18:44:54.0734 2032 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/10 18:44:55.0015 2032 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2011/03/10 18:44:55.0078 2032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/10 18:44:55.0234 2032 Modem (b30d2db351e3191bd71232036cfe711a) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/10 18:44:55.0421 2032 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/03/10 18:44:55.0515 2032 Mouclass (c458e314b8722253897c94a714c2e0c0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/10 18:44:55.0703 2032 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/10 18:44:55.0937 2032 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/10 18:44:56.0281 2032 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/10 18:44:56.0640 2032 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/10 18:44:56.0906 2032 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/03/10 18:44:57.0109 2032 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/10 18:44:57.0406 2032 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/10 18:44:58.0359 2032 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/10 18:44:58.0828 2032 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/10 18:44:59.0296 2032 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/10 18:45:00.0312 2032 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/10 18:45:01.0375 2032 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/10 18:45:02.0500 2032 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/10 18:45:02.0984 2032 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/10 18:45:03.0125 2032 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/10 18:45:03.0281 2032 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/10 18:45:03.0500 2032 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/10 18:45:03.0781 2032 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/10 18:45:04.0062 2032 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/10 18:45:04.0328 2032 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/10 18:45:04.0562 2032 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/10 18:45:04.0828 2032 NETMDUSB (55621d89ce500092cb3f136bed3c2854) C:\WINDOWS\system32\Drivers\NETMD052.sys
2011/03/10 18:45:05.0062 2032 NetworkX (9474486fc0e85906cdf42fe3f6e81ceb) C:\WINDOWS\system32\ckldrv.sys
2011/03/10 18:45:05.0328 2032 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/10 18:45:05.0515 2032 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/10 18:45:05.0671 2032 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/10 18:45:05.0859 2032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/10 18:45:05.0984 2032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/10 18:45:06.0125 2032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/10 18:45:06.0250 2032 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/10 18:45:06.0437 2032 Parport (3490ead0612bfd0e7c1b864ee24e6a4a) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/10 18:45:06.0609 2032 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/10 18:45:07.0015 2032 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/10 18:45:07.0203 2032 PCI (91fc1d483d900b1c0600a08b871c39d5) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/10 18:45:07.0421 2032 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/10 18:45:07.0578 2032 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
2011/03/10 18:45:07.0656 2032 Pcmcia (28f3538a2091993a03506311a05053e8) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/10 18:45:07.0828 2032 Pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/03/10 18:45:08.0062 2032 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/10 18:45:08.0203 2032 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/10 18:45:08.0375 2032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/10 18:45:08.0531 2032 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/10 18:45:08.0687 2032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/10 18:45:08.0843 2032 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/03/10 18:45:08.0968 2032 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/10 18:45:09.0109 2032 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/10 18:45:09.0234 2032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/10 18:45:09.0375 2032 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/10 18:45:09.0500 2032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/10 18:45:09.0687 2032 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/10 18:45:09.0984 2032 redbook (a8eee004a16af1d583d9de9f6de250e0) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/10 18:45:10.0203 2032 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/10 18:45:10.0375 2032 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/10 18:45:10.0515 2032 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/10 18:45:10.0656 2032 Serial (dbab3260e7eb3398cb87267d1410fad4) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/10 18:45:10.0828 2032 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/10 18:45:11.0093 2032 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/10 18:45:11.0218 2032 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/03/10 18:45:11.0437 2032 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/10 18:45:11.0578 2032 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
2011/03/10 18:45:11.0703 2032 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/10 18:45:11.0812 2032 sr (896f566afc498077172eae8a50e8baf8) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/10 18:45:12.0015 2032 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/10 18:45:12.0187 2032 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/10 18:45:12.0312 2032 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/03/10 18:45:12.0531 2032 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/03/10 18:45:12.0578 2032 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/03/10 18:45:12.0625 2032 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/10 18:45:12.0734 2032 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/03/10 18:45:12.0828 2032 StillCam (a95d6f47807301fcc940896b9eb45408) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/03/10 18:45:12.0921 2032 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/10 18:45:13.0031 2032 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/10 18:45:13.0218 2032 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/10 18:45:13.0437 2032 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/10 18:45:13.0609 2032 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/10 18:45:13.0734 2032 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/03/10 18:45:13.0828 2032 Tcpip (583e063fdc888ca30d05c2724b0d7ef4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/10 18:45:13.0937 2032 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/10 18:45:14.0062 2032 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/10 18:45:14.0218 2032 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/10 18:45:14.0421 2032 tfsnboio (2aceb9567639ff2db9d862104a80227a) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/10 18:45:14.0500 2032 tfsncofs (d9f936eac2a6d55e3de87bedff8137a9) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/10 18:45:14.0593 2032 tfsndrct (0fd9805bc047ada2cff540d4b7fa71fb) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/10 18:45:14.0718 2032 tfsndres (8abfdfae82b9389eca21220df8a4b136) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/10 18:45:14.0796 2032 tfsnifs (fb11349b31346290d098941f0216cc45) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/10 18:45:14.0875 2032 tfsnopio (1994265f3a90e23a9434bba687f1a069) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/10 18:45:14.0953 2032 tfsnpool (0b3d2bd550aa63bfd25ae8c5afbf7f76) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/10 18:45:15.0031 2032 tfsnudf (716edddba259a2d699332df95301edda) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/10 18:45:15.0140 2032 tfsnudfa (a8ee7bbdd0b8c01e38221d0dca2e7aaa) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/10 18:45:15.0265 2032 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
2011/03/10 18:45:15.0531 2032 TSP (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\drivers\klif.sys
2011/03/10 18:45:15.0593 2032 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/10 18:45:15.0671 2032 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/10 18:45:15.0750 2032 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/10 18:45:15.0812 2032 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/10 18:45:15.0953 2032 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/10 18:45:16.0078 2032 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/10 18:45:16.0218 2032 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/10 18:45:16.0359 2032 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/10 18:45:16.0468 2032 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/10 18:45:16.0593 2032 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/10 18:45:16.0609 2032 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/10 18:45:16.0734 2032 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/10 18:45:16.0781 2032 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/10 18:45:16.0828 2032 VolSnap (698869e82c57169f2140c04a272bf12b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/10 18:45:17.0062 2032 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/03/10 18:45:17.0328 2032 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/10 18:45:17.0437 2032 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/03/10 18:45:17.0593 2032 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/10 18:45:17.0734 2032 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/10 18:45:17.0796 2032 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/10 18:45:17.0843 2032 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/10 18:45:18.0109 2032 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/10 18:45:18.0234 2032 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/10 18:45:18.0515 2032 ================================================================================
2011/03/10 18:45:18.0515 2032 Scan finished
2011/03/10 18:45:18.0515 2032 ================================================================================
2011/03/10 18:45:27.0609 2920 Deinitialize success

