Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win32/FakeSysDef - now Google redirect


  • This topic is locked This topic is locked
12 replies to this topic

#1 StnQn

StnQn

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 17 July 2011 - 04:00 PM

I have an Msi laptop running Windows 7 Home Premium 64-bit with i3 processor running Microsoft Security Essentials

I got the virus/malware on Friday. I can't remember all the fake messages that came up. I was in the process of going to get ready for a job and was closing down my programs and accidentally clicked on it when it popped up, and that's where it all begins. When I got home that evening, I was able to get it to boot back up but couldn't get the antivirus to run. Black screen, all my documents gone, et cetera. I talked to my brother who told me to go to an earlier restore point, which I did. Once I did that I was able to update antivirus and get it to run, which found Trojan:Win32/FakeSysdef twice and took it off. Ran antivirus again and came up fine. It was late at this point and I left the computer alone for the night.

Yesterday I went through the forums and did the following that I was comfortable doing because I was familiar with or had heard of the programs before. I was able to install, update, and run iExplore which stopped one process, but I didn't write down what it was. It was not something I recognized. I then installed and ran TDSS rootkit removing tool, which didn't come back with anything. I was then able to install, update, and run a full scan in malwarebytes. That also came back fine with nothing infected. After all that I ran the unhide app and all my documents were back, though I still have some music files that seem to be gone.

So here we are today and I have run a full virus scan, a full malwarebytes scan and they are coming back with no infected objects. But I still am having the problem of Google redirects to different junk sites. I see other posts regarding this issue and different fixes, but I don't want to use one of those fixes because I'm not familiar with the applications that are used and I'm afraid of screwing something up. So I'd appreciate any help at this point.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 PM

Posted 17 July 2011 - 04:20 PM

There are various ways a malware infection can cause browser issues, loss of connectivity and redirects so try these steps:

:step1: Some infections will alter the Proxy settings in Internet Explorer which can affect your ability to browse, update or download tools required for disinfection. Check/Reset Proxy Server Settings. To do that, please refer to Steps 4-7 under the section Automated Removal Instructions for System Tool using Malwarebytes' Anti-Malware in this guide.

Alternatively, you can press the WINKEY + R keys on your keyboard or click Posted Image > Run..., and in the Open dialog box, type: inetcpl.cpl
Click OK or press Enter. Click the Connections tab and continue following the instructions in the above guide.

If using FireFox, refer to these instructions to check and configure Proxy Settings under the Connection Settings Dialog.


 :step2: Reset the IP address:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Click OK or press Enter. A dos Window will appear.
  • At the command prompt C:\>_, type: ipconfig /release
  • Press Enter.
  • When the prompt comes back, type: ipconfig /renew
  • Press Enter.
  • Close the command box and and see if that fixes the connection. No reboot needed.
-- XP users can refer to XP ipconfig Tutorial: Step 4
-- Vista users can refer to Vista ipconfig Tutorial: Step 4

Flush the DNS resolver cache:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Click OK or press Enter. A dos Window will appear.
  • At the command prompt C:\>_, type: ipconfig /flushdns
  • Press Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.

 :step3: Check/reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings.
-- Windows 7 users can refer to How to Change TCP/IP settings.

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.


 :step4: If using a router, disconnect from the Internet and reset your router with a strong logon/password. Many users seldom change the default username/password on the router and are prone to some types of infection. If you're not sure how to do this, refer to the owner's manual for your particular router model. If you do not have a manual, look for one on the vendor's web site which you can download and keep for future reference.

Consult these links to find out the default username and password for your router and write down that information so it is available when doing the reset:These are generic instructions for how to reset a router,:
  • Unplug or turn off your DSL/cable modem.
  • Locate the router's reset button.
  • Press, and hold, the Reset button down for 30 seconds.
  • Wait for the Power, WLAN and Internet light to turn on (On the router).
  • Plug in or turn on your modem (if it is separate from the router).
  • Open your web browser to see if you have an Internet connection.
  • If you don't have an Internet connection you may need to restart your computer.

 :step5: Reset Internet Explorer or go here and click the Posted Image button.

This will automatically reset registry keys and the browser back to the way it was when initially installed. If you check the Delete personal settings checkbox in Advanced settings, it will reset the home page(s), search providers and Accelerators to their default values. It will also delete temporary Internet files, history, cookies, web form information (passwords) and InPrivate Filtering data.

