Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • Please log in to reply
25 replies to this topic

#1 zuzuflowers

zuzuflowers

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 01 August 2011 - 11:26 AM

Hi,

For the last few weeks or so, I've been having some issues with my Google searches. It started in Firefox and after I would click on a Google result it would redirect me to either "find-fast-answers.com" or "scour.com". I ran MalwareBytes to see if there was anything and it found something but I still had the same problem. I switched to IE and used that for a while and then the same thing started to happen in that browser as well. I ran another scan but I did not find anything so I just tried to work around it. I reset my IE settings to default but I saved my bookmarks and it seems that the problem has been solved there, however I am still being redirected in Firefox. I did a few searches and saw some fixes but I didn't want to fiddle with any program that I don't have too much knowledge with so I left it alone. I downloaded Mircosoft Security Essentials and did a quick and full scan, found some stuff and had them removed and restarted my computer but I am still being redirected. I'm not sure what else to do. Can someone help?

Thanks!!!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:38 AM

Posted 01 August 2011 - 01:08 PM

I reset my IE settings to default but I saved my bookmarks and it seems that the problem has been solved there, however I am still being redirected in Firefox

Do the same for FireFox...refer to these instructions to reset all user preferences, toolbars and search engine to their default settings using Firefox Safe Mode.

If that does not help, do this.

Please download MiniToolBox by farbar and save it to your desktop.

Close all open browsers, double-click on the file to launch the utility and check the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List Users, Partitions and Memory size
Click Go and a log file named Result.txt will open in Notepad with the results. Copy and paste the contents in your next reply.

Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
Be sure to print out and follow the instructions for performing a scan. Alternate instructions can be found here.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.

    Posted Image
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 zuzuflowers

zuzuflowers
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 01 August 2011 - 01:27 PM

It turns out that I did try resetting to the default on Firefox and it didn't do anything in terms of fixing the problem. I just couldn't remember because I hopping between computers and browsers. I will try the other stuff when I get home from work and post the results.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:38 AM

Posted 01 August 2011 - 01:30 PM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 zuzuflowers

zuzuflowers
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 01 August 2011 - 10:25 PM

MiniToolBox Results

MiniToolBox by Farbar
Ran by Zuwena (administrator) on 01-08-2011 at 23:22:09
Windows ™ Vista Home Premium Service Pack 2 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost


========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3998.25 MB
Available physical RAM: 2295.16 MB
Total Pagefile: 8193.76 MB
Available Pagefile: 6338.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 4010.03 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:285.62 GB) (Free:187.42 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.98 GB) NTFS

========================= Users: ========================================

User accounts for \\ZUWENA-PC

Administrator Guest Zuwena


== End of log ==

#6 zuzuflowers

zuzuflowers
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 01 August 2011 - 10:34 PM

I ran the TDSSKiller and it didn't pick up anything.

