Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Being redirected to advertising sites from google search.


  • Please log in to reply
7 replies to this topic

#1 knk17forever

knk17forever

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:01 PM

Posted 05 June 2011 - 11:24 AM

I am using windows 7 64 bit and firefox browser, after doing a google search when I click on a web page link I keep getting redirected to random advertising sites or other search engines.

I use updated versions of SUPERAntiSpyware and Malawarebytes Anti-Malware regularly but they are not removing this.

Any help is appreciated.

I know you will need some logs from my computer but I am not very tech savy so need instructions on what you need how to get it to you.

Thanks.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 PM

Posted 05 June 2011 - 04:14 PM

Hello lets do this then..


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Now run RKill....and with out rebooting run updated scans with SAS and MBAM,post all 3 logs.

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. [color=red](If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.

^^

If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.


Try this with RKill.... download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Do not reboot your computer after running rkill as the malware programs will start again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 GX5000

GX5000

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 06 June 2011 - 08:24 AM

This actually helped two PC's here thanx !

#4 knk17forever

knk17forever
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:01 PM

Posted 09 June 2011 - 09:08 AM

Update.

Thank you. To INSANITY and BEYOND !!

I have been very busy with my business and haven't yet done as you recommended in your reply. In the meantime I found a work around via clicking on the cached links to pages then going to current page link once on the site.

I plan on getting this taken care of today though.

I am glad that 2 other computers were helped as result of my request.

Thank you.

Will follow up.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 PM

Posted 09 June 2011 - 12:28 PM

Ok, we'll be here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 knk17forever

knk17forever
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:01 PM

Posted 11 June 2011 - 08:20 PM

Ok, finally made some time to do as you suggested.

It seems now that everything is back to normal and google searches are working as they should.

Here are the logs:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/11/2011 at 19:25:46.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 06/11/2011 at 19:26:46.