-- Note: Microsoft Fix it does not work in Windows 7. Instead, you can use the Internet Explorer troubleshooters to achieve this automatically.itially installed. Then clear your browser history.

If using FireFox, refer to these instructions to reset all user preferences, toolbars and search engine to their default settings using Firefox Safe Mode.


 :step6: Clear your Web browser cache. As you browse web pages, the browser stores a copy of the pages you view on your local hard drive; this is called caching. Clearing the cache forces the browser to load the latest versions of Web pages and programs you visit.

 :step7: Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How to reset the hosts file back to the default.

To reset the hosts file automatically, click the Posted Image button.
Click Run in the file download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

If you want to add a custom HOSTS file instead, read here first, then download hosts.zip, save it to your Desktop and follow follow these instructions to install the MVPS HOSTS File.

If you encounter a problem with the zipped version, try using an alternative zipping tool like 7zip or ExtractNow. If you still encounter problems, then use the MVPS HOSTS File text version. Go to File in the top menu and select "Save As", then save hosts.txt to your desktop. Rename it hosts without an extension. Go to the folder containing your existing HOSTS file and rename it HOSTS.MVP. Then copy the hosts file on your desktop into the same folder where you renamed the existing file.

Note: If using Vista or Windows 7, be aware that they require special instructions.

Edited by quietman7, 17 July 2011 - 04:25 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 StnQn

StnQn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 17 July 2011 - 05:57 PM

Still getting redirected from Google.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 PM

Posted 17 July 2011 - 06:23 PM

Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd



Please post the complete results of your TDSSkiller scan for review.

After running TDSSkiller, a log file named TDSSKiller_version_date_time_log.txt will have been created and saved to the root directory (usually Local Disk C:). Open that file in notepad, then copy and paste the contents in your next reply.


Please download and scan with the McAfee FakeAlert Stinger Tool.
Be sure to follow the instructions provided and to check the “Full Scan” option. If you cannot complete the scan, then retry using the "Smart Scan" option.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 StnQn

StnQn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 17 July 2011 - 06:40 PM

Thank you.

Here's the last MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7176

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/17/2011 4:31:17 PM
mbam-log-2011-07-17 (16-31-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 341252
Time elapsed: 53 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

******************************************************************************************************************************

And the TDSS log:

2011/07/17 19:03:27.0148 2748 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/17 19:03:29.0169 2748 ================================================================================
2011/07/17 19:03:29.0169 2748 SystemInfo:
2011/07/17 19:03:29.0169 2748
2011/07/17 19:03:29.0169 2748 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/17 19:03:29.0169 2748 Product type: Workstation
2011/07/17 19:03:29.0169 2748 ComputerName: CHARITI-MSI
2011/07/17 19:03:29.0169 2748 UserName: Chariti
2011/07/17 19:03:29.0169 2748 Windows directory: C:\windows
2011/07/17 19:03:29.0169 2748 System windows directory: C:\windows
2011/07/17 19:03:29.0169 2748 Running under WOW64
2011/07/17 19:03:29.0169 2748 Processor architecture: Intel x64
2011/07/17 19:03:29.0169 2748 Number of processors: 4
2011/07/17 19:03:29.0169 2748 Page size: 0x1000
2011/07/17 19:03:29.0169 2748 Boot type: Normal boot
2011/07/17 19:03:29.0169 2748 ================================================================================
2011/07/17 19:03:30.0170 2748 Initialize success
2011/07/17 19:03:32.0416 5100 ================================================================================
2011/07/17 19:03:32.0416 5100 Scan started
2011/07/17 19:03:32.0416 5100 Mode: Manual;
2011/07/17 19:03:32.0416 5100 ================================================================================
2011/07/17 19:03:35.0620 5100 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
2011/07/17 19:03:35.0807 5100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
2011/07/17 19:03:35.0932 5100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
2011/07/17 19:03:36.0057 5100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/17 19:03:36.0197 5100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/17 19:03:36.0322 5100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/17 19:03:36.0463 5100 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
2011/07/17 19:03:36.0587 5100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
2011/07/17 19:03:36.0728 5100 aksdf (94c0972b06c75456ed574dd46417b1d8) C:\windows\system32\DRIVERS\aksdf.sys
2011/07/17 19:03:37.0009 5100 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\windows\system32\DRIVERS\akshasp.sys
2011/07/17 19:03:37.0149 5100 aksusb (a9a09bc526e614ce9f29bb23c2a76ced) C:\windows\system32\DRIVERS\aksusb.sys
2011/07/17 19:03:37.0336 5100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
2011/07/17 19:03:37.0430 5100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
2011/07/17 19:03:37.0523 5100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/17 19:03:37.0601 5100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/17 19:03:37.0711 5100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
2011/07/17 19:03:37.0857 5100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/17 19:03:37.0957 5100 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
2011/07/17 19:03:38.0060 5100 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
2011/07/17 19:03:38.0138 5100 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/07/17 19:03:38.0247 5100 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/17 19:03:38.0294 5100 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/07/17 19:03:38.0419 5100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/17 19:03:38.0497 5100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
2011/07/17 19:03:38.0668 5100 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\windows\system32\DRIVERS\athrx.sys
2011/07/17 19:03:39.0011 5100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/07/17 19:03:39.0183 5100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/07/17 19:03:39.0386 5100 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/07/17 19:03:39.0979 5100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/17 19:03:40.0150 5100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
2011/07/17 19:03:40.0291 5100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/17 19:03:40.0353 5100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/17 19:03:40.0509 5100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/07/17 19:03:40.0712 5100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/17 19:03:40.0883 5100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/17 19:03:41.0024 5100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/17 19:03:41.0117 5100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/17 19:03:41.0289 5100 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/17 19:03:41.0429 5100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
2011/07/17 19:03:41.0554 5100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/07/17 19:03:41.0601 5100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/07/17 19:03:41.0773 5100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/17 19:03:41.0804 5100 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
2011/07/17 19:03:41.0929 5100 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
2011/07/17 19:03:42.0053 5100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/17 19:03:42.0194 5100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
2011/07/17 19:03:42.0334 5100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/17 19:03:42.0615 5100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
2011/07/17 19:03:42.0740 5100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/07/17 19:03:42.0880 5100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/07/17 19:03:43.0021 5100 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/07/17 19:03:43.0130 5100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/17 19:03:43.0317 5100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/07/17 19:03:43.0520 5100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/17 19:03:43.0629 5100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
2011/07/17 19:03:43.0738 5100 EUCR (89d11159b361dd1eac5dd4e9895c04a4) C:\windows\system32\DRIVERS\EUCR6SK.SYS
2011/07/17 19:03:43.0832 5100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/07/17 19:03:43.0879 5100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/07/17 19:03:44.0113 5100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/07/17 19:03:44.0269 5100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/07/17 19:03:44.0300 5100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/07/17 19:03:44.0425 5100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/17 19:03:44.0503 5100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
2011/07/17 19:03:44.0612 5100 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/07/17 19:03:44.0643 5100 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/17 19:03:44.0768 5100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/17 19:03:44.0877 5100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/17 19:03:45.0049 5100 Hardlock (78fad9117e4527f2ca82259da10f40bd) C:\windows\system32\drivers\hardlock.sys
2011/07/17 19:03:45.0111 5100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/07/17 19:03:45.0314 5100 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
2011/07/17 19:03:45.0470 5100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
2011/07/17 19:03:45.0626 5100 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
2011/07/17 19:03:45.0657 5100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/17 19:03:45.0766 5100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/17 19:03:45.0797 5100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/07/17 19:03:45.0953 5100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
2011/07/17 19:03:46.0109 5100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
2011/07/17 19:03:46.0312 5100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
2011/07/17 19:03:46.0421 5100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
2011/07/17 19:03:46.0499 5100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
2011/07/17 19:03:46.0640 5100 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
