Jump to content

I'm infected! Google chrome & firefox redirected when I ever search something


Geerod

Recommended Posts

Hey, just stumbled onto this site while trying to find ways to fix my computer and it looks like you guys are doing great things here. My problem started about a week ago when I noticed that occasionally (maybe one in ten times) my google searches would be redirected to advertising sites. I didn't really think much about it and switched to google chrome since the ads were annoying (admittedly probably a bad idea). Now it is starting to happen in Chrome too, except EVERY time. I uninstalled firefox since I thought maybe that was the problem but it still happened. My next step was to download Malwarebytes. It wouldn't run at first until I renamed the .exe file to iexplore.exe (I can only assume the malware was blocking it). It ran and detected four things and told me to restart. When I restarted there was an error in my Windows system and my desktop wouldn't reload. I reset my computer and it loaded fine. I tried running Malwarebytes again to see if it could find anything else but nothing. So now I'm here! Thanks in advance.

Here's my DDS:

DDS (Ver_10-10-10.03) - NTFSx86

Run by Andrew at 11:41:22.16 on 20/10/2010

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20

Microsoft

attach.zip

Link to post
Share on other sites

Hello Geerod

Welcome to Malwarebytes.

=====================

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

I'm no longer redirected on Google!

Here's the TDSS

2010/10/20 15:26:34.0858 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/20 15:26:34.0858 ================================================================================

2010/10/20 15:26:34.0858 SystemInfo:

2010/10/20 15:26:34.0858

2010/10/20 15:26:34.0858 OS Version: 6.0.6001 ServicePack: 1.0

2010/10/20 15:26:34.0858 Product type: Workstation

2010/10/20 15:26:34.0858 ComputerName: ANDREW-PC

2010/10/20 15:26:34.0858 UserName: Andrew

2010/10/20 15:26:34.0859 Windows directory: C:\Windows

2010/10/20 15:26:34.0859 System windows directory: C:\Windows

2010/10/20 15:26:34.0859 Processor architecture: Intel x86

2010/10/20 15:26:34.0859 Number of processors: 2

2010/10/20 15:26:34.0859 Page size: 0x1000

2010/10/20 15:26:34.0859 Boot type: Normal boot

2010/10/20 15:26:34.0859 ================================================================================

2010/10/20 15:26:35.0308 Initialize success

2010/10/20 15:26:48.0903 ================================================================================

2010/10/20 15:26:48.0903 Scan started

2010/10/20 15:26:48.0903 Mode: Manual;

2010/10/20 15:26:48.0903 ================================================================================

2010/10/20 15:26:50.0122 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

2010/10/20 15:26:50.0186 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2010/10/20 15:26:50.0230 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2010/10/20 15:26:50.0266 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2010/10/20 15:26:50.0316 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2010/10/20 15:26:50.0399 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

2010/10/20 15:26:50.0451 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2010/10/20 15:26:50.0575 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/10/20 15:26:50.0617 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

2010/10/20 15:26:50.0642 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2010/10/20 15:26:50.0672 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

2010/10/20 15:26:50.0706 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2010/10/20 15:26:50.0733 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2010/10/20 15:26:50.0807 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2010/10/20 15:26:50.0831 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2010/10/20 15:26:50.0883 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/20 15:26:50.0936 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

2010/10/20 15:26:51.0078 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

2010/10/20 15:26:51.0105 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

2010/10/20 15:26:51.0140 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

2010/10/20 15:26:51.0192 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

2010/10/20 15:26:51.0275 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\Windows\system32\DRIVERS\avgldx86.sys

2010/10/20 15:26:51.0320 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys

2010/10/20 15:26:51.0422 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys

2010/10/20 15:26:51.0468 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\Windows\system32\DRIVERS\avgtdix.sys

2010/10/20 15:26:51.0540 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/10/20 15:26:51.0619 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/10/20 15:26:51.0728 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/20 15:26:51.0851 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/10/20 15:26:51.0882 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/10/20 15:26:51.0966 Bridge (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys

2010/10/20 15:26:51.0994 BridgeMP (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys

2010/10/20 15:26:52.0034 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/10/20 15:26:52.0071 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/10/20 15:26:52.0100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/10/20 15:26:52.0130 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/10/20 15:26:52.0196 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys

2010/10/20 15:26:52.0233 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/10/20 15:26:52.0351 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

2010/10/20 15:26:52.0419 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys

2010/10/20 15:26:52.0459 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys

2010/10/20 15:26:52.0511 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys

2010/10/20 15:26:52.0539 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys

2010/10/20 15:26:52.0565 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys

2010/10/20 15:26:52.0606 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/20 15:26:52.0670 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/20 15:26:52.0778 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2010/10/20 15:26:52.0831 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

2010/10/20 15:26:52.0915 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/20 15:26:52.0943 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

2010/10/20 15:26:52.0983 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/20 15:26:53.0017 crcdisk (337908557d4ec7fbbbcdcec0aaad3951) C:\Windows\system32\drivers\crcdisk.sys

2010/10/20 15:26:53.0018 Suspicious file (Forged): C:\Windows\system32\drivers\crcdisk.sys. Real md5: 337908557d4ec7fbbbcdcec0aaad3951, Fake md5: 2a213ae086bbec5e937553c7d9a2b22c

2010/10/20 15:26:53.0022 crcdisk - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/10/20 15:26:53.0070 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2010/10/20 15:26:53.0209 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys

2010/10/20 15:26:53.0301 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

2010/10/20 15:26:53.0382 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

2010/10/20 15:26:53.0462 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2010/10/20 15:26:53.0508 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/10/20 15:26:53.0598 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/10/20 15:26:53.0634 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/10/20 15:26:53.0721 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

2010/10/20 15:26:53.0752 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys

2010/10/20 15:26:53.0815 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/20 15:26:53.0883 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

2010/10/20 15:26:53.0920 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/10/20 15:26:54.0028 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

2010/10/20 15:26:54.0087 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2010/10/20 15:26:54.0148 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

2010/10/20 15:26:54.0203 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

2010/10/20 15:26:54.0238 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/20 15:26:54.0294 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/10/20 15:26:54.0360 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/10/20 15:26:54.0406 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/20 15:26:54.0520 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

2010/10/20 15:26:54.0552 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/20 15:26:54.0603 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys

2010/10/20 15:26:54.0628 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2010/10/20 15:26:54.0699 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2010/10/20 15:26:54.0747 guardian2 (50113353ded9a0772741a1c6aa908fa7) C:\Windows\system32\Drivers\oz776.sys

2010/10/20 15:26:54.0800 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2010/10/20 15:26:54.0843 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/20 15:26:54.0952 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys

2010/10/20 15:26:55.0005 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/10/20 15:26:55.0063 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/20 15:26:55.0260 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2010/10/20 15:26:55.0437 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2010/10/20 15:26:55.0541 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2010/10/20 15:26:55.0597 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

2010/10/20 15:26:55.0646 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2010/10/20 15:26:55.0707 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/20 15:26:55.0750 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2010/10/20 15:26:55.0791 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/10/20 15:26:55.0916 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2010/10/20 15:26:55.0971 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/20 15:26:56.0063 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/20 15:26:56.0128 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2010/10/20 15:26:56.0186 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/10/20 15:26:56.0251 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/10/20 15:26:56.0280 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2010/10/20 15:26:56.0389 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/20 15:26:56.0420 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/10/20 15:26:56.0452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/10/20 15:26:56.0494 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/20 15:26:56.0544 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/20 15:26:56.0612 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/20 15:26:56.0763 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/10/20 15:26:56.0899 LHidFilt (88599826f21246c58662607262ff244b) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2010/10/20 15:26:56.0977 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/20 15:26:57.0001 LMouFilt (cb9ef7d1c7db23197f4fb58f2fdcc647) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2010/10/20 15:26:57.0050 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2010/10/20 15:26:57.0086 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2010/10/20 15:26:57.0143 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2010/10/20 15:26:57.0188 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/10/20 15:26:57.0276 MA_CMIDI (6b5d093711eadd77c789b0150dc4879c) C:\Windows\system32\drivers\ma_cmidi.sys

2010/10/20 15:26:57.0413 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2010/10/20 15:26:57.0450 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2010/10/20 15:26:57.0503 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/10/20 15:26:57.0548 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/20 15:26:57.0611 MotDev (80bda4ac4b2834ca522b7386fc1f6a20) C:\Windows\system32\DRIVERS\motodrv.sys

