Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet another Google redirect problem


  • Please log in to reply
13 replies to this topic

#1 allargando

allargando

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 15 May 2011 - 02:33 PM

I apologize for not introducing myself first, but this bugger is causing me undue fits. For the record, I'm running 64bit Vista (unless I'm being unusually dull ^_^;.)

In Firefox, some of my Google hits get redirected to random ad sites, as I've seen a few other users here dealing with. In the history, I always get a 66.230.188.67 entry. Now, after searching for this IP, I found a couple threads scattered about that make this out to be somewhat serious. I first noticed this about four or so days ago, but in the past 24 hours it appeared to stop. Once I woke up this morning, I got redirected again, so something is still there. Malwarebytes and Microsoft Security Essentials, the program my college uses to allow each student's PC on their network detect nothing. SuperAntiSpyware only got 10 tracking cookies in the last scan.

Also potentially related, yesterday (when the redirecting stopped, actually) I got hit with a "Vista Home Security" malware scam. This leads me to believe that whatever it is might be downloading things to my computer without me knowing it. Also, I noticed a Java icon in my taskbar that wasn't normally there before I could react and kill the process. I have since uninstalled all the Java I had and reinstalled to make sure I have the most updated version. It was running from a "ckq.exe" file, and after deleting this and running Malwarebytes the problem no longer persists. I do wonder if I managed to clean up everything though.

Also worthy of note is the fact that I've never posted any sort of logs on a site like this to let people check that my computer is 100% clean. Could this be an old problem that's just now causing problems? My ignorance is unfortunately on full display here.

Thanks in advance for everyone's time and help. I kind of hate to start a new topic when there are other redirect threads here, but none of the others mentioned the 66.230.188.67 IP address.

EDIT: I have logged into my gmail account and got the message that "China (58.46.32.217)" had accessed my account about 13 hours ago. I'm currently going around changing any passwords that might be even the slightest bit associated with this account - thankfully not too many. Does this mean this thing is trying to steal my identity? I've seen no other anomalies yet, but it is quite distressing.

Edited by allargando, 15 May 2011 - 05:09 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:41 AM

Posted 15 May 2011 - 08:11 PM

I personally believe you have a Bot in here it is connecting to the outside world.. Has already taken any passwords and such.
Your HOSTS file may be infected.
I would first restore the Hosts file


To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 allargando

allargando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 15 May 2011 - 09:18 PM

First off, thanks for the reply. I haven't noticed any redirects since the one this morning, but my history has entries like dc1e.3vg58t1.com and 68.169.92.40 that I didn't notice before. There's a strong possibility that I simply didn't notice them, however. No suspicious behavior from any of my accounts, either. Malwarebytes didn't find anything after upgrading, and the hosts fix ran without incident.

Unhelpful(?) MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6586

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

5/15/2011 10:10:39 PM
mbam-log-2011-05-15 (22-10-39).txt

Scan type: Quick scan
Objects scanned: 182959
Time elapsed: 8 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by allargando, 15 May 2011 - 09:20 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:41 AM

Posted 15 May 2011 - 09:37 PM

I think it was in the Hosys file. Now that it is cleared I feel you will be OK.
I would Definately change ALL passwords on this machine.
Good luck..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 allargando

allargando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 15 May 2011 - 09:47 PM

Well, I'm definitely breathing a sigh of relief now. I've already changed every password I've got control of, and I'll get with the IT guys at my school to change the one I don't have control over. I'll still keep an eye out for any pesky redirecting, but I'm now paranoid any time I get a legitimate one!

Thanks once more for the expedient response. I honestly didn't believe I'd get this resolved within half a day. :)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:41 AM

Posted 15 May 2011 - 09:56 PM

You're welcome. I guess I should have asked to run one more to be certain.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 allargando

allargando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 16 May 2011 - 07:38 AM

Well, I accidentally stopped the first ESET scan by pressing space to get out of my screensaver.... On the first pass, it did detect something called "osibuqag.dll". Google was rather unhelpful, even when I tried alternate spellings. I'm assuming this was just a randomly named file. I do remember that it was in the same family as the "temp_0.tmp" file in the log below. On the second time (where I made sure not to touch anything), it came back with this log:

