Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Audio and Search Engine Redirect


  • Please log in to reply
15 replies to this topic

#1 DR91075

DR91075

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 05 May 2011 - 04:12 PM

Hello! Recently, my laptop has begun to play what sounds like commercials randomly. Also, when performing a search with Google, Yahoo, or any other search engine, my browser is redirected when I click on a search result. I had AVG, but it found and stopped nothing. Therefore, I installed Vipre and ran a deep scan. Several Trojans and a few BHOs were found and quarantined. Unfortunately, this didn't cure the bahavior.

I am running Vista x32. I would appreciate any advice or instruction.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:22 AM

Posted 05 May 2011 - 07:01 PM

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Step 7 instructs you to scan your computer using Malwarebytes Anti-Malware. Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware as you may need to rename it or use RKill by Grinler.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 DR91075

DR91075
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 06 May 2011 - 11:38 AM

Thank you for responding, Quietman. I really appreciate your help.

I was not able to run TDSSKiller. I tried everything, including downloading on another computer and renaming. When running as administrator or double-clicking, nothing would happen. The user interface never even appeared. I did run MBAM and have included the log.

I neglected to mention a few things that might be helpful. In addition to the redirecting and random commercials, I am also getting constant script errors. It appears that this infection is attempting to open web pages in the background and the script is being blocked.

Also, before finding this forum, I ran an MBAM scan. I have included the log from that scan as well. After quarantining, the symptoms seemed to fade, but only for a short time as they soon returned.

Previous MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6515

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/5/2011 11:29:07 AM
mbam-log-2011-05-05 (11-29-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 318193
Time elapsed: 1 hour(s), 7 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{418D86BE-7386-4F1A-83E0-53604ADBDA74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D41F3A83-68F0-3198-78BA-4ACE22487449} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BD8ED641-E4DF-7F3A-7FBA-4F95AA1B8002} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{F08A7C05-52FB-042C-9D62-45576C3DB2D8} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ILoveThisAdPlatform.ILoveThisAdPlatform.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D41F3A83-68F0-3198-78BA-4ACE22487449} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D41F3A83-68F0-3198-78BA-4ACE22487449} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ILoveThisAdPlatform.DLL (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ILoveThisAdPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PerformanceAdSystem (Adware.YouWontFindBetterDeals) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Seekdns (PUP.Zwangi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ILoveThisAdPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PerformanceAdSystem (Adware.YouWontFindBetterDeals) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekdns (PUP.Zwangi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Seekdns Service (PUP.Zwangi) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\Seekdns (PUP.Zwangi) -> Quarantined and deleted successfully.
c:\program files\ilovethisadplatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
c:\program files\Seekdns (PUP.Zwangi) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\ilovethisadplatform\performanceadsystem.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
c:\program files\ilovethisadplatform\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.



Current MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6515

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/6/2011 9:53:02 AM
mbam-log-2011-05-06 (09-53-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 317725
Time elapsed: 1 hour(s), 6 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Symptoms still persist. Once again, thank you very much for your help.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:22 AM

Posted 06 May 2011 - 03:21 PM

Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • When the 'Setup page' appears, click Next, check the box 'I accept the license agreement' and click Next twice more to begin extracting the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan and one for Manual disinfection.
  • Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen. Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected and if they were successfully removed in your next reply. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 DR91075

DR91075
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 07 May 2011 - 03:06 PM

Here is the log you asked for. Looks like it found some big ones. :) It took several attempts to get Kaspersky to actually run, but eventually got there.