2011/07/17 19:03:46.0780 5100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
2011/07/17 19:03:47.0186 5100 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/07/17 19:03:47.0529 5100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/17 19:03:47.0638 5100 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
2011/07/17 19:03:47.0810 5100 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\windows\system32\drivers\RTKVHD64.sys
2011/07/17 19:03:48.0059 5100 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
2011/07/17 19:03:48.0184 5100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
2011/07/17 19:03:48.0309 5100 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/17 19:03:48.0481 5100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/07/17 19:03:48.0605 5100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
2011/07/17 19:03:48.0715 5100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/07/17 19:03:48.0839 5100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/07/17 19:03:48.0980 5100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
2011/07/17 19:03:49.0027 5100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
2011/07/17 19:03:49.0167 5100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
2011/07/17 19:03:49.0339 5100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
2011/07/17 19:03:49.0448 5100 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
2011/07/17 19:03:49.0541 5100 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/17 19:03:49.0713 5100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/07/17 19:03:49.0931 5100 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/17 19:03:50.0103 5100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/17 19:03:50.0259 5100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/17 19:03:50.0399 5100 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/17 19:03:50.0555 5100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/17 19:03:50.0696 5100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/07/17 19:03:50.0852 5100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/07/17 19:03:50.0883 5100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/17 19:03:51.0117 5100 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/07/17 19:03:51.0242 5100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/07/17 19:03:51.0304 5100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
2011/07/17 19:03:51.0554 5100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/17 19:03:51.0694 5100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
2011/07/17 19:03:51.0866 5100 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\windows\system32\DRIVERS\MpFilter.sys
2011/07/17 19:03:52.0006 5100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
2011/07/17 19:03:52.0131 5100 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/07/17 19:03:52.0256 5100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/07/17 19:03:52.0412 5100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
2011/07/17 19:03:52.0521 5100 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/17 19:03:52.0661 5100 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/17 19:03:52.0786 5100 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/17 19:03:52.0880 5100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
2011/07/17 19:03:52.0942 5100 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
2011/07/17 19:03:53.0036 5100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/07/17 19:03:53.0161 5100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/17 19:03:53.0285 5100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
2011/07/17 19:03:53.0473 5100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/17 19:03:53.0597 5100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/17 19:03:53.0753 5100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/07/17 19:03:53.0800 5100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
2011/07/17 19:03:53.0925 5100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
2011/07/17 19:03:54.0065 5100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/07/17 19:03:54.0097 5100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/17 19:03:54.0221 5100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/07/17 19:03:54.0362 5100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/17 19:03:54.0611 5100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
2011/07/17 19:03:54.0721 5100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/17 19:03:54.0877 5100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/17 19:03:55.0095 5100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/17 19:03:55.0235 5100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/17 19:03:55.0282 5100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
2011/07/17 19:03:55.0407 5100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/07/17 19:03:55.0454 5100 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
2011/07/17 19:03:55.0750 5100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/17 19:03:55.0922 5100 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/17 19:03:56.0125 5100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/07/17 19:03:56.0281 5100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/07/17 19:03:56.0468 5100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
2011/07/17 19:03:56.0593 5100 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/07/17 19:03:56.0764 5100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
2011/07/17 19:03:56.0905 5100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
2011/07/17 19:03:57.0029 5100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
2011/07/17 19:03:57.0139 5100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
2011/07/17 19:03:57.0295 5100 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/07/17 19:03:57.0341 5100 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
2011/07/17 19:03:57.0451 5100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
2011/07/17 19:03:57.0544 5100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
2011/07/17 19:03:57.0591 5100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/17 19:03:57.0763 5100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/07/17 19:03:57.0934 5100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/07/17 19:03:58.0153 5100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/17 19:03:58.0215 5100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/07/17 19:03:58.0355 5100 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
2011/07/17 19:03:58.0433 5100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/17 19:03:58.0543 5100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/17 19:03:58.0730 5100 qrkis (e92ca234469cc386ad81b9db924fe9d4) C:\windows\system32\DRIVERS\qrkis.sys
2011/07/17 19:03:58.0808 5100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/07/17 19:03:58.0870 5100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/17 19:03:58.0964 5100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/17 19:03:59.0057 5100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/17 19:03:59.0198 5100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/17 19:03:59.0323 5100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/17 19:03:59.0385 5100 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/17 19:03:59.0525 5100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/17 19:03:59.0635 5100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/17 19:03:59.0775 5100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/07/17 19:03:59.0806 5100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/07/17 19:03:59.0931 5100 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
2011/07/17 19:04:00.0071 5100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
2011/07/17 19:04:00.0134 5100 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\windows\system32\Drivers\RimUsb_AMD64.sys
