Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help getting rid of Google redirect problem


  • Please log in to reply
3 replies to this topic

#1 DaveB007

DaveB007

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 21 August 2011 - 07:42 PM

Can anyone help me solve the Google redirect problem? I not an expert with computers or Windows XP but I am not a beginner either. I guess I would fall somewhere close to between top-level users and mid-level users. I have done all I know to do to solve this problem. I have cleaned & locked the host file. I have downloaded, installed about every male-ware detection and removal program I can find. Currently I have Malwarebytes, AVG, ZoneAlarm, Spy Bot and a few others. Currently all show that I don't have any viruses or mal-ware. Along the way any detected mal-ware was listed as successfully removed. I have already downloaded ComboFix.exe, dds.scr, Defogger.exe and gmer.exe. I did not run any of these tools and will not until instructed to proceed. Any help will be greatly appreciated. Thank you! Dave B.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:17 PM

Posted 21 August 2011 - 07:53 PM

Hello I moved you here to the Am I Infected forum to try something.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 DaveB007

DaveB007
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 22 August 2011 - 09:28 PM

Thank you for your reply. The answers to your questions are:

Are you on a router? Yes - No SSID Broadcast, Password Protected & Specified MAC Addresses Only Allowed

Are other machines on it,if so are they redirecting? Not that I am aware of. I have not seen evidence of redirect on other machines and no one else thinks they have had this problem.

Do you use Firefox? Yes. I never use anything else. With the exception of: Some websites do not work well with Firefox at those times I will use MSIE

Below is the log file of the TDSS Killer. It found 1 suspicious item but did not offer the button to cure. I left it as is unless instructed to do otherwise.