2011/08/01 23:28:26.0938 6120 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/01 23:28:27.0234 6120 ================================================================================
2011/08/01 23:28:27.0234 6120 SystemInfo:
2011/08/01 23:28:27.0234 6120
2011/08/01 23:28:27.0234 6120 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/01 23:28:27.0234 6120 Product type: Workstation
2011/08/01 23:28:27.0234 6120 ComputerName: ZUWENA-PC
2011/08/01 23:28:27.0234 6120 UserName: Zuwena
2011/08/01 23:28:27.0234 6120 Windows directory: C:\Windows
2011/08/01 23:28:27.0234 6120 System windows directory: C:\Windows
2011/08/01 23:28:27.0234 6120 Running under WOW64
2011/08/01 23:28:27.0234 6120 Processor architecture: Intel x64
2011/08/01 23:28:27.0234 6120 Number of processors: 2
2011/08/01 23:28:27.0234 6120 Page size: 0x1000
2011/08/01 23:28:27.0234 6120 Boot type: Normal boot
2011/08/01 23:28:27.0234 6120 ================================================================================
2011/08/01 23:28:28.0482 6120 Initialize success
2011/08/01 23:29:01.0383 4724 ================================================================================
2011/08/01 23:29:01.0383 4724 Scan started
2011/08/01 23:29:01.0383 4724 Mode: Manual;
2011/08/01 23:29:01.0383 4724 ================================================================================
2011/08/01 23:29:02.0085 4724 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/08/01 23:29:02.0163 4724 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/08/01 23:29:02.0241 4724 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/08/01 23:29:02.0350 4724 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/08/01 23:29:02.0397 4724 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/08/01 23:29:02.0443 4724 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/08/01 23:29:02.0568 4724 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/08/01 23:29:02.0693 4724 AgereSoftModem (55fcdb10e31c22eb67454aaef42b6725) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/08/01 23:29:02.0802 4724 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/08/01 23:29:02.0911 4724 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/08/01 23:29:02.0989 4724 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
2011/08/01 23:29:03.0021 4724 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
2011/08/01 23:29:03.0083 4724 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/08/01 23:29:03.0208 4724 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/08/01 23:29:03.0255 4724 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/08/01 23:29:03.0317 4724 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/01 23:29:03.0364 4724 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/08/01 23:29:03.0551 4724 BCM43XX (eef98ddd0fc6a5da452eb8120d57ce44) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/08/01 23:29:03.0691 4724 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/08/01 23:29:03.0785 4724 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/01 23:29:03.0863 4724 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/01 23:29:03.0910 4724 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/08/01 23:29:03.0972 4724 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/08/01 23:29:04.0035 4724 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/08/01 23:29:04.0097 4724 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/01 23:29:04.0144 4724 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/08/01 23:29:04.0222 4724 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/01 23:29:04.0284 4724 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/08/01 23:29:04.0378 4724 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/01 23:29:04.0471 4724 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
2011/08/01 23:29:04.0565 4724 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/01 23:29:04.0659 4724 btwaudio (0c5d9c8b412be72c4535ec67a24c01db) C:\Windows\system32\drivers\btwaudio.sys
2011/08/01 23:29:04.0705 4724 btwavdt (df18e4291c43bed05b1d0c2d5c0e96d6) C:\Windows\system32\drivers\btwavdt.sys
2011/08/01 23:29:04.0752 4724 btwrchid (637a44c54520a9958e2e5e3ee9e26c4a) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/01 23:29:04.0815 4724 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/01 23:29:04.0893 4724 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/01 23:29:04.0955 4724 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/01 23:29:05.0033 4724 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/08/01 23:29:05.0111 4724 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/01 23:29:05.0173 4724 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
2011/08/01 23:29:05.0236 4724 COH_Mon (2e1dfcd558b716323152b009b037cc42) C:\Windows\system32\Drivers\COH_Mon.sys
2011/08/01 23:29:05.0314 4724 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/01 23:29:05.0361 4724 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/01 23:29:05.0454 4724 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
2011/08/01 23:29:05.0563 4724 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/08/01 23:29:05.0657 4724 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/08/01 23:29:05.0751 4724 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/08/01 23:29:05.0860 4724 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
2011/08/01 23:29:05.0969 4724 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/01 23:29:06.0016 4724 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/01 23:29:06.0063 4724 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/01 23:29:06.0109 4724 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/08/01 23:29:06.0234 4724 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/01 23:29:06.0312 4724 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/08/01 23:29:06.0437 4724 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/08/01 23:29:06.0515 4724 eeCtrl (8ecb5d35f400706016931bd25ae1b554) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/08/01 23:29:06.0640 4724 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/08/01 23:29:06.0749 4724 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
2011/08/01 23:29:06.0811 4724 EraserUtilRebootDrv (8adb1fab20d285088ceb1215f5d22080) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/01 23:29:06.0889 4724 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/08/01 23:29:06.0999 4724 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/08/01 23:29:07.0108 4724 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/08/01 23:29:07.0217 4724 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/01 23:29:07.0326 4724 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/08/01 23:29:07.0373 4724 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/08/01 23:29:07.0451 4724 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/01 23:29:07.0529 4724 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/08/01 23:29:07.0591 4724 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/01 23:29:07.0669 4724 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/01 23:29:07.0779 4724 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/01 23:29:07.0872 4724 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/08/01 23:29:07.0966 4724 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/01 23:29:08.0013 4724 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/08/01 23:29:08.0122 4724 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/01 23:29:08.0200 4724 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/01 23:29:08.0293 4724 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/08/01 23:29:08.0403 4724 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/08/01 23:29:08.0465 4724 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/08/01 23:29:08.0574 4724 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/08/01 23:29:08.0621 4724 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/08/01 23:29:08.0699 4724 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/01 23:29:08.0777 4724 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/08/01 23:29:09.0058 4724 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/01 23:29:09.0229 4724 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/08/01 23:29:09.0323 4724 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
