Google redirect virus

April 20, 2011 at 14:32:57
Specs: Windows Vista
Recently I have contracted a google redirect virus on my computer, the internet works fine when I copy and paste a web address in but when I google search and click on a link I get redirected onto another searh site.
My Mcafee security subscription recently expired which probably hasnt helped, I bought a new PC Internet Security program from the shop which found a few trackers and adwares which I got rid of but the same problem still exists. My computer then ran really slow so I have system restored to a week ago and did a disk clean up which has speeded up my computer again but got rid of the new Internet security I have. Sometimes firefox works fine but other times my computer will start going really slow when on the internet and I have to shutdown, any help would be appreciated.

See More: Google redirect virus

Report •

#1
April 20, 2011 at 18:21:02
Anti-virus and Anti-malware programs may prevent the tools we need to use from fixing an infected system. Please disable (temporarily) any Anti-virus and Anti-malware programs you have running: right click the program's Taskbar icon, or access each program through Start - Programs to disable.

Next, please download tdsskiller from the following link:
http://support.kaspersky.com/downlo...
Save it to the Desktop.

If you cannot download the file, TDSS may be blocking the attempt. You need to download it to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.

Once the file is on the Desktop, rename it.
Right-click on the TDSSKiller.exe icon on the Desktop and select: Rename.
Name it a random name with a .com extension. For example, jaws.com

Now, right-click the renamed file and select: Run as Administrator to launch it. If you receive a warning from Publisher: Kaspersky Lab asking if you want to run the file, please click on the Run button to allow TDSSKiller to run. If you do not receive this warning, then TDSSKiller should have started.

When TDSSKiller starts, it display the welcome screen.
Click on the Start Scan button.

When the scan finishes it displays a results screen stating whether or not the infection was found on your computer.

To remove the infection, click on the Continue button. If it does not say Cure on the results screen, leave it at the default action of Skip, and press the Continue button. Do not change to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

When TDSSKiller finishes cleaning the infection, a report stating whether or not it was successful is shown.

If TDSSKiller requires a reboot to finish the cleaning process, click on the Reboot now button.

Next, Download Malwarebytes' Anti-Malware (MBAM):
http://www.majorgeeks.com/Malwareby...

Save the program to the Desktop

On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts

If an update is found, MBAM will download and install the latest.

At the main program window
Make sure the following is checked: Perform Quick Scan

Click: Scan (The scan may take some time to finish, so please be patient.)
When the scan completes, a message box appears, click OK

At the main Scanner screen:
Click on: Show Results

A screen displaying the malware found shows
Make sure everything found is checked, and click: Remove Selected

When the disinfection is complete, you may be prompted to Restart the computer. Please do so.