2011/08/22 04:25:53.0375 2448 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/22 04:25:55.0390 2448 ================================================================================
2011/08/22 04:25:55.0390 2448 SystemInfo:
2011/08/22 04:25:55.0390 2448
2011/08/22 04:25:55.0390 2448 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/22 04:25:55.0390 2448 Product type: Workstation
2011/08/22 04:25:55.0390 2448 ComputerName: V9H9P9
2011/08/22 04:25:55.0390 2448 UserName: dbran007
2011/08/22 04:25:55.0390 2448 Windows directory: C:\WINDOWS
2011/08/22 04:25:55.0390 2448 System windows directory: C:\WINDOWS
2011/08/22 04:25:55.0390 2448 Processor architecture: Intel x86
2011/08/22 04:25:55.0390 2448 Number of processors: 1
2011/08/22 04:25:55.0390 2448 Page size: 0x1000
2011/08/22 04:25:55.0390 2448 Boot type: Normal boot
2011/08/22 04:25:55.0390 2448 ================================================================================
2011/08/22 04:25:56.0031 2448 Initialize success
2011/08/22 04:26:04.0921 3236 ================================================================================
2011/08/22 04:26:04.0921 3236 Scan started
2011/08/22 04:26:04.0921 3236 Mode: Manual;
2011/08/22 04:26:04.0921 3236 ================================================================================
2011/08/22 04:26:05.0328 3236 3c1807pd (acf020e8f60b5f8549a367147d339d32) C:\WINDOWS\system32\DRIVERS\3c1807pd.sys
2011/08/22 04:26:06.0078 3236 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/22 04:26:06.0312 3236 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/22 04:26:06.0750 3236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/22 04:26:07.0015 3236 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/08/22 04:26:07.0234 3236 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/22 04:26:07.0359 3236 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/22 04:26:08.0343 3236 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\DRIVERS\aksfridge.sys
2011/08/22 04:26:08.0640 3236 akshasp (1a27f5555448cc2d29d281b11f39177e) C:\WINDOWS\system32\DRIVERS\akshasp.sys
2011/08/22 04:26:08.0890 3236 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\WINDOWS\system32\DRIVERS\akshhl.sys
2011/08/22 04:26:09.0140 3236 aksusb (b4ad9f5d78f27e0c6994e0cb05c60e21) C:\WINDOWS\system32\DRIVERS\aksusb.sys
2011/08/22 04:26:09.0421 3236 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/08/22 04:26:09.0750 3236 ALCXWDM (5ff6f7e58c798f1474c0bbffc23cb78d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/22 04:26:10.0343 3236 AmdK8 (d7e6de8f676cf3a387f75e9ab404f7a4) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/22 04:26:10.0843 3236 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
2011/08/22 04:26:11.0125 3236 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
2011/08/22 04:26:11.0406 3236 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
2011/08/22 04:26:11.0578 3236 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/22 04:26:12.0531 3236 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/08/22 04:26:12.0703 3236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/22 04:26:12.0828 3236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/22 04:26:13.0218 3236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/22 04:26:13.0343 3236 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
2011/08/22 04:26:13.0484 3236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/22 04:26:13.0781 3236 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/22 04:26:13.0921 3236 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/22 04:26:14.0125 3236 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/22 04:26:14.0359 3236 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/22 04:26:14.0515 3236 Avgldx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/08/22 04:26:14.0656 3236 Avgmfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/08/22 04:26:14.0796 3236 Avgtdix (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/08/22 04:26:15.0140 3236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/22 04:26:15.0281 3236 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/08/22 04:26:15.0343 3236 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/08/22 04:26:15.0468 3236 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\drivers\BsStor.sys
2011/08/22 04:26:15.0640 3236 Ca100v (18d2fcf25c3caf4d737c753d0e466de7) C:\WINDOWS\system32\Drivers\Ca100v.sys
2011/08/22 04:26:15.0906 3236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/22 04:26:16.0062 3236 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/22 04:26:16.0593 3236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/22 04:26:16.0718 3236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/22 04:26:16.0828 3236 cdrbsvsd (3f3a31f5627d2eefc6b4961867a0ce93) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2011/08/22 04:26:16.0937 3236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/22 04:26:17.0203 3236 CFRPD (6a862325ae68f9edfbc79ee0921cc553) C:\WINDOWS\system32\drivers\CFRPD.sys
2011/08/22 04:26:17.0546 3236 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\System32\drivers\cinemsup.sys
2011/08/22 04:26:18.0781 3236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/22 04:26:19.0000 3236 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
2011/08/22 04:26:19.0171 3236 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/22 04:26:19.0328 3236 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/22 04:26:19.0609 3236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/22 04:26:19.0765 3236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/22 04:26:19.0953 3236 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/08/22 04:26:20.0031 3236 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/08/22 04:26:20.0078 3236 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2011/08/22 04:26:20.0484 3236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/22 04:26:20.0578 3236 drvmcdb (d078ee6ab06a6cdd3849d9b93ddf1ca5) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
2011/08/22 04:26:20.0859 3236 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2011/08/22 04:26:21.0000 3236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/22 04:26:21.0234 3236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/22 04:26:21.0343 3236 FET5X86V (4580f83e94774aa1724179a6a97e25e6) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/08/22 04:26:21.0437 3236 FETND5BV (4580f83e94774aa1724179a6a97e25e6) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/08/22 04:26:21.0687 3236 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/08/22 04:26:21.0796 3236 FETNDISB (bb82a1128e3873cf3cb304ecd927ccca) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/08/22 04:26:21.0906 3236 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/22 04:26:22.0031 3236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/22 04:26:22.0234 3236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/22 04:26:22.0484 3236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/22 04:26:22.0718 3236 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/22 04:26:22.0968 3236 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/08/22 04:26:23.0093 3236 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/08/22 04:26:23.0250 3236 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/22 04:26:23.0390 3236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/22 04:26:23.0562 3236 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/22 04:26:23.0828 3236 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