2011/08/01 23:29:09.0401 4724 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
2011/08/01 23:29:09.0432 4724 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/01 23:29:09.0495 4724 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/01 23:29:09.0635 4724 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/01 23:29:09.0760 4724 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/01 23:29:09.0853 4724 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/08/01 23:29:09.0947 4724 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/08/01 23:29:10.0009 4724 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/01 23:29:10.0072 4724 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/08/01 23:29:10.0119 4724 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/08/01 23:29:10.0165 4724 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/01 23:29:10.0243 4724 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/01 23:29:10.0337 4724 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/01 23:29:10.0446 4724 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/08/01 23:29:10.0571 4724 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/01 23:29:10.0633 4724 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/01 23:29:10.0680 4724 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/01 23:29:10.0743 4724 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/01 23:29:10.0774 4724 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/08/01 23:29:10.0852 4724 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/01 23:29:10.0930 4724 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/08/01 23:29:11.0008 4724 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/08/01 23:29:11.0086 4724 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/08/01 23:29:11.0179 4724 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/01 23:29:11.0226 4724 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/01 23:29:11.0320 4724 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/01 23:29:11.0398 4724 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/01 23:29:11.0507 4724 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/01 23:29:11.0569 4724 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/08/01 23:29:11.0616 4724 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/01 23:29:11.0679 4724 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/01 23:29:11.0741 4724 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/01 23:29:11.0788 4724 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/01 23:29:11.0850 4724 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/01 23:29:11.0897 4724 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/01 23:29:11.0975 4724 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/01 23:29:12.0053 4724 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/08/01 23:29:12.0100 4724 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/08/01 23:29:12.0178 4724 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/08/01 23:29:12.0240 4724 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/08/01 23:29:12.0318 4724 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/01 23:29:12.0381 4724 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/01 23:29:12.0459 4724 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/08/01 23:29:12.0521 4724 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/08/01 23:29:12.0599 4724 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/01 23:29:12.0646 4724 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/08/01 23:29:12.0724 4724 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/08/01 23:29:12.0786 4724 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/01 23:29:12.0864 4724 NAVENG (251bdfbc76acc5590c8975dee780147e) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20090917.002\ENG64.SYS
2011/08/01 23:29:12.0973 4724 NAVEX15 (d3862ab9e0008d30685494e1035a1ce7) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20090917.002\EX64.SYS
2011/08/01 23:29:13.0176 4724 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/08/01 23:29:13.0239 4724 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/01 23:29:13.0301 4724 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/01 23:29:13.0348 4724 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/01 23:29:13.0457 4724 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/08/01 23:29:13.0566 4724 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/01 23:29:13.0629 4724 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/01 23:29:13.0816 4724 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
2011/08/01 23:29:14.0019 4724 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/08/01 23:29:14.0097 4724 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/01 23:29:14.0159 4724 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/08/01 23:29:14.0206 4724 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/01 23:29:14.0299 4724 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/08/01 23:29:14.0424 4724 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/08/01 23:29:14.0471 4724 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/08/01 23:29:14.0502 4724 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/08/01 23:29:14.0565 4724 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/08/01 23:29:14.0783 4724 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/01 23:29:14.0892 4724 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/08/01 23:29:14.0986 4724 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/08/01 23:29:15.0048 4724 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/08/01 23:29:15.0111 4724 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
2011/08/01 23:29:15.0157 4724 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/08/01 23:29:15.0267 4724 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/08/01 23:29:15.0438 4724 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/01 23:29:15.0547 4724 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/08/01 23:29:15.0657 4724 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/01 23:29:15.0719 4724 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/01 23:29:15.0781 4724 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/08/01 23:29:15.0891 4724 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/08/01 23:29:15.0937 4724 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/01 23:29:15.0984 4724 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/01 23:29:16.0047 4724 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/01 23:29:16.0140 4724 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/01 23:29:16.0234 4724 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/01 23:29:16.0327 4724 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
