Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unfortunately I had to register for HELP! IE redirect


  • This topic is locked This topic is locked
11 replies to this topic

#1 crny1

crny1

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 17 March 2011 - 12:14 PM

Hello all,
I had to register to try and get a redirect out of my computer because I have tried numerous programs to no avail. I even read through a few of the posts regarding this before posting but then thought it might be better to have someone walk me through it. It seems to only redirect when in Internet explorer. I can use Chrome ad the searches work fine.
I know where I got it from (in a download) and I knew better but that is now water under the bridge.....just got to get it fixed. My laptop is a corporate computer and we have a IT team that could fix it if I send it off to them to fix. 1st problem is I know they will figure out where I got it from and will frown on it and also I cant loose my computer for 5 + days sending it to them.
I have full version of AVG and it doesnt find anything although the rootkit scan finds 3 things but cant fix them. Also tried Spy bot search and destroy, Malwarebytes anti malware, HiJackThis, TDSSKiller and none of them are finding it. So with that said I REALLY NEED your help to save my but from our IT team!!
Also the machine is running windows 7 home premium if that makes a difference.
Point me in the right direction and thank you in advance!!!

Wes

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:28 PM

Posted 17 March 2011 - 12:54 PM

Hello Wes .

Please post your MBAM and TDSS logs.

Next run an Online scan...

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 crny1

crny1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 17 March 2011 - 04:40 PM

Here are the log files,

MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6012

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/17/2011 2:05:44 PM
mbam-log-2011-03-17 (14-05-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 328346
Time elapsed: 57 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

TDSSKiller log,

2011/03/17 13:09:06.0168 5092 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/17 13:09:08.0169 5092 ================================================================================
2011/03/17 13:09:08.0169 5092 SystemInfo:
2011/03/17 13:09:08.0170 5092
2011/03/17 13:09:08.0170 5092 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/17 13:09:08.0170 5092 Product type: Workstation
2011/03/17 13:09:08.0170 5092 ComputerName: WESSPARKS-PC
2011/03/17 13:09:08.0170 5092 UserName: Wes Sparks
2011/03/17 13:09:08.0170 5092 Windows directory: C:\windows
2011/03/17 13:09:08.0170 5092 System windows directory: C:\windows