2011/08/22 04:26:24.0671 3236 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/22 04:26:25.0468 3236 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/22 04:26:25.0703 3236 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/22 04:26:25.0921 3236 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/22 04:26:26.0109 3236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/22 04:26:26.0734 3236 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/22 04:26:26.0906 3236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/22 04:26:27.0312 3236 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/22 04:26:27.0562 3236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/22 04:26:27.0812 3236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/22 04:26:27.0906 3236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/22 04:26:28.0062 3236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/22 04:26:28.0171 3236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/22 04:26:28.0390 3236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/22 04:26:28.0515 3236 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/22 04:26:28.0687 3236 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/08/22 04:26:28.0875 3236 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/22 04:26:29.0031 3236 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/22 04:26:29.0187 3236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/22 04:26:29.0328 3236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/22 04:26:29.0453 3236 L8042pr2 (42dec1fbcfa291720460705a8881a1c4) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
2011/08/22 04:26:29.0921 3236 LHidFlt2 (03976c309ede05d39017c05b817cd94f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2011/08/22 04:26:30.0062 3236 LHidUsb (25688115843c4028686a96d88bc28007) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2011/08/22 04:26:30.0359 3236 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/08/22 04:26:30.0640 3236 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/08/22 04:26:31.0171 3236 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/08/22 04:26:31.0281 3236 LMouFlt2 (26407519fca64ec4091fe1f815b4afc4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
2011/08/22 04:26:31.0562 3236 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/08/22 04:26:31.0734 3236 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/22 04:26:31.0937 3236 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/08/22 04:26:32.0234 3236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/22 04:26:32.0406 3236 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/22 04:26:32.0671 3236 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/22 04:26:32.0781 3236 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/22 04:26:32.0921 3236 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/22 04:26:33.0031 3236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/22 04:26:33.0140 3236 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/08/22 04:26:33.0531 3236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/22 04:26:33.0625 3236 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/22 04:26:33.0796 3236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/22 04:26:33.0921 3236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/22 04:26:34.0000 3236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/22 04:26:34.0078 3236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/22 04:26:34.0312 3236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/22 04:26:34.0390 3236 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/22 04:26:34.0640 3236 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/22 04:26:34.0765 3236 MxlW2k (8d740197a6ca233eb9f6b8e92d12d3a6) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/08/22 04:26:34.0921 3236 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/22 04:26:35.0046 3236 NaiFiltr (102de6d24087fb53ad47ca059a32fb66) C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
2011/08/22 04:26:35.0140 3236 NCHSSVAD (e78ce4b8e70ccc1a6e63008c3660867c) C:\WINDOWS\system32\drivers\nchssvad.sys
2011/08/22 04:26:35.0265 3236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/22 04:26:35.0453 3236 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/22 04:26:35.0546 3236 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/22 04:26:35.0640 3236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/22 04:26:35.0859 3236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/22 04:26:36.0109 3236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/22 04:26:36.0218 3236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/22 04:26:36.0312 3236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/22 04:26:36.0531 3236 NETMDUSB (986acdece933131288f1957dc359865f) C:\WINDOWS\system32\Drivers\NETMDUSB.sys
2011/08/22 04:26:36.0640 3236 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/22 04:26:36.0781 3236 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/22 04:26:36.0890 3236 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
2011/08/22 04:26:37.0062 3236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/22 04:26:37.0140 3236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/22 04:26:37.0421 3236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/22 04:26:38.0406 3236 nv (5e640f37801f2d4152d11595218915cd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/22 04:26:39.0500 3236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/22 04:26:39.0781 3236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/22 04:26:39.0890 3236 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/08/22 04:26:40.0156 3236 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/08/22 04:26:40.0421 3236 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/08/22 04:26:40.0515 3236 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/22 04:26:40.0859 3236 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/22 04:26:40.0937 3236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/22 04:26:41.0187 3236 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/22 04:26:41.0375 3236 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\PROGRA~1\WUSB54~1\PCANDIS5.SYS
2011/08/22 04:26:41.0453 3236 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/22 04:26:42.0046 3236 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/22 04:26:43.0187 3236 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/08/22 04:26:43.0875 3236 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/22 04:26:44.0000 3236 Pnp680 (023657a82e76ad98f3fafbd1ec425a71) C:\WINDOWS\system32\DRIVERS\pnp680.sys
2011/08/22 04:26:44.0093 3236 ppa3 (c740d0cb238670629af1b740414a8f3c) C:\WINDOWS\system32\DRIVERS\ppa3.sys
2011/08/22 04:26:44.0203 3236 ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys
2011/08/22 04:26:44.0359 3236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/22 04:26:44.0609 3236 prcmondrv (0c0d173c2a6f790baee8d4cc48a1ef59) C:\WINDOWS\system32\drivers\prcmondrv1041.sys
2011/08/22 04:26:44.0843 3236 PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
2011/08/22 04:26:44.0937 3236 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/22 04:26:45.0046 3236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/22 04:26:46.0031 3236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/22 04:26:46.0187 3236 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/08/22 04:26:46.0265 3236 qic157 (23168ba9e0b079461b9f2a6cfe57a84c) C:\WINDOWS\system32\DRIVERS\qic157.sys