When MBAM finishes removing malware, a log opens in Notepad
(The log is automatically saved and can be viewed by clicking the Logs tab.)

~~~~
Please provide the contents of the MBAM log in your reply.


Report •

#2
April 23, 2011 at 04:48:45
Thanks for your help here is the log from MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6424

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

23/04/2011 12:36:05
mbam-log-2011-04-23 (12-36-04).txt

Scan type: Quick scan
Objects scanned: 165134
Time elapsed: 48 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\zzloadF2.dll (Trojan.Agent.WIMP) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2B5BEEEC4E692BCD (Trojan.SpyEyes) -> Value: 2B5BEEEC4E692BCD -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent.WIMP) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent.WIMP) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\winntse.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Andrew\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\winntse.bin\winntse.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\winntse.bin\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Users\Andrew\zzloadF2.dll (Trojan.Agent.WIMP) -> Quarantined and deleted successfully.
c:\Windows\System32\zzloadF2.dll (Trojan.Agent.WIMP) -> Delete on reboot.


Report •

#3
April 23, 2011 at 14:22:55
Did TDSSKiller show any results? Its report can be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please see if you can find it, and provide the contents of that file here.

We need to dig a little deeper...
Please download MBRCheck.exe:
http://download.bleepingcomputer.co...

If the file does not download, you may have to load this into your browser's address bar:
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

Save it to your desktop.

Double-click on MBRCheck.exe to run it. (Vista/Windows 7 users right-click and select Run As Administrator.)

It opens a black screen with some data on it...please do not fix anything (if it gives an option).

When complete, you should see:
Done! Press ENTER to exit.... Press Enter on the keyboard.

A log named MBRCheck_date_time.txt (i.e. MBRCheck_04.23.11_10.22.51.txt) will be created on the Desktop.
Please, also provide the contents of the MBRcheck log in your reply.

Also, did you reboot after Malwarebytes was done?


Report •

Related Solutions

#4
April 24, 2011 at 06:46:45
I did reboot after Malewarebytes had finished

Here is the log from TDSkiller

2011/04/23 11:21:01.0594 2696 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/23 11:21:02.0839 2696 ================================================================================
2011/04/23 11:21:02.0839 2696 SystemInfo:
2011/04/23 11:21:02.0840 2696
2011/04/23 11:21:02.0840 2696 OS Version: 6.0.6000 ServicePack: 0.0
2011/04/23 11:21:02.0840 2696 Product type: Workstation
2011/04/23 11:21:02.0840 2696 ComputerName: ANDREW-PC
2011/04/23 11:21:02.0841 2696 UserName: Andrew
2011/04/23 11:21:02.0841 2696 Windows directory: C:\Windows
2011/04/23 11:21:02.0841 2696 System windows directory: C:\Windows
2011/04/23 11:21:02.0841 2696 Processor architecture: Intel x86
2011/04/23 11:21:02.0841 2696 Number of processors: 1
2011/04/23 11:21:02.0841 2696 Page size: 0x1000
2011/04/23 11:21:02.0841 2696 Boot type: Normal boot
2011/04/23 11:21:02.0841 2696 ================================================================================
2011/04/23 11:21:04.0902 2696 Initialize success
2011/04/23 11:21:45.0280 2412 ================================================================================
2011/04/23 11:21:45.0280 2412 Scan started
2011/04/23 11:21:45.0280 2412 Mode: Manual;
2011/04/23 11:21:45.0280 2412 ================================================================================
2011/04/23 11:21:47.0832 2412 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/23 11:21:47.0909 2412 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/23 11:21:48.0028 2412 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/23 11:21:48.0077 2412 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/23 11:21:48.0138 2412 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/23 11:21:48.0228 2412 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/23 11:21:48.0314 2412 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/04/23 11:21:48.0373 2412 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/23 11:21:48.0454 2412 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/04/23 11:21:48.0513 2412 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/04/23 11:21:48.0580 2412 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/04/23 11:21:48.0639 2412 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/23 11:21:48.0682 2412 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/23 11:21:48.0772 2412 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/23 11:21:48.0827 2412 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/23 11:21:48.0906 2412 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/23 11:21:48.0992 2412 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/04/23 11:21:49.0130 2412 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/23 11:21:49.0190 2412 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/04/23 11:21:49.0348 2412 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/23 11:21:49.0505 2412 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/23 11:21:49.0569 2412 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/23 11:21:49.0609 2412 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/23 11:21:49.0683 2412 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/23 11:21:49.0789 2412 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/23 11:21:49.0840 2412 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/23 11:21:49.0873 2412 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/23 11:21:49.0973 2412 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/23 11:21:50.0026 2412 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/23 11:21:50.0091 2412 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/23 11:21:50.0234 2412 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
2011/04/23 11:21:50.0296 2412 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/23 11:21:50.0375 2412 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/23 11:21:50.0539 2412 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/23 11:21:50.0608 2412 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/04/23 11:21:50.0680 2412 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/23 11:21:50.0734 2412 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/23 11:21:50.0849 2412 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/23 11:21:51.0089 2412 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/23 11:21:51.0169 2412 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/23 11:21:51.0279 2412 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/23 11:21:51.0396 2412 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/04/23 11:21:51.0478 2412 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/04/23 11:21:51.0573 2412 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/23 11:21:51.0653 2412 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/23 11:21:51.0723 2412 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/23 11:21:51.0811 2412 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/23 11:21:51.0966 2412 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/23 11:21:52.0134 2412 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/23 11:21:52.0225 2412 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/23 11:21:52.0287 2412 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/23 11:21:52.0387 2412 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/23 11:21:52.0443 2412 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/23 11:21:52.0483 2412 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/23 