2011/06/11 18:55:50.0682 6032 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/11 18:55:50.0945 6032 ================================================================================
2011/06/11 18:55:50.0945 6032 SystemInfo:
2011/06/11 18:55:50.0945 6032
2011/06/11 18:55:50.0945 6032 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/11 18:55:50.0945 6032 Product type: Workstation
2011/06/11 18:55:50.0945 6032 ComputerName: KELVIN-PC
2011/06/11 18:55:50.0945 6032 UserName: Kelvin
2011/06/11 18:55:50.0945 6032 Windows directory: C:\Windows
2011/06/11 18:55:50.0945 6032 System windows directory: C:\Windows
2011/06/11 18:55:50.0945 6032 Running under WOW64
2011/06/11 18:55:50.0946 6032 Processor architecture: Intel x64
2011/06/11 18:55:50.0946 6032 Number of processors: 8
2011/06/11 18:55:50.0946 6032 Page size: 0x1000
2011/06/11 18:55:50.0946 6032 Boot type: Normal boot
2011/06/11 18:55:50.0946 6032 ================================================================================
2011/06/11 18:55:51.0366 6032 Initialize success
2011/06/11 18:56:35.0920 0452 ================================================================================
2011/06/11 18:56:35.0920 0452 Scan started
2011/06/11 18:56:35.0920 0452 Mode: Manual;
2011/06/11 18:56:35.0920 0452 ================================================================================
2011/06/11 18:56:36.0619 0452 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/06/11 18:56:36.0667 0452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/06/11 18:56:36.0687 0452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/06/11 18:56:36.0743 0452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/11 18:56:36.0787 0452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/11 18:56:36.0816 0452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/11 18:56:36.0871 0452 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/06/11 18:56:36.0906 0452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/11 18:56:36.0984 0452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/11 18:56:36.0999 0452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/11 18:56:37.0035 0452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/11 18:56:37.0059 0452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/11 18:56:37.0105 0452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/06/11 18:56:37.0139 0452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/11 18:56:37.0164 0452 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/06/11 18:56:37.0220 0452 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/06/11 18:56:37.0285 0452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/11 18:56:37.0304 0452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/11 18:56:37.0339 0452 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/06/11 18:56:37.0387 0452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/11 18:56:37.0443 0452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/11 18:56:37.0506 0452 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/11 18:56:37.0572 0452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/11 18:56:37.0624 0452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/11 18:56:37.0656 0452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/11 18:56:37.0696 0452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/11 18:56:37.0743 0452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/11 18:56:37.0780 0452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/11 18:56:37.0803 0452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/11 18:56:37.0846 0452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/11 18:56:37.0870 0452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/11 18:56:37.0882 0452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/11 18:56:37.0897 0452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/11 18:56:37.0930 0452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/11 18:56:37.0973 0452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/11 18:56:38.0022 0452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/11 18:56:38.0066 0452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/11 18:56:38.0101 0452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/11 18:56:38.0168 0452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/11 18:56:38.0209 0452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/11 18:56:38.0247 0452 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/06/11 18:56:38.0275 0452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/11 18:56:38.0317 0452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/11 18:56:38.0383 0452 cpuz135 (ccb09eb78e047c931708149992c2e435) C:\Windows\system32\drivers\cpuz135_x64.sys
2011/06/11 18:56:38.0417 0452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/11 18:56:38.0486 0452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/06/11 18:56:38.0514 0452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/11 18:56:38.0537 0452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/11 18:56:38.0575 0452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/11 18:56:38.0673 0452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/11 18:56:38.0785 0452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/11 18:56:38.0866 0452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/11 18:56:38.0904 0452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/11 18:56:38.0968 0452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/11 18:56:39.0009 0452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/11 18:56:39.0049 0452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/11 18:56:39.0077 0452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/11 18:56:39.0090 0452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/11 18:56:39.0121 0452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/11 18:56:39.0172 0452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/06/11 18:56:39.0200 0452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/11 18:56:39.0221 0452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/11 18:56:39.0259 0452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/11 18:56:39.0284 0452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/11 18:56:39.0350 0452 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/11 18:56:39.0425 0452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/11 18:56:39.0460 0452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/06/11 18:56:39.0501 0452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/11 18:56:39.0533 0452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/11 18:56:39.0553 0452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/11 18:56:39.0575 0452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/11 18:56:39.0625 0452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/11 18:56:39.0666 0452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/11 18:56:39.0721 0452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/06/11 18:56:39.0758 0452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/11 18:56:39.0808 0452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/11 18:56:39.0849 0452 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/11 18:56:39.0906 0452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/06/11 18:56:39.0970 0452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/11 18:56:40.0025 0452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/11 18:56:40.0065 0452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/11 18:56:40.0109 0452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/11 18:56:40.0144 0452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/11 18:56:40.0167 0452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/11 18:56:40.0223 0452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/11 18:56:40.0249 0452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/11 18:56:40.0288 0452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/06/11 18:56:40.0327 0452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/11 18:56:40.0360 0452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/11 18:56:40.0410 0452 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/11 18:56:40.0442 0452 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/11 18:56:40.0478 0452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/11 18:56:40.0601 0452 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2011/06/11 18:56:40.0688 0452 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
2011/06/11 18:56:40.0762 0452 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/06/11 18:56:40.0818 0452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/11 18:56:40.0866 0452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/11 18:56:40.0884 0452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/11 18:56:40.0902 0452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/11 18:56:40.0921 0452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/11 18:56:40.0946 0452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/11 18:56:40.0995 0452 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/06/11 18:56:41.0023 0452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/11 18:56:41.0061 0452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/11 18:56:41.0095 0452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/11 18:56:41.0123 0452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/11 18:56:41.0168 0452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/11 18:56:41.0223 0452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/11 18:56:41.0254 0452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/06/11 18:56:41.0290 0452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/06/11 18:56:41.0328 0452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/11 18:56:41.0399 0452 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