2011/08/22 04:26:47.0796 3236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/22 04:26:47.0890 3236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/22 04:26:48.0109 3236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/22 04:26:48.0343 3236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/22 04:26:48.0546 3236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/22 04:26:48.0796 3236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/22 04:26:49.0031 3236 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/22 04:26:49.0265 3236 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/22 04:26:49.0531 3236 s3m (22098a69bddf00b6a88264bf0996ccaa) C:\WINDOWS\system32\DRIVERS\s3m.sys
2011/08/22 04:26:49.0640 3236 SaiClass (1b05d547c4f0bd111be0c3cec0fe87b1) C:\WINDOWS\system32\drivers\SaiNtBus.sys
2011/08/22 04:26:49.0812 3236 SaiH053c (cc2697593fd57954f6855bbfa772eb38) C:\WINDOWS\system32\DRIVERS\SaiH053c.sys
2011/08/22 04:26:49.0906 3236 SaiMini (370fe16f034b1ecf7f44724822d4d265) C:\WINDOWS\system32\drivers\SaiMini.sys
2011/08/22 04:26:50.0031 3236 SaiNtBus (1b05d547c4f0bd111be0c3cec0fe87b1) C:\WINDOWS\system32\drivers\SaiNtBus.sys
2011/08/22 04:26:50.0125 3236 SaiNtHid (a007103ef0e50fb0e0ed08b511d721d7) C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys
2011/08/22 04:26:50.0375 3236 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/22 04:26:50.0562 3236 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/22 04:26:50.0703 3236 sbpci (2e533021c19ad7bb05f61982d91917cf) C:\WINDOWS\system32\drivers\sbpci.sys
2011/08/22 04:26:50.0890 3236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/22 04:26:51.0125 3236 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/22 04:26:51.0312 3236 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/22 04:26:51.0562 3236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/22 04:26:52.0109 3236 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/22 04:26:52.0593 3236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/22 04:26:52.0781 3236 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/22 04:26:52.0781 3236 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
2011/08/22 04:26:52.0796 3236 sptd - detected LockedFile.Multi.Generic (1)
2011/08/22 04:26:52.0953 3236 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/22 04:26:53.0062 3236 srescan (bb1cc49b817d2551eb321f4a9afb7d8c) C:\WINDOWS\system32\ZoneLabs\srescan.sys
2011/08/22 04:26:53.0265 3236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/22 04:26:53.0500 3236 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/22 04:26:53.0609 3236 sttscsi4 (9b7eb6d8abc771c70561f29d2d87cd22) C:\WINDOWS\system32\DRIVERS\sttscsi4.sys
2011/08/22 04:26:53.0796 3236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/22 04:26:53.0984 3236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/22 04:26:55.0187 3236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/22 04:26:55.0437 3236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/22 04:26:55.0718 3236 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/08/22 04:26:55.0921 3236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/22 04:26:56.0093 3236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/22 04:26:56.0281 3236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/22 04:26:56.0781 3236 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/08/22 04:26:56.0968 3236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/22 04:26:57.0453 3236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/22 04:26:57.0828 3236 USB28xxBGA (75860c1e8f36d13a96a8cb426e4c18ae) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/08/22 04:26:58.0234 3236 USB28xxOEM (a8ffe391c198f86392eaf7ab8b9baab2) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/08/22 04:26:58.0531 3236 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/22 04:26:58.0734 3236 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/08/22 04:26:58.0921 3236 USBCamera (7bdb2fe217b7c375573856927fe7591e) C:\WINDOWS\system32\Drivers\Bulk100.sys
2011/08/22 04:26:59.0093 3236 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/22 04:26:59.0250 3236 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/08/22 04:26:59.0437 3236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/22 04:26:59.0656 3236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/22 04:26:59.0843 3236 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/08/22 04:27:00.0093 3236 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/22 04:27:00.0281 3236 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/22 04:27:00.0437 3236 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/22 04:27:00.0593 3236 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/22 04:27:00.0781 3236 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
2011/08/22 04:27:01.0062 3236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/22 04:27:01.0328 3236 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/08/22 04:27:01.0578 3236 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
2011/08/22 04:27:01.0687 3236 viamraid (f199939205dccc7836ae5ab8b5dd5e83) C:\WINDOWS\system32\drivers\viamraid.sys
2011/08/22 04:27:01.0859 3236 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/22 04:27:02.0250 3236 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/08/22 04:27:02.0468 3236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/22 04:27:02.0593 3236 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/08/22 04:27:02.0750 3236 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/08/22 04:27:03.0015 3236 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/22 04:27:03.0484 3236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/22 04:27:03.0640 3236 WebSTARNdis (a0a2082f983d05e2ca2435ec3429edea) C:\WINDOWS\system32\DRIVERS\WebSTAR.sys
2011/08/22 04:27:03.0765 3236 WebSTARXP (1181637bd53c1c5a84f51de6fda35ea5) C:\WINDOWS\system32\DRIVERS\SACMXP1.sys
2011/08/22 04:27:04.0109 3236 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/22 04:27:04.0281 3236 Wpsnuio (b3eb8a41eedafc62902f081851f7ba48) C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
2011/08/22 04:27:04.0578 3236 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/22 04:27:04.0765 3236 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/22 04:27:04.0937 3236 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/22 04:27:05.0093 3236 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/22 04:27:05.0328 3236 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys
2011/08/22 04:27:05.0468 3236 XIRLINK (b0b50313da48dfe1e3e4544c98c22555) C:\WINDOWS\system32\DRIVERS\ucdnt.sys
2011/08/22 04:27:05.0687 3236 XPAD (6417bb89d38dacaaff529854efb1b502) C:\WINDOWS\system32\Drivers\xpad.sys
2011/08/22 04:27:06.0015 3236 MBR (0x1B8) (aac4f0d2ae484abe318cbd52270c0a6e) \Device\Harddisk0\DR0
2011/08/22 04:27:06.0125 3236 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
2011/08/22 04:27:06.0265 3236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR5
2011/08/22 04:27:06.0375 3236 Boot (0x1200) (d12ef0b5e8b00f6c04cb6646f44f78e6) \Device\Harddisk0\DR0\Partition0
2011/08/22 04:27:06.0406 3236 Boot (0x1200) (997ca977dc74b3fac6a8cbfbbf6f4a2e) \Device\Harddisk1\DR1\Partition0
2011/08/22 04:27:06.0453 3236 Boot (0x1200) (9da818ddb75e4d4c75871541b18dd643) \Device\Harddisk1\DR1\Partition1
2011/08/22 04:27:06.0500 3236 Boot (0x1200) (dbbe29dff811cc5cf32931bdbf115241) \Device\Harddisk2\DR5\Partition0
2011/08/22 04:27:06.0531 3236 ================================================================================
2011/08/22 04:27:06.0531 3236 Scan finished
2011/08/22 04:27:06.0531 3236 ================================================================================
2011/08/22 04:27:06.0609 2712 Detected object count: 1
2011/08/22 04:27:06.0609 2712 Actual detected object count: 1
2011/08/22 04:29:42.0703 2712 LockedFile.Multi.Generic(sptd) - User select action: Skip