Autoscan: stopped 8 minutes ago (events: 6, objects: 513396, time: 02:59:17)
5/7/2011 11:55:48 AM Task started
5/7/2011 2:44:08 PM Detected Virus MEM:Rootkit.Win32.Sst.a High Exact File Unknown application
5/7/2011 2:50:37 PM Cannot be backed up Virus MEM:Rootkit.Win32.Sst.a High Exact File Unknown application
5/7/2011 2:51:41 PM Detected Virus Virus.Win32.TDSS.e High Exact File C:\Windows\System32\drivers\ volsnap.sys
5/7/2011 2:54:43 PM Detected Virus MEM:Rootkit.Win32.Sst.a High Exact File System Memory System Memory
5/7/2011 2:55:05 PM Task stopped
Disinfect active threats: completed 5 minutes ago (events: 4, objects: 4275, time: 00:02:27)
5/7/2011 2:55:05 PM Task started
5/7/2011 2:55:05 PM Detected Virus MEM:Rootkit.Win32.Sst.a High Exact File System Memory System Memory
5/7/2011 2:56:06 PM Detected Virus Virus.Win32.TDSS.e High Exact File c:\Windows\System32\drivers\ volsnap.sys
5/7/2011 2:57:32 PM Task completed

Edited by DR91075, 07 May 2011 - 03:12 PM.


#6 DR91075

DR91075
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 07 May 2011 - 03:19 PM

After scanning with Kaperski, I was finally able to run the TDSSKiller. Here is the log:

2011/05/07 15:13:12.0249 0156 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/07 15:13:14.0261 0156 ================================================================================
2011/05/07 15:13:14.0261 0156 SystemInfo:
2011/05/07 15:13:14.0261 0156
2011/05/07 15:13:14.0261 0156 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/07 15:13:14.0261 0156 Product type: Workstation
2011/05/07 15:13:14.0261 0156 ComputerName: SLICK-PC
2011/05/07 15:13:14.0261 0156 UserName: slick
2011/05/07 15:13:14.0261 0156 Windows directory: C:\Windows
2011/05/07 15:13:14.0261 0156 System windows directory: C:\Windows
2011/05/07 15:13:14.0261 0156 Processor architecture: Intel x86
2011/05/07 15:13:14.0261 0156 Number of processors: 2
2011/05/07 15:13:14.0261 0156 Page size: 0x1000
2011/05/07 15:13:14.0261 0156 Boot type: Normal boot
2011/05/07 15:13:14.0261 0156 ================================================================================
2011/05/07 15:13:14.0917 0156 Initialize success
2011/05/07 15:13:23.0075 3184 ================================================================================
2011/05/07 15:13:23.0075 3184 Scan started
2011/05/07 15:13:23.0075 3184 Mode: Manual;
2011/05/07 15:13:23.0075 3184 ================================================================================
2011/05/07 15:13:25.0088 3184 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/07 15:13:25.0259 3184 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/05/07 15:13:25.0337 3184 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/07 15:13:25.0415 3184 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/07 15:13:25.0493 3184 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/07 15:13:25.0540 3184 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/07 15:13:25.0634 3184 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/07 15:13:25.0790 3184 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/07 15:13:27.0615 3184 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/07 15:13:28.0161 3184 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/07 15:13:28.0691 3184 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/07 15:13:29.0081 3184 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/07 15:13:29.0581 3184 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/07 15:13:30.0033 3184 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/07 15:13:30.0329 3184 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/07 15:13:30.0407 3184 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/07 15:13:30.0454 3184 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/07 15:13:30.0563 3184 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/07 15:13:30.0626 3184 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/05/07 15:13:30.0782 3184 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/05/07 15:13:31.0749 3184 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/07 15:13:32.0045 3184 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/07 15:13:32.0279 3184 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/07 15:13:32.0763 3184 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/07 15:13:33.0325 3184 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/07 15:13:33.0871 3184 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/07 15:13:34.0448 3184 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/07 15:13:34.0916 3184 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/07 15:13:35.0836 3184 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/07 15:13:36.0523 3184 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/07 15:13:37.0786 3184 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/07 15:13:38.0629 3184 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/07 15:13:39.0705 3184 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/07 15:13:40.0345 3184 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/07 15:13:41.0312 3184 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/07 15:13:41.0686 3184 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/07 15:13:42.0731 3184 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/07 15:13:43.0839 3184 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/07 15:13:45.0259 3184 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/07 15:13:46.0226 3184 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/07 15:13:46.0678 3184 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/07 15:13:46.0834 3184 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/07 15:13:47.0318 3184 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/07 15:13:47.0926 3184 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/07 15:13:48.0394 3184 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/07 15:13:48.0613 3184 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/07 15:13:49.0034 3184 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/07 15:13:49.0517 3184 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/07 15:13:49.0720 3184 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/07 15:13:50.0095 3184 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/07 15:13:50.0173 3184 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/07 15:13:50.0266 3184 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/07 15:13:50.0422 3184 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/07 15:13:50.0485 3184 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/07 15:13:50.0578 3184 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/07 15:13:50.0719 3184 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/07 15:13:50.0875 3184 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/07 15:13:50.0984 3184 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/07 15:13:51.0031 3184 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/07 15:13:51.0140 3184 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/07 15:13:51.0233 3184 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/07 15:13:51.0296 3184 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/07 15:13:51.0358 3184 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/07 15:13:51.0499 3184 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/07 15:13:51.0561 3184 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/07 15:13:51.0639 3184 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/07 15:13:51.0748 3184 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/07 15:13:51.0935 3184 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/05/07 15:13:52.0060 3184 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/07 15:13:52.0154 3184 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/07 15:13:52.0216 3184 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/07 15:13:52.0591 3184 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/07 15:13:53.0246 3184 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/07 15:13:53.0917 3184 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/05/07 15:13:54.0634 3184 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/07 15:13:55.0383 3184 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/07 15:13:55.0570 3184 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/07 15:13:55.0711 3184 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/07 15:13:55.0867 3184 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/07 15:13:55.0976 3184 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/05/07 15:13:56.0163 3184 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/07 15:13:56.0366 3184 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/07 15:13:56.0444 3184 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/07 15:13:56.0506 3184 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/07 15:13:56.0553 3184 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/07 15:13:56.0787 3184 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/07 15:13:57.0177 3184 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/05/07 15:13:57.0302 3184 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/07 15:13:57.0505 3184 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/07 15:13:57.0614 3184 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/07 15:13:57.0661 3184 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/07 15:13:57.0707 3184 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/07 15:13:57.0863 3184 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/07 15:13:58.0409 3184 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/07 15:13:59.0751 3184 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/07 15:14:00.0827 3184 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/07 15:14:01.0888 3184 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/07 15:14:03.0074 3184 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/07 15:14:03.0729 3184 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/07 15:14:04.0197 3184 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/07 15:14:04.0696 3184 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/07 15:14:05.0367 3184 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/07 15:14:06.0287 3184 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/07 15:14:06.0755 3184 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/07 15:14:08.0440 3184 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/07 15:14:08.0893 3184 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/07 15:14:09.0626 3184 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/07 15:14:10.0172 3184 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/05/07 15:14:10.0780 3184 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/07 15:14:11.0357 3184 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/07 15:14:12.0527 3184 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/07 15:14:13.0385 3184 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/07 15:14:13.0994 3184 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/07 15:14:14.0587 3184 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/07 15:14:15.0819 3184 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/07 15:14:16.0209 3184 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/07 15:14:16.0303 3184 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/07 15:14:16.0396 3184 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/07 15:14:16.0505 3184 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/07 15:14:16.0599 3184 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/07 15:14:16.0739 3184 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/07 15:14:16.0786 3184 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/07 15:14:16.0849 3184 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/07 15:14:17.0114 3184 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/07 15:14:17.0769 3184 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/07 15:14:18.0627 3184 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/07 15:14:19.0189 3184 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/07 15:14:19.0953 3184 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/07 15:14:20.0671 3184 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/05/07 15:14:21.0560 3184 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/07 15:14:21.0934 3184 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/07 15:14:22.0589 3184 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/07 15:14:22.0870 3184 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