11:21:52.0591 2412 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/23 11:21:52.0643 2412 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/23 11:21:52.0751 2412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/04/23 11:21:52.0953 2412 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/23 11:21:53.0017 2412 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/23 11:21:53.0088 2412 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/23 11:21:53.0144 2412 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/23 11:21:53.0235 2412 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/23 11:21:53.0307 2412 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/23 11:21:53.0408 2412 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/04/23 11:21:53.0552 2412 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/04/23 11:21:53.0670 2412 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/23 11:21:53.0869 2412 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/23 11:21:54.0035 2412 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/23 11:21:54.0098 2412 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/23 11:21:54.0220 2412 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2011/04/23 11:21:54.0257 2412 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/23 11:21:54.0471 2412 igfx (e84cad5121e30d88050ea210caff3095) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/23 11:21:54.0565 2412 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/23 11:21:54.0670 2412 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/23 11:21:54.0711 2412 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/23 11:21:54.0846 2412 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/23 11:21:54.0990 2412 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/23 11:21:55.0043 2412 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/23 11:21:55.0096 2412 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/23 11:21:55.0146 2412 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/04/23 11:21:55.0213 2412 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/23 11:21:55.0267 2412 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/23 11:21:55.0317 2412 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/23 11:21:55.0375 2412 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/23 11:21:55.0419 2412 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/23 11:21:55.0518 2412 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/23 11:21:55.0752 2412 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/23 11:21:55.0909 2412 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/23 11:21:55.0998 2412 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/23 11:21:56.0067 2412 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/23 11:21:56.0159 2412 LTXMD_VAC (6cfcdb3b89079747c80403f2deb822c5) C:\Windows\system32\drivers\lmvac.sys
2011/04/23 11:21:56.0227 2412 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/23 11:21:56.0513 2412 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/23 11:21:56.0563 2412 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/23 11:21:56.0729 2412 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2011/04/23 11:21:56.0770 2412 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
2011/04/23 11:21:56.0886 2412 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
2011/04/23 11:21:56.0954 2412 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
2011/04/23 11:21:57.0015 2412 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2011/04/23 11:21:57.0074 2412 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/04/23 11:21:57.0168 2412 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
2011/04/23 11:21:57.0255 2412 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\Windows\system32\drivers\mfetdi2k.sys
2011/04/23 11:21:57.0355 2412 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/23 11:21:57.0489 2412 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/23 11:21:57.0560 2412 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/23 11:21:57.0605 2412 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/23 11:21:57.0659 2412 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/23 11:21:57.0715 2412 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/23 11:21:57.0774 2412 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/23 11:21:57.0844 2412 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/23 11:21:57.0940 2412 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/23 11:21:58.0052 2412 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/23 11:21:58.0112 2412 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/23 11:21:58.0218 2412 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/23 11:21:58.0268 2412 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/04/23 11:21:58.0330 2412 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/23 11:21:58.0420 2412 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/23 11:21:58.0463 2412 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/04/23 11:21:58.0574 2412 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/23 11:21:58.0653 2412 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/23 11:21:58.0702 2412 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/23 11:21:58.0756 2412 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/23 11:21:58.0815 2412 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/23 11:21:58.0860 2412 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/23 11:21:58.0911 2412 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/23 11:21:59.0013 2412 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/23 11:21:59.0100 2412 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/23 11:21:59.0213 2412 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/23 11:21:59.0258 2412 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/23 11:21:59.0305 2412 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/23 11:21:59.0384 2412 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/23 11:21:59.0423 2412 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/23 11:21:59.0473 2412 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/23 11:21:59.0601 2412 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/23 11:21:59.0664 2412 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/23 11:21:59.0731 2412 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/23 11:21:59.0853 2412 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/23 11:21:59.0960 2412 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/23 11:22:00.0025 2412 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/23 11:22:00.0088 2412 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/23 11:22:00.0134 2412 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/23 11:22:00.0185 2412 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/04/23 11:22:00.0350 2412 ohci1394 (953c1ba621f4da9dc7d268ae839a51fb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/23 11:22:00.0454 2412 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/23 11:22:00.0522 2412 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
2011/04/23 11:22:00.0578 2412 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/23 11:22:00.0678 2412 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/04/23 11:22:00.0716 2412 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/04/23 11:22:00.0827 2412 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