2011/07/17 19:04:00.0290 5100 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/07/17 19:04:00.0477 5100 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
2011/07/17 19:04:00.0649 5100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/17 19:04:00.0805 5100 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/07/17 19:04:00.0976 5100 rtl8192U (7c9cc15879866c1b6516afd785593e3f) C:\windows\system32\DRIVERS\rtl8192U.sys
2011/07/17 19:04:01.0101 5100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
2011/07/17 19:04:01.0148 5100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/17 19:04:01.0304 5100 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
2011/07/17 19:04:01.0475 5100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/07/17 19:04:01.0647 5100 Ser2pl (9f6490423ac3271e84a90a0dd9d30a3b) C:\windows\system32\DRIVERS\ser2pl64.sys
2011/07/17 19:04:01.0694 5100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/07/17 19:04:01.0819 5100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/07/17 19:04:01.0959 5100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/17 19:04:02.0068 5100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/07/17 19:04:02.0146 5100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/07/17 19:04:02.0224 5100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
2011/07/17 19:04:02.0287 5100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/17 19:04:02.0411 5100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/17 19:04:02.0443 5100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/17 19:04:02.0552 5100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/07/17 19:04:02.0630 5100 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\windows\system32\DRIVERS\SmSerl64.sys
2011/07/17 19:04:02.0864 5100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/07/17 19:04:03.0004 5100 SRTSP (6820b710c7225d489223d4a6e1ac3e16) C:\windows\system32\drivers\NISx64\1105000.07F\SRTSP64.SYS
2011/07/17 19:04:03.0145 5100 SRTSPX (7159e3dea683fd88c10da6cf9997162f) C:\windows\system32\drivers\NISx64\1105000.07F\SRTSPX64.SYS
2011/07/17 19:04:03.0285 5100 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
2011/07/17 19:04:03.0425 5100 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
2011/07/17 19:04:03.0535 5100 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/17 19:04:03.0815 5100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/17 19:04:03.0971 5100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
2011/07/17 19:04:04.0143 5100 SynTP (e5d73228176c9f69072d1f91ced83484) C:\windows\system32\DRIVERS\SynTP.sys
2011/07/17 19:04:04.0455 5100 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\drivers\tcpip.sys
2011/07/17 19:04:04.0783 5100 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/17 19:04:04.0970 5100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
2011/07/17 19:04:05.0157 5100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/07/17 19:04:05.0297 5100 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/07/17 19:04:05.0438 5100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
2011/07/17 19:04:05.0594 5100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
2011/07/17 19:04:05.0781 5100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/17 19:04:05.0921 5100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
2011/07/17 19:04:06.0062 5100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/17 19:04:06.0202 5100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/17 19:04:06.0280 5100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
2011/07/17 19:04:06.0421 5100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
2011/07/17 19:04:06.0545 5100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
2011/07/17 19:04:06.0670 5100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/07/17 19:04:06.0857 5100 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
2011/07/17 19:04:06.0967 5100 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/17 19:04:07.0123 5100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
2011/07/17 19:04:07.0279 5100 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
2011/07/17 19:04:07.0403 5100 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/17 19:04:07.0481 5100 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
2011/07/17 19:04:07.0637 5100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/17 19:04:07.0684 5100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
2011/07/17 19:04:07.0809 5100 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
2011/07/17 19:04:07.0934 5100 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
2011/07/17 19:04:08.0246 5100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
2011/07/17 19:04:08.0449 5100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/17 19:04:08.0542 5100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/07/17 19:04:08.0589 5100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
2011/07/17 19:04:08.0683 5100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
2011/07/17 19:04:08.0761 5100 VNUSB (3f63fa4a5d8a7c1b1a87e342569fba53) C:\windows\system32\Drivers\VNUSB.sys
2011/07/17 19:04:08.0870 5100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
2011/07/17 19:04:08.0963 5100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
2011/07/17 19:04:09.0088 5100 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
2011/07/17 19:04:09.0213 5100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/17 19:04:09.0322 5100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/07/17 19:04:09.0416 5100 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/07/17 19:04:09.0556 5100 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
2011/07/17 19:04:09.0603 5100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/17 19:04:09.0775 5100 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/17 19:04:09.0806 5100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/17 19:04:09.0977 5100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/07/17 19:04:10.0102 5100 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
2011/07/17 19:04:10.0243 5100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/07/17 19:04:10.0367 5100 wdfsgusbV3 (eb197bcb013fbaef2dc4f3f2902b8e89) C:\windows\system32\DRIVERS\wdfsgusb.sys
2011/07/17 19:04:10.0570 5100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/17 19:04:10.0679 5100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/07/17 19:04:10.0882 5100 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
2011/07/17 19:04:11.0007 5100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
2011/07/17 19:04:11.0101 5100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/17 19:04:11.0225 5100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
2011/07/17 19:04:11.0288 5100 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/07/17 19:04:11.0413 5100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/17 19:04:11.0459 5100 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/07/17 19:04:11.0475 5100 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
2011/07/17 19:04:11.0537 5100 Boot (0x1200) (fb6213f352e57111a70433f1957fab02) \Device\Harddisk0\DR0\Partition0
2011/07/17 19:04:11.0584 5100 Boot (0x1200) (2cf61f02ddcde4c03732cdaf99ed2ab9) \Device\Harddisk0\DR0\Partition1
2011/07/17 19:04:11.0615 5100 Boot (0x1200) (24a27a55277ce3399fd148893cf93368) \Device\Harddisk1\DR1\Partition0
2011/07/17 19:04:11.0631 5100 Boot (0x1200) (624cf0276029fa8bbecaefbccef277be) \Device\Harddisk2\DR2\Partition0
2011/07/17 19:04:11.0647 5100 ================================================================================
2011/07/17 19:04:11.0647 5100 Scan finished
2011/07/17 19:04:11.0647 5100 ================================================================================
2011/07/17 19:04:11.0662 2416 Detected object count: 0
2011/07/17 19:04:11.0662 2416 Actual detected object count: 0
2011/07/17 19:04:16.0155 3880 Deinitialize success