2011/06/11 18:56:41.0440 0452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/06/11 18:56:41.0461 0452 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/11 18:56:41.0484 0452 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/11 18:56:41.0516 0452 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/11 18:56:41.0563 0452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/06/11 18:56:41.0608 0452 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/06/11 18:56:41.0653 0452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/11 18:56:41.0673 0452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/11 18:56:41.0687 0452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/11 18:56:41.0732 0452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/11 18:56:41.0758 0452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/11 18:56:41.0771 0452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/11 18:56:41.0812 0452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/06/11 18:56:41.0851 0452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/11 18:56:41.0887 0452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/11 18:56:41.0900 0452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/11 18:56:41.0954 0452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/11 18:56:41.0975 0452 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/06/11 18:56:42.0018 0452 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/06/11 18:56:42.0040 0452 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/06/11 18:56:42.0105 0452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/11 18:56:42.0164 0452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/06/11 18:56:42.0213 0452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/11 18:56:42.0252 0452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/11 18:56:42.0285 0452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/11 18:56:42.0321 0452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/11 18:56:42.0367 0452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/06/11 18:56:42.0415 0452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/11 18:56:42.0448 0452 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/11 18:56:42.0545 0452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/11 18:56:42.0585 0452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/11 18:56:42.0649 0452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/11 18:56:42.0702 0452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/06/11 18:56:42.0744 0452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/11 18:56:42.0787 0452 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
2011/06/11 18:56:42.0963 0452 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/11 18:56:43.0171 0452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/06/11 18:56:43.0205 0452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/06/11 18:56:43.0238 0452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/11 18:56:43.0273 0452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/11 18:56:43.0350 0452 PAC7302 (b87efc9994f53124622fa2a0caa6d828) C:\Windows\system32\DRIVERS\PAC7302.SYS
2011/06/11 18:56:43.0386 0452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/11 18:56:43.0420 0452 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/06/11 18:56:43.0458 0452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/06/11 18:56:43.0480 0452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/11 18:56:43.0504 0452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/11 18:56:43.0532 0452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/11 18:56:43.0590 0452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/11 18:56:43.0775 0452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/11 18:56:43.0806 0452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/11 18:56:43.0842 0452 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/11 18:56:43.0891 0452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/11 18:56:43.0937 0452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/11 18:56:43.0965 0452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/11 18:56:43.0988 0452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/11 18:56:44.0026 0452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/11 18:56:44.0059 0452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/11 18:56:44.0083 0452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/11 18:56:44.0101 0452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/11 18:56:44.0142 0452 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/11 18:56:44.0168 0452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/11 18:56:44.0193 0452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/11 18:56:44.0232 0452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/11 18:56:44.0278 0452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/11 18:56:44.0313 0452 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/06/11 18:56:44.0343 0452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/06/11 18:56:44.0391 0452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/11 18:56:44.0441 0452 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/11 18:56:44.0547 0452 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\Sandra.sys
2011/06/11 18:56:44.0603 0452 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/06/11 18:56:44.0647 0452 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/06/11 18:56:44.0688 0452 SbieDrv (152ee68830ffb13f0b1fec6c9b99644f) C:\Program Files\Sandboxie\SbieDrv.sys
2011/06/11 18:56:44.0790 0452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/11 18:56:44.0843 0452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/11 18:56:44.0901 0452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/11 18:56:44.0971 0452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/11 18:56:45.0006 0452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/11 18:56:45.0054 0452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/11 18:56:45.0115 0452 sfdrv01 (a48b9f81d3c2ba989ae2d566747b4623) C:\Windows\system32\drivers\sfdrv01.sys
2011/06/11 18:56:45.0140 0452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/06/11 18:56:45.0163 0452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/11 18:56:45.0183 0452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/11 18:56:45.0228 0452 sfhlp02 (9e0ecda6c72c5d0d8cf3f0fba076422b) C:\Windows\system32\drivers\sfhlp02.sys
2011/06/11 18:56:45.0266 0452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/11 18:56:45.0324 0452 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/06/11 18:56:45.0365 0452 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/06/11 18:56:45.0383 0452 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/06/11 18:56:45.0398 0452 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/06/11 18:56:45.0450 0452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/11 18:56:45.0468 0452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/11 18:56:45.0502 0452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/11 18:56:45.0547 0452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/11 18:56:45.0596 0452 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/06/11 18:56:45.0619 0452 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/11 18:56:45.0657 0452 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/11 18:56:45.0733 0452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/11 18:56:45.0776 0452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/11 18:56:45.0813 0452 T2Fltr (e4e85e55f66f4f620cc8ee8c4e26139c) C:\Windows\system32\drivers\T2Fltr.sys
2011/06/11 18:56:45.0867 0452 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/06/11 18:56:45.0942 0452 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/11 18:56:45.0981 0452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/11 18:56:46.0017 0452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/11 18:56:46.0030 0452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/11 18:56:46.0104 0452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/11 18:56:46.0135 0452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/06/11 18:56:46.0180 0452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/11 18:56:46.0225 0452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/11 18:56:46.0280 0452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/11 18:56:46.0308 0452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/11 18:56:46.0339 0452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/11 18:56:46.0395 0452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/11 18:56:46.0420 0452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/06/11 18:56:46.0438 0452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/11 18:56:46.0484 0452 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/06/11 18:56:46.0522 0452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/11 18:56:46.0550 0452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/11 18:56:46.0575 0452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/06/11 18:56:46.0600 0452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/11 18:56:46.0622 0452 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/06/11 18:56:46.0654 0452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/11 18:56:46.0700 0452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/06/11 18:56:46.0720 0452 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/06/11 18:56:46.0753 0452 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/11 18:56:46.0789 0452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/11 18:56:46.0841 0452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/11 18:56:46.0860 0452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/11 18:56:46.0887 0452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/06/11 18:56:46.0906 0452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/11 18:56:46.0956 0452 VJoystick (b7f49333d2513eb1edaffdc269a23b68) C:\Windows\system32\DRIVERS\VJoystick.sys
2011/06/11 18:56:46.0996 0452 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
2011/06/11 18:56:47.0030 0452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/06/11 18:56:47.0071 0452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/06/11 18:56:47.0093 0452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/06/11 18:56:47.0136 0452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/11 18:56:47.0160 0452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/06/11 18:56:47.0178 0452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/11 18:56:47.0224 0452 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/11 18:56:47.0233 0452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/11 18:56:47.0266 0452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/11 18:56:47.0297 0452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/11 18:56:47.0349 0452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/11 18:56:47.0369 0452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/11 18:56:47.0436 0452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/11 18:56:47.0489 0452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/11 18:56:47.0541 0452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/06/11 18:56:47.0564 0452 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/11 18:56:47.0614 0452 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/11 18:56:47.0629 0452 ================================================================================
2011/06/11 18:56:47.0629 0452 Scan finished
2011/06/11 18:56:47.0629 0452 ================================================================================
2011/06/11 18:56:47.0636 14488 Detected object count: 0
2011/06/11 18:56:47.0636 14488 Actual detected object count: 0
2011/06/11 18:56:55.0966 5100 Deinitialize success