2011/08/01 23:29:16.0405 4724 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/01 23:29:16.0452 4724 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/01 23:29:16.0530 4724 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/08/01 23:29:16.0608 4724 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/01 23:29:16.0671 4724 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/08/01 23:29:16.0795 4724 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/01 23:29:16.0905 4724 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/08/01 23:29:17.0014 4724 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/08/01 23:29:17.0092 4724 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/01 23:29:17.0217 4724 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/01 23:29:17.0279 4724 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/08/01 23:29:17.0341 4724 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/08/01 23:29:17.0404 4724 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/01 23:29:17.0466 4724 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/01 23:29:17.0544 4724 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/01 23:29:17.0591 4724 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/08/01 23:29:17.0685 4724 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/08/01 23:29:17.0778 4724 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/08/01 23:29:17.0887 4724 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/08/01 23:29:17.0950 4724 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/01 23:29:18.0028 4724 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/01 23:29:18.0090 4724 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/08/01 23:29:18.0168 4724 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/08/01 23:29:18.0246 4724 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/08/01 23:29:18.0309 4724 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/08/01 23:29:18.0418 4724 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/08/01 23:29:18.0480 4724 SRTSP (620df2e4eca4d3b18486a0976b731411) C:\Windows\system32\Drivers\SRTSP64.SYS
2011/08/01 23:29:18.0621 4724 SRTSPL (15ae63bfb22579a06d9dfdce3a094aa1) C:\Windows\system32\Drivers\SRTSPL64.SYS
2011/08/01 23:29:18.0745 4724 SRTSPX (9560cf1b6b002b3277b427491f9e6819) C:\Windows\system32\Drivers\SRTSPX64.SYS
2011/08/01 23:29:18.0839 4724 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/08/01 23:29:18.0948 4724 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/01 23:29:18.0995 4724 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/01 23:29:19.0104 4724 STHDA (0c2bf91cdc0575f5713a4d2d5118bc06) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/08/01 23:29:19.0260 4724 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/01 23:29:19.0323 4724 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/08/01 23:29:19.0385 4724 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/08/01 23:29:19.0447 4724 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/08/01 23:29:19.0494 4724 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/08/01 23:29:19.0588 4724 SynTP (5790d18b440fb13583308bfae5f13fea) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/01 23:29:19.0759 4724 Tcpip (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\drivers\tcpip.sys
2011/08/01 23:29:19.0869 4724 Tcpip6 (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/01 23:29:19.0931 4724 tcpipreg (ce3ae2ba7a076f0ade9f48c598c1d15d) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/01 23:29:20.0009 4724 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/08/01 23:29:20.0087 4724 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/08/01 23:29:20.0165 4724 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/01 23:29:20.0227 4724 Teefer2 (2972339537c65766fadc48a476465acd) C:\Windows\system32\DRIVERS\teefer2.sys
2011/08/01 23:29:20.0259 4724 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/01 23:29:20.0399 4724 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/01 23:29:20.0477 4724 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/01 23:29:20.0555 4724 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/01 23:29:20.0617 4724 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/08/01 23:29:20.0727 4724 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/01 23:29:20.0867 4724 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/01 23:29:20.0961 4724 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/08/01 23:29:20.0992 4724 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/08/01 23:29:21.0054 4724 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/08/01 23:29:21.0132 4724 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/01 23:29:21.0226 4724 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/01 23:29:21.0319 4724 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/08/01 23:29:21.0429 4724 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/01 23:29:21.0538 4724 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/01 23:29:21.0631 4724 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/08/01 23:29:21.0709 4724 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/01 23:29:21.0772 4724 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/01 23:29:21.0819 4724 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/01 23:29:21.0912 4724 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/01 23:29:22.0006 4724 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/01 23:29:22.0084 4724 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/01 23:29:22.0146 4724 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/08/01 23:29:22.0193 4724 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
2011/08/01 23:29:22.0255 4724 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/08/01 23:29:22.0302 4724 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/08/01 23:29:22.0380 4724 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/08/01 23:29:22.0411 4724 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/08/01 23:29:22.0489 4724 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/08/01 23:29:22.0567 4724 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/01 23:29:22.0583 4724 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/01 23:29:22.0645 4724 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/08/01 23:29:22.0708 4724 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/01 23:29:22.0895 4724 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/01 23:29:22.0989 4724 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/01 23:29:23.0067 4724 WPS (6161036e811799a715da8344c4f28f78) C:\Windows\system32\drivers\wpsdrvnt.sys
2011/08/01 23:29:23.0113 4724 WpsHelper (eabd5ba5353e2e40c445182c1d1bb33b) C:\Windows\system32\drivers\WpsHelper.sys
2011/08/01 23:29:23.0176 4724 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/01 23:29:23.0269 4724 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/01 23:29:23.0347 4724 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/08/01 23:29:23.0457 4724 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
2011/08/01 23:29:23.0519 4724 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
2011/08/01 23:29:23.0535 4724 Boot (0x1200) (245ff49ce7d2551e29ac4bc437d6c76a) \Device\Harddisk0\DR0\Partition0
2011/08/01 23:29:23.0581 4724 Boot (0x1200) (facd280c4efbf162af1376bada424fcb) \Device\Harddisk0\DR0\Partition1
2011/08/01 23:29:23.0597 4724 ================================================================================
2011/08/01 23:29:23.0597 4724 Scan finished
2011/08/01 23:29:23.0597 4724 ================================================================================
2011/08/01 23:29:23.0613 3208 Detected object count: 0
2011/08/01 23:29:23.0613 3208 Actual detected object count: 0
2011/08/01 23:30:15.0701 3648 Deinitialize success