2011/05/07 15:14:23.0416 3184 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/07 15:14:23.0557 3184 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/07 15:14:23.0713 3184 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/07 15:14:23.0744 3184 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/07 15:14:23.0853 3184 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/07 15:14:24.0009 3184 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/07 15:14:24.0103 3184 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/07 15:14:24.0181 3184 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/07 15:14:24.0227 3184 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/07 15:14:24.0321 3184 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/07 15:14:24.0352 3184 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/07 15:14:24.0399 3184 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/07 15:14:24.0617 3184 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/07 15:14:25.0319 3184 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/07 15:14:25.0444 3184 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/07 15:14:25.0553 3184 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/07 15:14:25.0600 3184 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/05/07 15:14:25.0663 3184 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/05/07 15:14:25.0709 3184 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/05/07 15:14:25.0897 3184 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
2011/05/07 15:14:26.0692 3184 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/07 15:14:27.0394 3184 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/07 15:14:27.0613 3184 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/07 15:14:27.0769 3184 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/07 15:14:28.0143 3184 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/07 15:14:28.0424 3184 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/07 15:14:28.0517 3184 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/07 15:14:28.0580 3184 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/07 15:14:28.0642 3184 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/07 15:14:28.0767 3184 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/07 15:14:28.0861 3184 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/07 15:14:28.0954 3184 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/07 15:14:29.0438 3184 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/07 15:14:29.0547 3184 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/07 15:14:30.0202 3184 sbapifs (3b4ebacc205fb7dc10ee83b78b9f6c95) C:\Windows\system32\DRIVERS\sbapifs.sys
2011/05/07 15:14:30.0670 3184 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/07 15:14:31.0123 3184 SBRE (684f807bf0a5db29ecd158b3428da20c) C:\Windows\system32\drivers\SBREdrv.sys
2011/05/07 15:14:31.0247 3184 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
2011/05/07 15:14:31.0419 3184 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/07 15:14:31.0513 3184 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/07 15:14:31.0559 3184 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/07 15:14:31.0606 3184 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/07 15:14:31.0700 3184 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/07 15:14:31.0793 3184 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/07 15:14:31.0856 3184 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/07 15:14:31.0887 3184 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/07 15:14:31.0934 3184 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/07 15:14:32.0043 3184 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/07 15:14:32.0090 3184 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/07 15:14:32.0137 3184 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/07 15:14:32.0277 3184 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/07 15:14:32.0371 3184 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/07 15:14:32.0480 3184 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/05/07 15:14:32.0589 3184 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/07 15:14:32.0667 3184 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/07 15:14:32.0839 3184 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/07 15:14:32.0885 3184 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/07 15:14:32.0932 3184 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/07 15:14:32.0995 3184 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/07 15:14:33.0041 3184 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/07 15:14:33.0322 3184 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/05/07 15:14:33.0775 3184 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/07 15:14:34.0165 3184 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/07 15:14:34.0243 3184 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/07 15:14:34.0305 3184 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/07 15:14:34.0352 3184 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/07 15:14:34.0445 3184 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/07 15:14:34.0633 3184 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/07 15:14:34.0695 3184 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/07 15:14:34.0757 3184 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/07 15:14:34.0835 3184 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/07 15:14:34.0882 3184 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/05/07 15:14:34.0960 3184 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/07 15:14:35.0116 3184 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/07 15:14:35.0147 3184 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/07 15:14:35.0194 3184 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/07 15:14:35.0257 3184 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/07 15:14:35.0303 3184 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/07 15:14:35.0366 3184 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/07 15:14:35.0444 3184 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/05/07 15:14:35.0522 3184 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/07 15:14:35.0615 3184 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/07 15:14:35.0725 3184 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/07 15:14:35.0787 3184 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/07 15:14:35.0818 3184 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/07 15:14:35.0865 3184 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/07 15:14:35.0959 3184 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/07 15:14:36.0083 3184 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/07 15:14:36.0271 3184 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/07 15:14:36.0395 3184 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/07 15:14:36.0473 3184 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/07 15:14:36.0536 3184 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/07 15:14:36.0567 3184 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/07 15:14:36.0614 3184 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/07 15:14:36.0676 3184 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/07 15:14:36.0817 3184 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/07 15:14:36.0926 3184 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/07 15:14:37.0066 3184 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/07 15:14:37.0472 3184 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/07 15:14:37.0581 3184 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 15:14:37.0612 3184 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 15:14:37.0987 3184 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/07 15:14:38.0377 3184 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/07 15:14:38.0767 3184 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/07 15:14:39.0219 3184 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/07 15:14:39.0515 3184 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/07 15:14:39.0609 3184 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/07 15:14:39.0703 3184 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/07 15:14:39.0874 3184 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/07 15:14:40.0093 3184 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/05/07 15:14:40.0436 3184 ================================================================================
2011/05/07 15:14:40.0436 3184 Scan finished
2011/05/07 15:14:40.0436 3184 ================================================================================