2011/03/17 13:09:08.0170 5092 Running under WOW64
2011/03/17 13:09:08.0170 5092 Processor architecture: Intel x64
2011/03/17 13:09:08.0170 5092 Number of processors: 4
2011/03/17 13:09:08.0170 5092 Page size: 0x1000
2011/03/17 13:09:08.0170 5092 Boot type: Normal boot
2011/03/17 13:09:08.0170 5092 ================================================================================
2011/03/17 13:09:25.0813 5092 Initialize success
2011/03/17 13:09:29.0325 4104 ================================================================================
2011/03/17 13:09:29.0325 4104 Scan started
2011/03/17 13:09:29.0325 4104 Mode: Manual;
2011/03/17 13:09:29.0325 4104 ================================================================================
2011/03/17 13:09:30.0139 4104 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2011/03/17 13:09:30.0332 4104 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2011/03/17 13:09:30.0502 4104 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2011/03/17 13:09:30.0956 4104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/03/17 13:09:31.0315 4104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/03/17 13:09:31.0556 4104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/03/17 13:09:31.0864 4104 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
2011/03/17 13:09:32.0058 4104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2011/03/17 13:09:32.0314 4104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2011/03/17 13:09:32.0495 4104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2011/03/17 13:09:32.0713 4104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/03/17 13:09:32.0927 4104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/03/17 13:09:33.0152 4104 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
2011/03/17 13:09:33.0391 4104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/03/17 13:09:33.0565 4104 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
2011/03/17 13:09:33.0793 4104 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2011/03/17 13:09:34.0173 4104 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/03/17 13:09:34.0360 4104 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/03/17 13:09:34.0545 4104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/03/17 13:09:34.0776 4104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2011/03/17 13:09:35.0065 4104 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\windows\system32\Drivers\avgldx64.sys
2011/03/17 13:09:35.0257 4104 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\windows\system32\Drivers\avgmfx64.sys
2011/03/17 13:09:35.0461 4104 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\windows\system32\Drivers\avgrkx64.sys
2011/03/17 13:09:35.0649 4104 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\windows\system32\Drivers\avgtdia.sys
2011/03/17 13:09:35.0851 4104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/03/17 13:09:36.0056 4104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/03/17 13:09:36.0216 4104 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/03/17 13:09:36.0468 4104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/03/17 13:09:36.0665 4104 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
2011/03/17 13:09:36.0856 4104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/03/17 13:09:37.0015 4104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/03/17 13:09:37.0234 4104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/03/17 13:09:37.0436 4104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/03/17 13:09:37.0644 4104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/03/17 13:09:37.0923 4104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/03/17 13:09:37.0941 4104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/03/17 13:09:38.0105 4104 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\windows\system32\DRIVERS\CAXHWAZL.sys
2011/03/17 13:09:38.0155 4104 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/03/17 13:09:38.0382 4104 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2011/03/17 13:09:38.0584 4104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/03/17 13:09:38.0787 4104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/03/17 13:09:39.0021 4104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/03/17 13:09:39.0084 4104 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2011/03/17 13:09:39.0220 4104 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2011/03/17 13:09:39.0458 4104 CnxtHdAudService (94af76ba5b74518610da47e7181a1d68) C:\windows\system32\drivers\CHDRT64.sys
2011/03/17 13:09:39.0658 4104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/03/17 13:09:39.0825 4104 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/03/17 13:09:40.0054 4104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/03/17 13:09:40.0247 4104 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
2011/03/17 13:09:40.0403 4104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/03/17 13:09:40.0590 4104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/03/17 13:09:40.0840 4104 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/03/17 13:09:41.0065 4104 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
2011/03/17 13:09:41.0460 4104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/03/17 13:09:41.0754 4104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/03/17 13:09:41.0895 4104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2011/03/17 13:09:42.0097 4104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/03/17 13:09:42.0231 4104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/03/17 13:09:42.0409 4104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/03/17 13:09:42.0583 4104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/03/17 13:09:42.0627 4104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/03/17 13:09:42.0768 4104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/03/17 13:09:42.0839 4104 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2011/03/17 13:09:43.0008 4104 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/03/17 13:09:43.0208 4104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/03/17 13:09:43.0370 4104 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\windows\system32\DRIVERS\fvevol.sys
2011/03/17 13:09:43.0495 4104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/03/17 13:09:43.0604 4104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/17 13:09:43.0870 4104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/03/17 13:09:43.0990 4104 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2011/03/17 13:09:44.0087 4104 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/03/17 13:09:44.0244 4104 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
2011/03/17 13:09:44.0300 4104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/03/17 13:09:44.0424 4104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/03/17 13:09:44.0607 4104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/03/17 13:09:44.0799 4104 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2011/03/17 13:09:45.0002 4104 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/03/17 13:09:45.0142 4104 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\windows\system32\DRIVERS\CAX_DPV.sys
2011/03/17 13:09:45.0386 4104 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2011/03/17 13:09:45.0547 4104 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2011/03/17 13:09:45.0725 4104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2011/03/17 13:09:45.0871 4104 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
2011/03/17 13:09:46.0044 4104 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