C:\Users\Owner\AppData\Local\Temp\jar_cache3567394811057737812.tmp Java/TrojanDownloader.OpenStream.NAX trojan deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\$inst\temp_0.tmp a variant of Win32/Kryptik.KFK trojan deleted - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\27e8c01-66d60692 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\196eb95d-786b6f87 multiple threats deleted - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\320a219e-34336d83 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\1b1a3927-4aba9add multiple threats deleted - quarantined
C:\Users\Owner\Documents\s4hax\CheatEngine561.exe multiple threats deleted - quarantined

I'm kind of surprised that it detected CheatEngine though. Unless I'm mistaken, it's just a program to edit values in programs you run, like giving you infinite time in minesweeper or extra money in inane things like desktop defender. I am glad a program finally detected something however, no matter how harmless. ^_^; I can't speak for any of the others, though.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:41 AM

Posted 16 May 2011 - 02:39 PM

Cheat Engine can inject code into other processes, but doing so can cause anti virus software to mistake it for a virus. But code injectors are dangerous and are removed. You would have to unselect it before clicking remove selected.

Let's do another quick scan and be sure alls gone.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 allargando

allargando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 16 May 2011 - 11:27 PM

I apologize for not checking this sooner than I did. I suppose better late than later though. TDSSKiller found one suspicious file, and the default was "skip." I changed it to "delete", just to get rid of anything remotely problematic.

TDSS Log:

2011/05/17 00:14:58.0836 4208 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 00:14:59.0226 4208 ================================================================================
2011/05/17 00:14:59.0226 4208 SystemInfo:
2011/05/17 00:14:59.0226 4208
2011/05/17 00:14:59.0226 4208 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/17 00:14:59.0226 4208 Product type: Workstation
2011/05/17 00:14:59.0226 4208 ComputerName: LANDON-PC
2011/05/17 00:14:59.0226 4208 UserName: Owner
2011/05/17 00:14:59.0226 4208 Windows directory: C:\Windows
2011/05/17 00:14:59.0226 4208 System windows directory: C:\Windows
2011/05/17 00:14:59.0226 4208 Running under WOW64
2011/05/17 00:14:59.0226 4208 Processor architecture: Intel x64
2011/05/17 00:14:59.0226 4208 Number of processors: 2
2011/05/17 00:14:59.0226 4208 Page size: 0x1000
2011/05/17 00:14:59.0226 4208 Boot type: Normal boot
2011/05/17 00:14:59.0226 4208 ================================================================================
2011/05/17 00:15:00.0100 4208 Initialize success
2011/05/17 00:15:02.0768 3984 ================================================================================
2011/05/17 00:15:02.0768 3984 Scan started
2011/05/17 00:15:02.0768 3984 Mode: Manual;
2011/05/17 00:15:02.0768 3984 ================================================================================
2011/05/17 00:15:03.0891 3984 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
2011/05/17 00:15:04.0234 3984 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/17 00:15:04.0484 3984 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/17 00:15:04.0796 3984 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/17 00:15:05.0076 3984 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/17 00:15:05.0685 3984 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2011/05/17 00:15:05.0934 3984 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/17 00:15:06.0153 3984 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/17 00:15:06.0340 3984 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/05/17 00:15:06.0402 3984 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/05/17 00:15:06.0496 3984 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/17 00:15:06.0699 3984 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/17 00:15:06.0761 3984 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/17 00:15:06.0917 3984 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
2011/05/17 00:15:07.0073 3984 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/17 00:15:07.0182 3984 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/05/17 00:15:07.0385 3984 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/17 00:15:07.0463 3984 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/17 00:15:07.0526 3984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/17 00:15:07.0588 3984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/17 00:15:07.0682 3984 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/17 00:15:07.0728 3984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/17 00:15:07.0791 3984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/17 00:15:07.0838 3984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/17 00:15:07.0916 3984 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/17 00:15:07.0994 3984 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/17 00:15:08.0072 3984 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/17 00:15:08.0134 3984 BTHPORT (422d812e231ec3a25f43a881061be5a0) C:\Windows\system32\Drivers\BTHport.sys
2011/05/17 00:15:08.0212 3984 BTHUSB (1c24adb844a910daa2e2732e83a8f3d4) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/17 00:15:08.0259 3984 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/17 00:15:08.0384 3984 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/17 00:15:08.0477 3984 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/17 00:15:08.0571 3984 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
2011/05/17 00:15:08.0836 3984 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/17 00:15:08.0945 3984 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/05/17 00:15:09.0008 3984 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/17 00:15:09.0101 3984 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/17 00:15:09.0351 3984 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2011/05/17 00:15:09.0554 3984 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/05/17 00:15:09.0694 3984 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/17 00:15:09.0912 3984 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/17 00:15:10.0022 3984 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/17 00:15:10.0193 3984 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/05/17 00:15:10.0287 3984 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/17 00:15:10.0443 3984 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/17 00:15:10.0583 3984 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/05/17 00:15:10.0661 3984 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/05/17 00:15:10.0770 3984 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/17 00:15:10.0911 3984 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/17 00:15:11.0020 3984 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/17 00:15:11.0098 3984 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/17 00:15:11.0207 3984 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/05/17 00:15:11.0270 3984 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/17 00:15:11.0316 3984 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/17 00:15:11.0426 3984 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/17 00:15:11.0550 3984 ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/05/17 00:15:11.0738 3984 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/05/17 00:15:11.0816 3984 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/17 00:15:11.0894 3984 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/17 00:15:11.0987 3984 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/17 00:15:12.0128 3984 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/17 00:15:12.0284 3984 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/17 00:15:12.0362 3984 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
2011/05/17 00:15:12.0408 3984 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/17 00:15:12.0518 3984 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/17 00:15:12.0564 3984 iaStor (07fb761600eff44af02c35b8b57e5863) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/17 00:15:12.0674 3984 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/17 00:15:12.0767 3984 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/17 00:15:12.0939 3984 IntcAzAudAddService (29c63bc0fbe776cde25c8293fb1e0f91) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/17 00:15:13.0095 3984 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/05/17 00:15:13.0173 3984 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/17 00:15:13.0282 3984 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/17 00:15:13.0469 3984 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/17 00:15:13.0734 3984 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/17 00:15:13.0859 3984 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/17 00:15:13.0953 3984 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/17 00:15:14.0124 3984 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/17 00:15:14.0296 3984 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/17 00:15:14.0733 3984 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