>-------------------------------------------------- END OF TDSS KILLER LOG --------------------------------------------------<

Below is the log file of the ESET Online Scanner. All files were quaranteened but not delted. Some of those files are programs that I use and I am almost sure they do not contain viruses or trojans. For example ariskkey is a password recovery utility I've used for years. I let it quaranteen it anyway.

C:\Program Files\Passware\ariskkey.dll probably a variant of Win32/Agent.CKOPODK trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA648C22-C6B6-4D18-AC49-315D586EC776}\RP2277\A0558928.dll probably a variant of Win32/Agent.CKOPODK trojan cleaned by deleting - quarantined
D:\David's Files\Downloads\New Downloads\freeripmp3.exe a variant of Win32/AdInstaller application deleted - quarantined
D:\David's Files\Downloads\New Downloads\freeripmp3_A.exe a variant of Win32/AdInstaller application deleted - quarantined
D:\Downloads\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application deleted - quarantined
D:\Downloads\AA-New Downloads\AA - Program Setup Files\DesktopShark_Setup.exe a variant of MSIL/KeyLogger.DesktopShark.A application deleted - quarantined
D:\Downloads\AA-New Downloads\AA - Program Setup Files\FacebookMonitor.exe a variant of Win32/AIMMonitorSniffer.A application deleted - quarantined
D:\Downloads\AA-New Downloads\AA - Program Setup Files\mp3mymp3install_30_A.exe multiple threats deleted - quarantined
D:\Downloads\AA-New Downloads\AA - Program Setup Files\mp3mymp3install_30_B.exe multiple threats deleted - quarantined
D:\Downloads\AA-New Downloads\AA - Program Setup Files\OrbitDownloaderSetup3005.exe Win32/OpenCandy application deleted - quarantined
D:\Downloads\AA-New Downloads\AA - Program Setup Files\OrbitSetup4.0.5.exe Win32/OpenCandy application deleted - quarantined
D:\Downloads\AA-New Downloads\AA - Program Setup Files\OrbitSetup4.1.00.exe Win32/OpenCandy application deleted - quarantined
D:\Downloads\AA-New Downloads\AA - Program Setup Files\OrbitSetup4.1.02.exe Win32/OpenCandy application deleted - quarantined
D:\Downloads\Screen Savers 5-7-2004\saminside.zip a variant of Win32/PSWTool.SAMInside.AA application deleted - quarantined
D:\Program Files\CainAble\Abel.exe a variant of Win32/CainAbel.AA application cleaned by deleting - quarantined
D:\Program Files\CainAble\Cain.exe a variant of Win32/CainAbel application cleaned by deleting - quarantined
D:\Thumb Drives\BakerThumbDrive_2\RenwickScreenPrintingStuff\zlsSetup_70_483_000_en_DB.exe a variant of Win32/AdInstaller application deleted - quarantined
D:\Thumb Drives\FilesFromDBStoredAtRenwick\lcp504en.zip multiple threats deleted - quarantined
D:\Thumb Drives\FilesFromDBStoredAtRenwick\zlsSetup_70_462_000_en.exe a variant of Win32/AdInstaller application deleted - quarantined
D:\Thumb Drives\FilesFromDBStoredAtRenwick\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application deleted - quarantined
D:\Thumb Drives\FilesFromDBStoredAtRenwick\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application deleted - quarantined
D:\Thumb Drives\FilesFromDBStoredAtRenwick\zlsSetup_70_483_000_en_DB.exe a variant of Win32/AdInstaller application deleted - quarantined
D:\Thumb Drives\ThumbDrive2 (K)\AstriKey_Passware\ariskkey.dll probably a variant of Win32/Agent.GFRRXJC trojan cleaned by deleting - quarantined
D:\Thumb Drives\ThumbDrive2 (K)\AstriKey_Passware\ariskkey_install.exe probably a variant of Win32/Agent.CKOPODK trojan deleted - quarantined
F:\LEXAR MEDIA 2\FlashDrive_1\mp3mymp3install.exe multiple threats deleted - quarantined
F:\Backup 007 USB Flash Drive 2\Applications\XP Medic - FreeDownload\XPMedic_Setup.exe Win32/Adware.XPMedic application deleted - quarantined
F:\Backup 007 USB Flash Drive 2\Applications\XP Medic - FreeDownload\XPMedic_Setup.zip Win32/Adware.XPMedic application deleted - quarantined
F:\David Files\DB-Downloads\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application deleted - quarantined
F:\David_Thumb_Drives_Dec_2009\Lexmar_Drive\FlashDrive_1\mp3mymp3install.exe multiple threats deleted - quarantined