2011/03/17 13:09:46.0217 4104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/03/17 13:09:46.0287 4104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2011/03/17 13:09:46.0415 4104 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/03/17 13:09:46.0446 4104 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/03/17 13:09:46.0602 4104 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/03/17 13:09:46.0665 4104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/03/17 13:09:46.0821 4104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/03/17 13:09:46.0852 4104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2011/03/17 13:09:46.0908 4104 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2011/03/17 13:09:47.0009 4104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2011/03/17 13:09:47.0066 4104 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2011/03/17 13:09:47.0172 4104 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2011/03/17 13:09:47.0232 4104 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2011/03/17 13:09:47.0353 4104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/03/17 13:09:47.0451 4104 L1C (9c46a5421de9d116c47155317cabb522) C:\windows\system32\DRIVERS\L1C62x64.sys
2011/03/17 13:09:47.0705 4104 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/03/17 13:09:47.0891 4104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/03/17 13:09:47.0922 4104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/03/17 13:09:48.0000 4104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/03/17 13:09:48.0109 4104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/03/17 13:09:48.0250 4104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/03/17 13:09:48.0406 4104 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\windows\system32\DRIVERS\MarvinBus64.sys
2011/03/17 13:09:48.0460 4104 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\windows\system32\DRIVERS\mdmxsdk.sys
2011/03/17 13:09:48.0596 4104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/03/17 13:09:48.0656 4104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/03/17 13:09:48.0797 4104 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/03/17 13:09:48.0918 4104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/03/17 13:09:49.0049 4104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/03/17 13:09:49.0224 4104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/03/17 13:09:49.0337 4104 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2011/03/17 13:09:49.0388 4104 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2011/03/17 13:09:49.0544 4104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/03/17 13:09:49.0575 4104 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2011/03/17 13:09:49.0684 4104 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/03/17 13:09:49.0778 4104 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/03/17 13:09:49.0809 4104 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/03/17 13:09:49.0918 4104 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2011/03/17 13:09:49.0981 4104 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2011/03/17 13:09:50.0084 4104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/03/17 13:09:50.0167 4104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/03/17 13:09:50.0223 4104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2011/03/17 13:09:50.0370 4104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/03/17 13:09:50.0518 4104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/03/17 13:09:50.0589 4104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/03/17 13:09:50.0753 4104 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2011/03/17 13:09:50.0790 4104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2011/03/17 13:09:50.0941 4104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/03/17 13:09:51.0051 4104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/03/17 13:09:51.0098 4104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/03/17 13:09:51.0269 4104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/03/17 13:09:51.0425 4104 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2011/03/17 13:09:51.0550 4104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/03/17 13:09:51.0604 4104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/03/17 13:09:51.0717 4104 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
2011/03/17 13:09:51.0773 4104 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/03/17 13:09:51.0896 4104 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2011/03/17 13:09:52.0051 4104 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\windows\system32\DRIVERS\netaapl64.sys
2011/03/17 13:09:52.0119 4104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/03/17 13:09:52.0212 4104 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2011/03/17 13:09:52.0302 4104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/03/17 13:09:52.0558 4104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/03/17 13:09:52.0683 4104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/03/17 13:09:52.0761 4104 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
2011/03/17 13:09:52.0854 4104 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/03/17 13:09:52.0932 4104 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\windows\system32\drivers\nvhda64v.sys
2011/03/17 13:09:53.0449 4104 nvlddmkm (0433890f7bfc6e781c5fae78c7ff6eb4) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/03/17 13:09:53.0638 4104 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
2011/03/17 13:09:53.0826 4104 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
2011/03/17 13:09:54.0040 4104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2011/03/17 13:09:54.0221 4104 NWADI (783787d3eb1360b0c20fb2b53fe50f5c) C:\windows\system32\DRIVERS\NWADIenum.sys
2011/03/17 13:09:54.0377 4104 O2MDGRDR (a3c51527dfd788880c2ece6e9fb68355) C:\windows\system32\DRIVERS\o2mdgx64.sys
2011/03/17 13:09:54.0455 4104 O2SDGRDR (fa1eed3a10992eba9a39172b50346434) C:\windows\system32\DRIVERS\o2sdgx64.sys
2011/03/17 13:09:54.0611 4104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2011/03/17 13:09:54.0836 4104 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/03/17 13:09:54.0880 4104 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2011/03/17 13:09:55.0021 4104 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2011/03/17 13:09:55.0199 4104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2011/03/17 13:09:55.0310 4104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/03/17 13:09:55.0411 4104 PCTINDIS5X64 (afa669c9ba66ec74bfbdebe5ad428c18) C:\windows\system32\PCTINDIS5X64.SYS
2011/03/17 13:09:55.0584 4104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/03/17 13:09:55.0759 4104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/03/17 13:09:56.0055 4104 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
2011/03/17 13:09:56.0275 4104 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) C:\windows\system32\DRIVERS\pnetmdm64.sys
2011/03/17 13:09:56.0482 4104 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2011/03/17 13:09:56.0625 4104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/03/17 13:09:56.0830 4104 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2011/03/17 13:09:57.0036 4104 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
2011/03/17 13:09:57.0254 4104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/03/17 13:09:57.0441 4104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/03/17 13:09:57.0581 4104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/03/17 13:09:57.0613 4104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/03/17 13:09:57.0766 4104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/03/17 13:09:57.0886 4104 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/03/17 13:09:58.0035 4104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/03/17 13:09:58.0266 4104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/03/17 13:09:58.0547 4104 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2011/03/17 13:09:58.0745 4104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/03/17 13:09:58.0948 4104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/03/17 13:09:59.0166 4104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/03/17 13:09:59.0338 4104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/03/17 13:09:59.0428 4104 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2011/03/17 13:09:59.0545 4104 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2011/03/17 13:09:59.0728 4104 RimUsb (71700b4c5797da5412e9250e26894586) C:\windows\system32\Drivers\RimUsb_AMD64.sys