2011/04/23 11:22:00.0878 2412 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/23 11:22:00.0960 2412 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/23 11:22:01.0048 2412 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/23 11:22:01.0339 2412 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/23 11:22:01.0413 2412 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/23 11:22:01.0598 2412 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/23 11:22:01.0684 2412 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/23 11:22:01.0806 2412 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/23 11:22:01.0899 2412 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/23 11:22:01.0988 2412 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/23 11:22:02.0169 2412 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/23 11:22:02.0321 2412 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/23 11:22:02.0431 2412 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/23 11:22:02.0506 2412 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/23 11:22:02.0585 2412 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/23 11:22:02.0652 2412 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/23 11:22:02.0751 2412 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/04/23 11:22:02.0828 2412 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/23 11:22:02.0922 2412 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/23 11:22:03.0058 2412 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/04/23 11:22:03.0175 2412 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/04/23 11:22:03.0274 2412 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/04/23 11:22:03.0393 2412 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/23 11:22:03.0487 2412 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
2011/04/23 11:22:03.0562 2412 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\Windows\system32\DRIVERS\s116mdfl.sys
2011/04/23 11:22:03.0646 2412 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\Windows\system32\DRIVERS\s116mdm.sys
2011/04/23 11:22:03.0720 2412 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\Windows\system32\DRIVERS\s116mgmt.sys
2011/04/23 11:22:03.0811 2412 s116nd5 (306f85733671fe507470f0273025e768) C:\Windows\system32\DRIVERS\s116nd5.sys
2011/04/23 11:22:03.0903 2412 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\Windows\system32\DRIVERS\s116obex.sys
2011/04/23 11:22:03.0974 2412 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\Windows\system32\DRIVERS\s116unic.sys
2011/04/23 11:22:04.0085 2412 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/23 11:22:04.0296 2412 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/23 11:22:04.0374 2412 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/23 11:22:04.0499 2412 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/23 11:22:04.0569 2412 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/23 11:22:04.0664 2412 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/23 11:22:04.0995 2412 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/23 11:22:05.0070 2412 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/23 11:22:05.0137 2412 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/23 11:22:05.0205 2412 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/23 11:22:05.0316 2412 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/04/23 11:22:05.0389 2412 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/23 11:22:05.0460 2412 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/23 11:22:05.0563 2412 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/23 11:22:05.0680 2412 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/23 11:22:05.0811 2412 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/23 11:22:05.0925 2412 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/23 11:22:05.0996 2412 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/23 11:22:06.0155 2412 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/04/23 11:22:06.0292 2412 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/23 11:22:06.0387 2412 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/23 11:22:06.0438 2412 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/23 11:22:06.0488 2412 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/23 11:22:06.0574 2412 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/23 11:22:06.0751 2412 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/23 11:22:06.0871 2412 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/23 11:22:06.0951 2412 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/23 11:22:07.0035 2412 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/23 11:22:07.0122 2412 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/23 11:22:07.0196 2412 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/23 11:22:07.0273 2412 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/23 11:22:07.0445 2412 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/23 11:22:07.0606 2412 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/23 11:22:07.0668 2412 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/23 11:22:07.0757 2412 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/23 11:22:07.0846 2412 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/23 11:22:07.0985 2412 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/23 11:22:08.0067 2412 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/23 11:22:08.0149 2412 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/23 11:22:08.0221 2412 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/23 11:22:08.0294 2412 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/23 11:22:08.0550 2412 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/23 11:22:08.0632 2412 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/23 11:22:08.0727 2412 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/23 11:22:08.0815 2412 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/23 11:22:08.0906 2412 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/23 11:22:08.0973 2412 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/23 11:22:09.0088 2412 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/23 11:22:09.0190 2412 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/23 11:22:09.0303 2412 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/23 11:22:09.0374 2412 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/23 11:22:09.0452 2412 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/04/23 11:22:09.0530 2412 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/23 11:22:09.0628 2412 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/04/23 11:22:09.0709 2412 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/04/23 11:22:09.0795 2412 volmgrx (420c48e593b9520c2dee45d671f923e1) C:\Windows\system32\drivers\volmgrx.sys
2011/04/23 11:22:09.0882 2412 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/23 11:22:09.0966 2412 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/23 11:22:10.0117 2412 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/23 11:22:10.0227 2412 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/23 11:22:10.0288 2412 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/23 11:22:10.0388 2412 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/04/23 11:22:10.0502 2412 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/23 11:22:10.0617 2412 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/23 11:22:10.0943 2412 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/04/23 11:22:11.0365 2412 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/23 11:22:11.0645 2412 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/23 11:22:11.0813 2412 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/23 11:22:12.0132 2412 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/23 11:22:12.0336 2412 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/04/23 11:22:12.0547 2412 ZTEusbmdm6k (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/04/23 11:22:12.0696 2412 ZTEusbnet (453a60f8dc22fc296bc482cbf3eff213) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
2011/04/23 11:22:12.0849 2412 ZTEusbnmea (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/04/23 11:22:13.0020 2412 ZTEusbser6k (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/04/23 11:22:13.0202 2412 ZTEusbvoice (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