>-------------------------------------------------- END OF ESET ONLINE SCANNER --------------------------------------------------<

Below is the log file of the Security Check. Note: AVG 9 is being used because AVG 10 & 11 were crashing my system.

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
AVG 2011
AVG Free 9.0
ESET Online Scanner v3
a-squared HiJackFree 2.1
ZoneAlarm
ZoneAlarm Toolbar
AVG9 successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Ad-Aware
Malwarebytes' Anti-Malware
Eusing Free Registry Cleaner
Wise Disk Cleaner 5.83
Wise Registry Cleaner Beta 6.02
COMODO System-Cleaner
Java™ 6 Update 26
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Java 2 Runtime Environment, SE v1.4.0_01
Java 2 Runtime Environment, SE v1.4.1_07
Out of date Java installed!
Adobe Flash Player 10.3.183.5
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
dbran007 Desktop Fix Malware SecurityCheck.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,068 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:17 PM

Posted 23 August 2011 - 07:05 AM

Below is the log file of the ESET Online Scanner. All files were quaranteened but not delted. Some of those files are programs that I use and I am almost sure they do not contain viruses or trojans. For example ariskkey is a password recovery utility I've used for years.

Certain embedded files that are part of legitimate programs may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

For example, Symantec detects Ariskkeyand Cain & Abel as a Security Risk.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-031316-4439-99
http://www.symantec.com/security_response/writeup.jsp?docid=2004-111015-4633-99

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive".

You should be able to access and restore any files in quarantine.

Quarantine - Delete or quarantine infected files into a special folder, where they no longer pose a threat to your system. Quarantined files can also be restored.

Using Eset Online Anti-virus Scanner

If not, just redownload the program and if detected again, just ignore those detections.

Note: Win32/OpenCandy is a broad category that can include any potential adware program which may be bundled with certain third-party software installation programs. OpenCandy is a service used by software developers as a way to make money through adverisement. Some versions of this program may send user-specific information to a remote server without obtaining adequate user consent.

OpenCandy provides a plug-in that developers include in their software to earn money by showing recommendations for other software in their installers. Developers use this money to keep their software free and invest in further software development.

The installer uses the OpenCandy plug-in to present a software recommendation (such as the one below) during installation. You have complete control to accept the software recommendation by selecting either the “Install” or “Do not install” options on the software recommendation screen.

What is OpenCandy?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users