2011/03/17 13:09:59.0990 4104 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/03/17 13:10:00.0140 4104 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
2011/03/17 13:10:00.0299 4104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/03/17 13:10:00.0424 4104 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/03/17 13:10:00.0642 4104 SaiK0836 (24099c3d4ec943f875bf29f75987a3a6) C:\windows\system32\DRIVERS\SaiK0836.sys
2011/03/17 13:10:00.0814 4104 SaiMini (4209e2925f65bc7c991da5f85cc502ae) C:\windows\system32\DRIVERS\SaiMini.sys
2011/03/17 13:10:01.0035 4104 SaiNtBus (3c9c363459acfdad1442c0614ceaec53) C:\windows\system32\drivers\SaiBus.sys
2011/03/17 13:10:01.0149 4104 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2011/03/17 13:10:01.0348 4104 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\windows\system32\drivers\SCDEmu.sys
2011/03/17 13:10:01.0405 4104 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2011/03/17 13:10:01.0591 4104 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
2011/03/17 13:10:01.0810 4104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/03/17 13:10:02.0024 4104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/03/17 13:10:02.0227 4104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/03/17 13:10:02.0398 4104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/03/17 13:10:02.0596 4104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
2011/03/17 13:10:02.0761 4104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/03/17 13:10:02.0951 4104 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/03/17 13:10:03.0162 4104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/03/17 13:10:03.0363 4104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/03/17 13:10:03.0578 4104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/03/17 13:10:03.0812 4104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/03/17 13:10:04.0027 4104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/03/17 13:10:04.0231 4104 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\windows\system32\DRIVERS\srv.sys
2011/03/17 13:10:04.0408 4104 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\windows\system32\DRIVERS\srv2.sys
2011/03/17 13:10:04.0600 4104 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
2011/03/17 13:10:04.0806 4104 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
2011/03/17 13:10:04.0942 4104 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
2011/03/17 13:10:05.0088 4104 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\windows\system32\DRIVERS\srvnet.sys
2011/03/17 13:10:05.0275 4104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/03/17 13:10:05.0493 4104 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
2011/03/17 13:10:05.0702 4104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2011/03/17 13:10:05.0984 4104 swmsflt (d49a1942b3e55e9c20da553a9ea95519) C:\windows\System32\drivers\swmsflt.sys
2011/03/17 13:10:06.0219 4104 swmx00 (46394d236ec92f79f5cc6c4319143b25) C:\windows\system32\DRIVERS\swmx00.sys
2011/03/17 13:10:06.0395 4104 SWNC5E00 (b6aa5a7c8bfee6a5ba9a6c485bb4ce72) C:\windows\system32\DRIVERS\SWNC5E00.sys
2011/03/17 13:10:06.0594 4104 SynTP (ecb9097c86db32bf3940590e0e1792c3) C:\windows\system32\DRIVERS\SynTP.sys
2011/03/17 13:10:07.0000 4104 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
2011/03/17 13:10:07.0320 4104 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
2011/03/17 13:10:07.0469 4104 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2011/03/17 13:10:07.0673 4104 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/03/17 13:10:07.0751 4104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/03/17 13:10:07.0940 4104 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/03/17 13:10:08.0086 4104 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2011/03/17 13:10:08.0257 4104 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2011/03/17 13:10:08.0476 4104 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
2011/03/17 13:10:08.0600 4104 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
2011/03/17 13:10:08.0833 4104 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
2011/03/17 13:10:09.0006 4104 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/03/17 13:10:09.0200 4104 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2011/03/17 13:10:09.0296 4104 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/03/17 13:10:09.0407 4104 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/03/17 13:10:09.0481 4104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/03/17 13:10:09.0552 4104 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
2011/03/17 13:10:09.0624 4104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/03/17 13:10:09.0702 4104 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2011/03/17 13:10:09.0764 4104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/03/17 13:10:09.0920 4104 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys
2011/03/17 13:10:09.0983 4104 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
2011/03/17 13:10:10.0123 4104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2011/03/17 13:10:10.0187 4104 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
2011/03/17 13:10:10.0280 4104 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
2011/03/17 13:10:10.0366 4104 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
2011/03/17 13:10:10.0471 4104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/03/17 13:10:10.0570 4104 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
2011/03/17 13:10:10.0619 4104 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/03/17 13:10:10.0800 4104 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
2011/03/17 13:10:10.0990 4104 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys
2011/03/17 13:10:11.0162 4104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/03/17 13:10:11.0349 4104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/03/17 13:10:11.0443 4104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/03/17 13:10:11.0521 4104 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2011/03/17 13:10:11.0692 4104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2011/03/17 13:10:11.0770 4104 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2011/03/17 13:10:11.0929 4104 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2011/03/17 13:10:12.0091 4104 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2011/03/17 13:10:12.0254 4104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/03/17 13:10:12.0431 4104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/03/17 13:10:12.0597 4104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/03/17 13:10:12.0793 4104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/03/17 13:10:12.0918 4104 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/17 13:10:12.0981 4104 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/17 13:10:13.0168 4104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/03/17 13:10:13.0340 4104 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
2011/03/17 13:10:13.0594 4104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/03/17 13:10:13.0825 4104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/03/17 13:10:13.0849 4104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/03/17 13:10:14.0045 4104 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\windows\system32\DRIVERS\CAX_CNXT.sys
2011/03/17 13:10:14.0237 4104 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
2011/03/17 13:10:14.0316 4104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/03/17 13:10:14.0519 4104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/03/17 13:10:14.0706 4104 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2011/03/17 13:10:14.0882 4104 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/03/17 13:10:15.0133 4104 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\windows\system32\DRIVERS\XAudio64.sys
2011/03/17 13:10:15.0794 4104 ================================================================================
2011/03/17 13:10:15.0794 4104 Scan finished
2011/03/17 13:10:15.0794 4104 ================================================================================