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:38 AM

Posted 02 August 2011 - 06:23 AM

Reset the IP address:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Click OK or press Enter. A dos Window will appear.
  • At the command prompt C:\>_, type: ipconfig /release
  • Press Enter.
  • When the prompt comes back, type: ipconfig /renew
  • Press Enter.
  • Close the command box and and see if that fixes the connection. No reboot needed.
-- XP users can refer to XP ipconfig Tutorial: Step 4
-- Vista users can refer to Vista ipconfig Tutorial: Step 4

Check/reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings.
-- Windows 7 users can refer to How to Change TCP/IP settings.

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.

If using a router, disconnect from the Internet and reset your router with a strong logon/password. Many users seldom change the default username/password on the router and are prone to some types of infection. If you're not sure how to do this, refer to the owner's manual for your particular router model. If you do not have a manual, look for one on the vendor's web site which you can download and keep for future reference.

Consult these links to find out the default username and password for your router and write down that information so it is available when doing the reset:These are generic instructions for how to reset a router,:
  • Unplug or turn off your DSL/cable modem.
  • Locate the router's reset button.
  • Press, and hold, the Reset button down for 30 seconds.
  • Wait for the Power, WLAN and Internet light to turn on (On the router).
  • Plug in or turn on your modem (if it is separate from the router).
  • Open your web browser to see if you have an Internet connection.
  • If you don't have an Internet connection you may need to restart your computer.


Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 zuzuflowers

zuzuflowers
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 02 August 2011 - 10:00 AM

I'm not sure if I should fiddle with the IP settings since I use my personal computer for work and at my job they went in and changed some settings so I that I can connect to their network via a wired connection.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:38 AM

Posted 02 August 2011 - 10:39 AM

I'm not sure if I should fiddle with the IP settings since I use my personal computer for work and at my job they went in and changed some settings so I that I can connect to their network via a wired connection.

That's fine. You may want to have whoever worked on your machine, double-check those settings to make sure they were not altered.

You can continue with the online scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 zuzuflowers

zuzuflowers
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 03 August 2011 - 12:35 AM

Here are the results of the ESET scan.