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6837

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/11/2011 7:29:59 PM
mbam-log-2011-06-11 (19-29-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 365602
Time elapsed: 25 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Kelvin\Desktop\couponalert.exe (Adware.FunWeb) -> No action taken.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/11/2011 at 08:32 PM

Application Version : 4.54.1000

Core Rules Database Version : 7254
Trace Rules Database Version: 5066

Scan type : Complete Scan
Total Scan Time : 01:00:15

Memory items scanned : 666
Memory threats detected : 0
Registry items scanned : 12630
Registry threats detected : 0
File items scanned : 195906
File threats detected : 121

Adware.Tracking Cookie
.doubleclick.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.adbrite.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.adbrite.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bellcan.adbureau.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interland.122.2o7.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.citysex.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.paypal.112.2o7.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.paypal.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adcentriconline.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.track.monitis.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.track.monitis.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.internetworldstats.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.internetworldstats.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.internetworldstats.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.internetworldstats.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.internetworldstats.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.thinktraffic.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.thinktraffic.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.thinktraffic.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clickbank.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.sleepcountry.ca [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.sleepcountry.ca [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.sleepcountry.ca [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.sleepcountry.ca [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.sleepcountry.ca [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tracking.dsmmadvantage.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
server.iad.liveperson.net [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\KELVIN\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
C:\USERS\KELVIN\APPDATA\LOCAL\TEMP\RARSFX2\NIRD\IEXPLORE.EXE
C:\USERS\KELVIN\APPDATA\LOCAL\TEMP\RARSFX3\NIRD\IEXPLORE.EXE
C:\USERS\KELVIN\APPDATA\LOCAL\TEMP\RARSFX4\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\USERS\KELVIN\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\EXPLORER.EXE
C:\USERS\KELVIN\APPDATA\LOCAL\TEMP\RARSFX2\PROCS\EXPLORER.EXE
C:\USERS\KELVIN\APPDATA\LOCAL\TEMP\RARSFX3\PROCS\EXPLORER.EXE
C:\USERS\KELVIN\APPDATA\LOCAL\TEMP\RARSFX4\PROCS\EXPLORER.EXE

Thanks again for you help.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 PM

Posted 12 June 2011 - 07:38 PM

Glad to hear it.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 knk17forever

knk17forever
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:01 PM

Posted 19 June 2011 - 08:13 PM

Hi,

I did the system restore as you said the same day you posted re this.

I have two questions maybe you canh help me with.

1. If this problem comes back can I uses system restore to get rid of it? I know I will have to re-install any newer programs and re-do my updates for windows... but is there any other issue with using system restore if it

comes back?

2. I have heard there is some kind of fearure for computer so that when googling an icon to the right of her search results shows up indicating whether it is a safe site or not? Have you heard of this? If so do you know how

I go about enabling, getting it, installing it?


Thanks! and Happy Father's Day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users