I'll download the McAfee scanner now.

#6 StnQn

StnQn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 17 July 2011 - 08:44 PM

Here's the report from McAfee Stinger. I started and then stopped it a minute later because I forgot to start it as a full scan instead of the quick one.

McAfee® Labs Stinger™ Version 10.2.0.188 built on Jul 15 2011
Copyright © 2011 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Jul 15 2011.
Ready to scan for 2577 viruses, trojans and variants.

Scan initiated on Sun Jul 17 19:48:47 2011
C:\ProgramData\44556024
Found the FakeAlert!grb trojan !!!
C:\ProgramData\44556024 is infected with the FakeAlert!grb virus !!!
C:\ProgramData\44556024 has been deleted.
Number of clean files: 918
Number of infected files: 1
Number of files cleaned: 1

Scan initiated on Sun Jul 17 19:50:06 2011
Number of clean files: 336843

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 PM

Posted 18 July 2011 - 06:33 AM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 StnQn

StnQn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 18 July 2011 - 08:10 AM

I have to drive down to South Florida today and won't be back until this evening. I'll run that scan when I get home. Just to add something new to the mix though, I was working on a transcript this morning and got the blue screen of death. It popped up for a couple of seconds and then went away and the screen came on saying that windows had shut down unexpectedly and it restarted itself.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 PM

Posted 18 July 2011 - 08:15 AM

Not a problem...have a safe trip.

BTW, did the BSOD provide any stop error messages or identify a driver (.sys file) as shown in this example?

Edited by quietman7, 18 July 2011 - 08:15 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 StnQn

StnQn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 19 July 2011 - 06:34 PM

Sorry I didn't have time to get back on here yesterday. Yes, there was a stop error message with the BSOD. I can't remember what it said. Something about locked window maybe? If it happens again, I'll make sure I write it down.

Since I got the BSOD yesterday I decided to run iExplore, TDSS, Stinger, antivirus, malwarebytes, and then the ESET today. Everything (including the ESET) came up with no infectins found. However iExplore stopped a process that was not there before.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/19/2011 at 16:55:40.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe
C:\Windows\SysWOW64\grpconv.exe


Rkill completed on 07/19/2011 at 16:56:57.


Something else I noticed while ESET was running is that after a while explorer is automatically opening up a new window to go to Google. Also under program files I have internet explorer and internet explorer (64-bit), which I'm not sure if both of them were there before and I just didn't notice since I have explorer pinned to the taskbar and don't normally go through the program files to open it.

Anyway, any idea what I need to do next? Thanks

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 PM

Posted 20 July 2011 - 07:22 AM

Since you are still getting redirects, this issue will require further investigation. Many of the tools we use in this forum are not capable of detecting (repairing/removing) all malware variants so more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS log for further investigation.

Please read the "Preparation Guide".
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, please reply back here with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 StnQn

StnQn
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 21 July 2011 - 10:21 AM

Thank you so much. I've done as you said and just posted a new topic in the other forum and will wait for a response.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 PM

Posted 21 July 2011 - 11:03 AM

You're welcome.

Your log is posted here.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic until you are cleared by the Malware Response Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users