2010/10/20 15:26:57.0662 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys

2010/10/20 15:26:57.0706 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/20 15:26:57.0731 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/20 15:26:57.0781 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/10/20 15:26:57.0888 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2010/10/20 15:26:57.0965 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/20 15:26:58.0002 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/10/20 15:26:58.0057 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

2010/10/20 15:26:58.0099 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/20 15:26:58.0148 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/20 15:26:58.0175 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/20 15:26:58.0203 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys

2010/10/20 15:26:58.0231 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2010/10/20 15:26:58.0296 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/10/20 15:26:58.0420 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/10/20 15:26:58.0496 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/20 15:26:58.0547 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/20 15:26:58.0599 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/10/20 15:26:58.0647 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

2010/10/20 15:26:58.0688 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/20 15:26:58.0755 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/10/20 15:26:58.0847 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

2010/10/20 15:26:58.0909 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\Windows\system32\DRIVERS\mxopswd.sys

2010/10/20 15:26:58.0959 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/20 15:26:59.0042 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

2010/10/20 15:26:59.0111 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/20 15:26:59.0167 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/20 15:26:59.0219 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/20 15:26:59.0315 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/10/20 15:26:59.0371 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/20 15:26:59.0413 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/20 15:26:59.0513 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys

2010/10/20 15:26:59.0628 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/10/20 15:26:59.0708 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys

2010/10/20 15:26:59.0756 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

2010/10/20 15:26:59.0807 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/20 15:26:59.0896 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

2010/10/20 15:27:00.0004 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/10/20 15:27:00.0052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/10/20 15:27:00.0306 nvlddmkm (05200c3a9b1370aa2d8c99f1a464168b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/10/20 15:27:00.0776 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2010/10/20 15:27:00.0811 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2010/10/20 15:27:00.0878 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2010/10/20 15:27:00.0983 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/10/20 15:27:01.0033 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/10/20 15:27:01.0078 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

2010/10/20 15:27:01.0105 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/10/20 15:27:01.0159 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

2010/10/20 15:27:01.0262 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\DRIVERS\pciide.sys

2010/10/20 15:27:01.0298 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/10/20 15:27:01.0365 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/10/20 15:27:01.0481 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/20 15:27:01.0588 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2010/10/20 15:27:01.0665 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/20 15:27:01.0735 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys

2010/10/20 15:27:01.0810 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2010/10/20 15:27:01.0887 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/10/20 15:27:01.0932 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/20 15:27:02.0072 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/10/20 15:27:02.0158 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/20 15:27:02.0236 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/20 15:27:02.0286 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/20 15:27:02.0371 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/20 15:27:02.0412 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/20 15:27:02.0445 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/20 15:27:02.0501 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys

2010/10/20 15:27:02.0539 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/20 15:27:02.0588 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

2010/10/20 15:27:02.0646 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys

2010/10/20 15:27:02.0713 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

2010/10/20 15:27:02.0735 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys

2010/10/20 15:27:02.0790 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

2010/10/20 15:27:02.0854 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/20 15:27:02.0914 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/10/20 15:27:03.0003 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

2010/10/20 15:27:03.0045 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/10/20 15:27:03.0078 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2010/10/20 15:27:03.0107 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2010/10/20 15:27:03.0172 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/10/20 15:27:03.0227 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/10/20 15:27:03.0302 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2010/10/20 15:27:03.0338 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/10/20 15:27:03.0392 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/10/20 15:27:03.0431 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2010/10/20 15:27:03.0466 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2010/10/20 15:27:03.0520 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2010/10/20 15:27:03.0583 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

2010/10/20 15:27:03.0639 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/10/20 15:27:03.0742 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\System32\Drivers\sptd.sys

2010/10/20 15:27:03.0842 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys

2010/10/20 15:27:03.0915 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/20 15:27:03.0968 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/20 15:27:04.0070 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys

2010/10/20 15:27:04.0172 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

2010/10/20 15:27:04.0248 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/20 15:27:04.0305 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/10/20 15:27:04.0338 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/10/20 15:27:04.0375 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/10/20 15:27:04.0430 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys

2010/10/20 15:27:04.0509 tbhsd (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys

2010/10/20 15:27:04.0576 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

2010/10/20 15:27:04.0674 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/20 15:27:04.0724 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/20 15:27:04.0783 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/10/20 15:27:04.0809 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/10/20 15:27:04.0863 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/20 15:27:04.0929 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/20 15:27:05.0001 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/20 15:27:05.0057 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/10/20 15:27:05.0086 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/20 15:27:05.0179 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2010/10/20 15:27:05.0230 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/20 15:27:05.0279 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2010/10/20 15:27:05.0310 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2010/10/20 15:27:05.0366 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/10/20 15:27:05.0398 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/10/20 15:27:05.0440 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/20 15:27:05.0484 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys

2010/10/20 15:27:05.0547 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2010/10/20 15:27:05.0749 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys

2010/10/20 15:27:05.0872 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/20 15:27:05.0932 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/10/20 15:27:06.0012 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/20 15:27:06.0055 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/20 15:27:06.0085 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/10/20 15:27:06.0129 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2010/10/20 15:27:06.0175 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2010/10/20 15:27:06.0269 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/20 15:27:06.0310 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/20 15:27:06.0361 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/20 15:27:06.0430 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/10/20 15:27:06.0470 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2010/10/20 15:27:06.0503 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2010/10/20 15:27:06.0531 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

2010/10/20 15:27:06.0563 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/10/20 15:27:06.0619 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

2010/10/20 15:27:06.0722 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

2010/10/20 15:27:06.0781 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2010/10/20 15:27:06.0819 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/10/20 15:27:06.0878 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/20 15:27:06.0906 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/20 15:27:06.0951 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2010/10/20 15:27:06.0988 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/20 15:27:07.0132 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys

2010/10/20 15:27:07.0219 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2010/10/20 15:27:07.0313 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/10/20 15:27:07.0398 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/10/20 15:27:07.0502 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/20 15:27:07.0585 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/20 15:27:07.0627 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2010/10/20 15:27:07.0708 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys

2010/10/20 15:27:07.0779 ================================================================================

2010/10/20 15:27:07.0779 Scan finished

2010/10/20 15:27:07.0779 ================================================================================

2010/10/20 15:27:07.0789 Detected object count: 1

2010/10/20 15:27:21.0056 crcdisk (337908557d4ec7fbbbcdcec0aaad3951) C:\Windows\system32\drivers\crcdisk.sys

2010/10/20 15:27:21.0057 Suspicious file (Forged): C:\Windows\system32\drivers\crcdisk.sys. Real md5: 337908557d4ec7fbbbcdcec0aaad3951, Fake md5: 2a213ae086bbec5e937553c7d9a2b22c

2010/10/20 15:27:21.0141 Backup copy found, using it..

2010/10/20 15:27:21.0306 C:\Windows\system32\drivers\crcdisk.sys - will be cured after reboot

2010/10/20 15:27:21.0306 Rootkit.Win32.TDSS.tdl3(crcdisk) - User select action: Cure

2010/10/20 15:28:07.0390 Deinitialize success

And here's the ComboFix

ComboFix 10-10-19.04 - Andrew 20/10/2010 15:40:47.1.2 - x86

Microsoft

Link to post
Share on other sites

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

MBAM Log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4896

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

20/10/2010 6:48:08 PM

mbam-log-2010-10-20 (18-48-08).txt

Scan type: Quick scan

Objects scanned: 168853

Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESET Log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=a34ba6d793cd314691ec6364f9d08ce4

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-10-21 01:26:26

# local_time=2010-10-20 09:26:26 (-0500, Eastern Daylight Time)

# country="Canada"

# lang=9

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=1024 16777215 100 0 786497 786497 0 0

# compatibility_mode=5121 16777214 0 3 4859943 4859943 0 0

# compatibility_mode=5892 16776574 100 100 0 124222907 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=242469

# found=9

# cleaned=9

# scan_time=9134

C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir Win32/Bamital.EL trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir Win32/Bamital.EL trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6f3b2832 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\76636f13-403fdce9 Java/TrojanDownloader.Agent.NBL trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\41e8aee3-62cb4d09 probably a variant of Win32/Agent.HRYTTOE trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4084a7b0-3ad9622c multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-3705baa0 probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\757db4fd-361f93f5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.