2011/05/17 00:15:15.0170 3984 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/17 00:15:15.0435 3984 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/17 00:15:15.0747 3984 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/17 00:15:16.0090 3984 kbfiltr (4c9b832435061634dfbeb980ad67bfff) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/05/17 00:15:16.0402 3984 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/17 00:15:16.0792 3984 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/17 00:15:17.0182 3984 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/17 00:15:17.0416 3984 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/17 00:15:17.0572 3984 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/17 00:15:17.0853 3984 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/17 00:15:18.0149 3984 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/17 00:15:18.0399 3984 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/05/17 00:15:18.0758 3984 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/17 00:15:19.0101 3984 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/17 00:15:19.0522 3984 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/17 00:15:19.0678 3984 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/17 00:15:19.0974 3984 motccgp (7bd101253058db30c52c6ea8d3911754) C:\Windows\system32\DRIVERS\motccgp.sys
2011/05/17 00:15:20.0302 3984 motccgpfl (1a700e7063ca7f2b29a4e761da604dfb) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/05/17 00:15:20.0598 3984 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/17 00:15:20.0848 3984 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/17 00:15:21.0144 3984 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/17 00:15:21.0332 3984 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/05/17 00:15:21.0503 3984 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/17 00:15:21.0612 3984 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/05/17 00:15:21.0862 3984 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/17 00:15:22.0190 3984 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/17 00:15:22.0346 3984 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/05/17 00:15:22.0564 3984 mrxsmb (d2fc7c6c263a759c3f0ccf5c26831b50) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/17 00:15:22.0673 3984 mrxsmb10 (b48b14105724e7f3925d89cbaa8fc7a5) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/17 00:15:22.0782 3984 mrxsmb20 (effa581e7c5afba1163aafbfa09db475) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/17 00:15:23.0063 3984 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/05/17 00:15:23.0219 3984 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/17 00:15:23.0344 3984 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/17 00:15:23.0406 3984 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/17 00:15:23.0516 3984 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/17 00:15:23.0843 3984 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/17 00:15:23.0952 3984 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/17 00:15:24.0015 3984 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/17 00:15:24.0077 3984 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/17 00:15:24.0202 3984 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/17 00:15:24.0280 3984 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/05/17 00:15:24.0358 3984 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/05/17 00:15:24.0514 3984 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/17 00:15:24.0748 3984 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
2011/05/17 00:15:24.0904 3984 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/17 00:15:24.0966 3984 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/17 00:15:25.0029 3984 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/17 00:15:25.0091 3984 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/17 00:15:25.0154 3984 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/17 00:15:25.0216 3984 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/17 00:15:25.0637 3984 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
2011/05/17 00:15:25.0980 3984 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/17 00:15:26.0136 3984 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/17 00:15:26.0448 3984 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/05/17 00:15:26.0573 3984 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/17 00:15:26.0667 3984 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/05/17 00:15:27.0026 3984 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/17 00:15:27.0182 3984 NVHDA (4ff5b85bb799c583e10fed1a6cdb8cb2) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/17 00:15:29.0147 3984 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/17 00:15:29.0631 3984 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/17 00:15:29.0724 3984 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/17 00:15:29.0771 3984 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/17 00:15:30.0192 3984 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/17 00:15:30.0598 3984 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/05/17 00:15:30.0645 3984 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/05/17 00:15:30.0707 3984 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/05/17 00:15:30.0988 3984 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/05/17 00:15:31.0191 3984 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/17 00:15:31.0284 3984 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/17 00:15:31.0674 3984 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/17 00:15:31.0706 3984 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/17 00:15:31.0830 3984 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/17 00:15:31.0955 3984 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/17 00:15:32.0392 3984 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/17 00:15:32.0657 3984 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/17 00:15:32.0829 3984 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/17 00:15:32.0985 3984 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/17 00:15:33.0047 3984 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/17 00:15:33.0125 3984 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/17 00:15:33.0234 3984 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/17 00:15:33.0312 3984 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/17 00:15:33.0375 3984 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/17 00:15:33.0468 3984 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/05/17 00:15:33.0531 3984 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/17 00:15:33.0858 3984 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/05/17 00:15:34.0030 3984 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/17 00:15:34.0092 3984 rimmptsk (4ccf35f5086cdbf5e6c51a1cfbd0b269) C:\Windows\system32\DRIVERS\rimmpx64.sys
2011/05/17 00:15:34.0155 3984 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
2011/05/17 00:15:34.0217 3984 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