C:\Users\Zuwena\AppData\Local\ikuzotuqolezi.dll a variant of Win32/Cimag.HU trojan
C:\Users\Zuwena\AppData\Local\Mozilla\Firefox\Profiles\s7hdiztt.default\Cache\A\F8\294E0d01 JS/Exploit.Pdfka.OYH trojan
C:\Users\Zuwena\AppData\Roaming\Mozilla\Firefox\Profiles\s7hdiztt.default\extensions\{768588a8-7ed9-4672-8399-4f2687710d3d}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Zuwena\AppData\Roaming\Mozilla\Firefox\Profiles\s7hdiztt.default\extensions\{768588a8-7ed9-4672-8399-4f2687710d3d}\chrome\xulcache.jar JS/Agent.NDJ trojan
C:\Users\Zuwena\AppData\Roaming\Mozilla\Firefox\Profiles\s7hdiztt.default\extensions\{ace8c753-f59e-4ede-952f-4a6b2cd7c8db}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Zuwena\AppData\Roaming\Mozilla\Firefox\Profiles\s7hdiztt.default\extensions\{ace8c753-f59e-4ede-952f-4a6b2cd7c8db}\chrome\xulcache.jar JS/Agent.NDJ trojan
C:\Users\Zuwena\Downloads\registryboosterplb.exe Win32/RegistryBooster application
Operating memory a variant of Win32/Cimag.HU trojan

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:38 AM

Posted 03 August 2011 - 07:58 AM

Rerun Eset Online Anti-virus Scanner again, but this time under scan settings, be sure to check the option to Remove found threats. Save the log as before and copy and paste the contents in your next reply.

Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 zuzuflowers

zuzuflowers
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 03 August 2011 - 08:59 PM

I wasn't sure if you wanted the log results but here they are anyway.

C:\Users\Zuwena\AppData\Local\ikuzotuqolezi.dll a variant of Win32/Cimag.HU trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Zuwena\AppData\Local\Mozilla\Firefox\Profiles\s7hdiztt.default\Cache\A\F8\294E0d01 JS/Exploit.Pdfka.OYH trojan deleted - quarantined
C:\Users\Zuwena\AppData\Local\Temp\NOD627E.tmp a variant of Win32/Cimag.HU trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Zuwena\AppData\Roaming\Mozilla\Firefox\Profiles\s7hdiztt.default\extensions\{768588a8-7ed9-4672-8399-4f2687710d3d}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Zuwena\AppData\Roaming\Mozilla\Firefox\Profiles\s7hdiztt.default\extensions\{768588a8-7ed9-4672-8399-4f2687710d3d}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Users\Zuwena\AppData\Roaming\Mozilla\Firefox\Profiles\s7hdiztt.default\extensions\{ace8c753-f59e-4ede-952f-4a6b2cd7c8db}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Zuwena\AppData\Roaming\Mozilla\Firefox\Profiles\s7hdiztt.default\extensions\{ace8c753-f59e-4ede-952f-4a6b2cd7c8db}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Users\Zuwena\Downloads\registryboosterplb.exe Win32/RegistryBooster application deleted - quarantined

#13 zuzuflowers

zuzuflowers
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 03 August 2011 - 10:27 PM

I restarted my computer and I got an error message.

RunDLL

Error loading C:\Users\Zuwena\AppData\Local\ikuzotuqolezi.dll

The specified module could not be found.

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:38 AM

Posted 04 August 2011 - 06:38 AM

It's not unusual to receive such an error(s) when "booting up" after using anti-virus and other security scanning tools to remove a malware infection. ikuzotuqolezi.dll was detected as a variant of the Win32/Cimag.HU trojan and removed by Eset. It was loading itself at startup from this location: C:\Users\Zuwena\AppData\Local

RunDLL32.exe is a legitimate Windows file that executes/loads .dll (Dynamic Link Library) modules which too can be legitimate or sometimes malware related as in your case. A RunDLL "Error loading..." or "specific module could not be found" message usually occurs when the .dll file(s) that was set to run at startup in the registry has been deleted. Windows is trying to load this file(s) but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry still remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there.
    Vista/Windows 7 users refer to these instructions.
  • Open the folder and double-click on autoruns.exe to launch it.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for a startup entry related to ikuzotuqolezi.dll in the error message.
  • If found, right-click on the entry and choose delete.
  • Reboot your computer and see if the startup error returns.
If you're going to keep and use Autoruns, be sure to read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 zuzuflowers

zuzuflowers
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 04 August 2011 - 08:20 PM

I removed it and restarted it. No error message.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users