#7 DR91075

DR91075
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 07 May 2011 - 03:28 PM

I forgot to mention... the symptoms seem to have subsided. :thumbup2:

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:22 AM

Posted 07 May 2011 - 04:36 PM

Your log indicates the malware was a TDSS rootkit. To learn more about this infection please refer to:

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.[/color][/i]
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 DR91075

DR91075
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 08 May 2011 - 10:35 AM

Here is the log you requested:

C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\aba135b-67181e26 probably a variant of Win32/Agent.FQRCZBA trojan
C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\12a49b83-50d486d2 a variant of Java/TrojanDownloader.Agent.NAC trojan
C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\895bc32-6d7d31b5 Java/TrojanDownloader.Agent.AK trojan
C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\9b47178-2ac30a5f a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\76cf8efa-44cc79b5 multiple threats
C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\38bc557c-1d74a09a multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJGYD52F\upgrade[2].cab multiple threats
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 16.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 17.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 18.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 19.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 22.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 34.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 36.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 38.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 45.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 55.zip multiple threats
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 57.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan


Looks like I have more work to do. :busy: I'll await your instruction.

Please know I truly appreciate your help.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:22 AM

Posted 08 May 2011 - 05:50 PM

Rerun Eset Online Anti-virus Scanner again, but this time under scan settings, be sure to check the option to Remove found threats. Save the log as before and copy and paste the contents in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 DR91075

DR91075
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 09 May 2011 - 12:06 PM

Here are the latest ESET scan resuts that you asked for:

C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\aba135b-67181e26 probably a variant of Win32/Agent.FQRCZBA trojan deleted - quarantined
C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\12a49b83-50d486d2 a variant of Java/TrojanDownloader.Agent.NAC trojan deleted - quarantined
C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\895bc32-6d7d31b5 Java/TrojanDownloader.Agent.AK trojan deleted - quarantined
C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\9b47178-2ac30a5f a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\76cf8efa-44cc79b5 multiple threats deleted - quarantined
C:\Users\slick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\38bc557c-1d74a09a multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJGYD52F\upgrade[2].cab multiple threats deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 16.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 17.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 18.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 19.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 22.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 34.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 36.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 38.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 45.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 55.zip multiple threats deleted - quarantined
D:\OWNER-PC\Backup Set 2009-07-14 201815\Backup Files 2009-07-14 201815\Backup files 57.zip a variant of WMA/TrojanDownloader.GetCodec.gen trojan deleted - quarantined


Edited by DR91075, 09 May 2011 - 12:07 PM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:22 AM

Posted 09 May 2011 - 01:13 PM

How is your computer running now? Are there any more signs of infection?...strange audio ads, unwanted pop-ups, security alerts, or browser redirects?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 DR91075

DR91075
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 09 May 2011 - 01:18 PM

Sorry. I should have mentioned in the last post that all seems well. Still no symptoms.

Edited by DR91075, 09 May 2011 - 01:23 PM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:22 AM

Posted 09 May 2011 - 01:39 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 DR91075

DR91075
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 09 May 2011 - 02:34 PM

I have completed the steps you suggested. My computer seems to be running like new. :clapping: Thank you very much, Quietman. You'll never know how grateful I am. Are there any further steps you would suggest?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users