Edited by starshine123, 11 March 2011 - 05:26 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,776 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:30 PM

Posted 11 March 2011 - 07:27 AM

Please continue with the SUPERAntiSpyware Online Safe Scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 starshine123

starshine123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 11 March 2011 - 07:59 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/11/2011 at 01:17 PM

Application Version : 4.49.1000

Core Rules Database Version : 6553
Trace Rules Database Version: 4365

Scan type : Complete Scan
Total Scan Time : 01:50:34

Memory items scanned : 575
Memory threats detected : 0
Registry items scanned : 8996
Registry threats detected : 0
File items scanned : 25703
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\Sergio\Cookies\sergio@invitemedia[1].txt
C:\Documents and Settings\Sergio\Cookies\sergio@doubleclick[1].txt
C:\Documents and Settings\Sergio\Cookies\sergio@content.yieldmanager[1].txt
C:\Documents and Settings\Sergio\Cookies\sergio@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Sergio\Cookies\sergio@collective-media[2].txt
C:\Documents and Settings\Sergio\Cookies\sergio@ad.yieldmanager[2].txt
C:\Documents and Settings\Sergio\Cookies\sergio@serving-sys[1].txt

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,776 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:30 PM

Posted 11 March 2011 - 08:13 AM

How is your computer running now? Are there any more signs of infection?...strange audio ads, unwanted pop-ups, security alerts, or browser redirects?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 starshine123

starshine123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 11 March 2011 - 03:13 PM

After TDSS killer scan and reboot,now the computer is running well , no more browser redirects finally!!

Thanks for your support and help!

All the best

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,776 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:30 PM

Posted 11 March 2011 - 03:18 PM

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users