2011/05/17 00:15:34.0498 3984 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/17 00:15:34.0592 3984 RTL8169 (a2cbe070fba458357acef41c3f3906ca) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/05/17 00:15:34.0716 3984 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/05/17 00:15:35.0184 3984 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/05/17 00:15:35.0418 3984 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/17 00:15:35.0699 3984 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/17 00:15:35.0777 3984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/17 00:15:35.0840 3984 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/05/17 00:15:35.0933 3984 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/05/17 00:15:35.0964 3984 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/17 00:15:36.0120 3984 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/17 00:15:36.0152 3984 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/17 00:15:36.0198 3984 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/17 00:15:36.0230 3984 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/17 00:15:36.0448 3984 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/17 00:15:36.0666 3984 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/17 00:15:36.0791 3984 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/05/17 00:15:37.0446 3984 SNP2UVC (5946f1cb48068d160483936e195ac98a) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/05/17 00:15:37.0665 3984 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/05/17 00:15:37.0821 3984 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/05/17 00:15:37.0821 3984 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/05/17 00:15:37.0852 3984 sptd - detected LockedFile.Multi.Generic (1)
2011/05/17 00:15:37.0961 3984 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
2011/05/17 00:15:38.0086 3984 srv2 (72e529d52f87341918b90635d3a01517) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/17 00:15:38.0148 3984 srvnet (1ee5fd978582764f0f280cf44efe3e9a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/17 00:15:38.0320 3984 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/17 00:15:38.0398 3984 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/17 00:15:38.0460 3984 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/17 00:15:38.0554 3984 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/17 00:15:38.0663 3984 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/17 00:15:38.0835 3984 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys
2011/05/17 00:15:38.0991 3984 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/17 00:15:39.0100 3984 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/17 00:15:39.0147 3984 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/17 00:15:39.0225 3984 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/17 00:15:39.0303 3984 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/17 00:15:39.0350 3984 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/17 00:15:39.0677 3984 TPM (270308efb59976157755c768b8544b5f) C:\Windows\system32\drivers\tpm.sys
2011/05/17 00:15:39.0802 3984 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/17 00:15:39.0880 3984 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/17 00:15:39.0989 3984 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/17 00:15:40.0067 3984 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/17 00:15:40.0114 3984 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/17 00:15:40.0317 3984 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/17 00:15:40.0410 3984 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/17 00:15:40.0535 3984 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/17 00:15:40.0582 3984 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/17 00:15:40.0660 3984 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/17 00:15:40.0738 3984 usbccgp (a0059d8567e8d35c6c309c2bdee7c038) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/17 00:15:40.0785 3984 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/05/17 00:15:40.0878 3984 usbehci (c58475c202872eea514b1bd84467f016) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/17 00:15:40.0956 3984 usbhub (3eb01de26c19576b04d39257adc57d06) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/17 00:15:41.0019 3984 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/17 00:15:41.0081 3984 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/05/17 00:15:41.0175 3984 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/17 00:15:41.0222 3984 usbuhci (9c51a73704bf805a413f13f216befee2) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/17 00:15:41.0300 3984 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/17 00:15:41.0409 3984 usb_rndisx (567d09d1c41809550ece9ed22d6d612b) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/17 00:15:41.0565 3984 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/17 00:15:41.0658 3984 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/17 00:15:41.0736 3984 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/05/17 00:15:41.0799 3984 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/05/17 00:15:41.0846 3984 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/05/17 00:15:42.0048 3984 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/05/17 00:15:42.0189 3984 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/17 00:15:42.0470 3984 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/17 00:15:42.0563 3984 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/17 00:15:42.0610 3984 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/17 00:15:42.0813 3984 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/17 00:15:42.0922 3984 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/17 00:15:43.0452 3984 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/17 00:15:43.0796 3984 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/17 00:15:44.0045 3984 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/17 00:15:44.0186 3984 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/17 00:15:44.0856 3984 ================================================================================
2011/05/17 00:15:44.0856 3984 Scan finished
2011/05/17 00:15:44.0856 3984 ================================================================================
2011/05/17 00:15:44.0888 1412 Detected object count: 1
2011/05/17 00:16:06.0946 1412 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/05/17 00:16:07.0008 1412 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot
2011/05/17 00:16:07.0055 1412 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/05/17 00:16:07.0055 1412 LockedFile.Multi.Generic(sptd) - User select action: Delete
2011/05/17 00:17:16.0663 3368 Deinitialize success

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:41 AM

Posted 17 May 2011 - 11:07 AM

Ok, so after reboot are the redirects gone? In the future witha ny AV tool...if you are offered a choice, select in this order. Cure/clean. Move /Quarantine.. Delete is last in case we need the file.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 allargando

allargando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 17 May 2011 - 11:33 AM

Yes, thankfully. I haven't been using Google too heavily in the past day, but the few links I've been to haven't posed any problems. I tested in the middle of posting this using random searches, and in about 30 or so links nothing redirected. I'll also keep the cure>move>delete preference in mind for the future. I'm sorry if it caused any problems with potential cleanup. Also, thanks a ton once more for all the help. It might take a while, but I'll cure my ignorance on this subject yet.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:41 AM

Posted 17 May 2011 - 12:02 PM

All's good,fortunately we didn't get a delete problem,just hoping to show you some helpful info. here's a good little article
Clean, Quarantine, or Delete?

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 allargando

allargando
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 17 May 2011 - 07:55 PM

And done. Once again, thanks for all the help and information you've given me. I'll definitely read through those articles, and I didn't even know cleanmgr.exe existed. Very useful, it seems.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:41 AM

Posted 17 May 2011 - 08:04 PM

Knowledge is power. You're welcome from us all.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users