ESET Log


C:\Users\Wes Sparks\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5bb7d9e3-44385428 multiple threats deleted - quarantined
C:\Users\Wes Sparks\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-5bc1c6ce multiple threats deleted - quarantined


Here are the logs requested.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:28 PM

Posted 17 March 2011 - 05:58 PM

Hi, did the redirects stop?

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:Thanks to our quietman4
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 crny1

crny1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 18 March 2011 - 09:46 AM

Ok, I did everything listed above and the redirect is still there! I just dont get it!!

And its odd that it only effects IE and not Chrome or fire fox.

#6 crny1

crny1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 18 March 2011 - 10:07 AM

Here is the URL that it loads every time it starts its redirect. It starts with this address but then changes to what ever page it wants you to see.

http://www.rgaoehtoinng.com

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:28 PM

Posted 18 March 2011 - 10:24 AM

Your router is hijacked by trojan DNS-hijacker.

  • Please read this: Malware Silently Alters Wireless Router Settings

  • Then reset your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that open Internet Explorer and type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.
{Credit farbar}
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 crny1

crny1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 18 March 2011 - 11:33 AM

Well thats not it either. I use a cradle point router with a sprint air card for internet connection. I just reset to factory settings and reset everything and I still get the redirect in IE. I even updated the router while I was at it due to a available update. next suggestion?

#9 crny1

crny1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 18 March 2011 - 11:36 AM

And the password I used this time is 26 characters long and a combination of letters and numbers......not a name or word in the password.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:28 PM

Posted 18 March 2011 - 12:54 PM

Ok, well at least now they can't infect it.. But it appears we have a protected malware.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 crny1

crny1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 19 March 2011 - 03:50 PM

Done what you asked and results posted to other topic

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 19 March 2011 - 04:21 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users