2011/04/23 11:22:13.0558 2412 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/23 11:22:13.0567 2412 ================================================================================
2011/04/23 11:22:13.0567 2412 Scan finished
2011/04/23 11:22:13.0567 2412 ================================================================================
2011/04/23 11:22:13.0611 4772 Detected object count: 1
2011/04/23 11:22:46.0472 4772 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/23 11:22:46.0473 4772 \HardDisk0 - ok
2011/04/23 11:22:46.0482 4772 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/23 11:22:52.0038 3492 Deinitialize success


Report •

#5
April 24, 2011 at 06:47:31
Also here is the log from MBRcheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1520
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 156):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80460000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80458000 \SystemRoot\system32\drivers\msisadrv.sys
0x80433000 \SystemRoot\system32\drivers\pci.sys
0x80424000 \SystemRoot\system32\drivers\volmgr.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040A000 \SystemRoot\System32\drivers\mountmgr.sys
0x80403000 \SystemRoot\system32\DRIVERS\intelide.sys
0x807F2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x807EB000 \SystemRoot\system32\drivers\pciide.sys
0x807A1000 \SystemRoot\System32\drivers\volmgrx.sys
0x80701000 \SystemRoot\system32\drivers\iastorv.sys
0x80643000 \SystemRoot\system32\drivers\iastor.sys
0x8063B000 \SystemRoot\system32\drivers\atapi.sys
0x8061D000 \SystemRoot\system32\drivers\ataport.SYS
0x823CF000 \SystemRoot\system32\drivers\fltmgr.sys
0x8060D000 \SystemRoot\system32\drivers\fileinfo.sys
0x82372000 \SystemRoot\system32\drivers\mfehidk.sys
0x80603000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8226E000 \SystemRoot\system32\drivers\ndis.sys
0x82243000 \SystemRoot\system32\drivers\msrpc.sys
0x8220A000 \SystemRoot\system32\drivers\NETIO.SYS
0x858F8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8588E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x85858000 \SystemRoot\system32\drivers\volsnap.sys
0x82202000 \SystemRoot\System32\Drivers\spldr.sys
0x85849000 \SystemRoot\System32\drivers\partmgr.sys
0x8583A000 \SystemRoot\System32\Drivers\mup.sys
0x85815000 \SystemRoot\System32\drivers\ecache.sys
0x85804000 \SystemRoot\system32\drivers\disk.sys
0x85BDF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x85BD6000 \SystemRoot\system32\drivers\crcdisk.sys
0x87E15000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87EF7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87E07000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x89C19000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x88633000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x88626000 \SystemRoot\System32\drivers\watchdog.sys
0x8861B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x89B8C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8860D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x89B7A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x89AF4000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x86536000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x86546000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x89AE6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x89ACE000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x89AC0000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x89AAC000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x89A5B000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x89A48000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x89A1D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x86422000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88602000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x89A12000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A3E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87E01000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x87F08000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88782000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A3BD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A37D000 \SystemRoot\system32\DRIVERS\storport.sys
0x89A01000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8878B000 \SystemRoot\system32\drivers\lmvac.sys
0x8A350000 \SystemRoot\system32\drivers\portcls.sys
0x8A2CB000 \SystemRoot\system32\drivers\drmk.sys
0x8A2A1000 \SystemRoot\system32\drivers\ks.sys
0x8A28A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A27F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A25C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A24D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A23A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x86430000 \SystemRoot\System32\Drivers\pcouffin.sys
0x8A21E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8642A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A214000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A22D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A90C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x86576000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8AA55000 \SystemRoot\system32\drivers\stwrt.sys
0x8AA18000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8AEFD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8AE29000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8AA0B000 \SystemRoot\system32\drivers\modem.sys
0x8879D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88700000 \SystemRoot\System32\Drivers\Null.SYS
0x88707000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A940000 \SystemRoot\System32\drivers\vga.sys
0x8AE08000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x87F78000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x87F80000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A801000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B192000 \SystemRoot\System32\Drivers\Npfs.SYS
0x887A6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B0BD000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0A4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B091000 \SystemRoot\system32\drivers\mfetdi2k.sys
0x8B07C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B068000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B036000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B3B9000 \SystemRoot\system32\drivers\afd.sys
0x8B020000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B005000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8B3AB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B398000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B35D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8AA01000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B346000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B322000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8B297000 \SystemRoot\system32\drivers\mfefirek.sys
0x8B013000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87E27000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x94000000 \SystemRoot\System32\win32k.sys
0x8B21F000 \SystemRoot\System32\drivers\Dxapi.sys
0xA5000000 \SystemRoot\System32\TSDDD.dll
0xA5010000 \SystemRoot\System32\cdd.dll
0xA56F3000 \SystemRoot\system32\drivers\luafv.sys
0xA4E40000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAA9D5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA560F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA784F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB397000 \SystemRoot\system32\drivers\HTTP.sys
0xAA80D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB33E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAB32A000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAB30A000 \SystemRoot\system32\drivers\mrxdav.sys
0xAB2EC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB2B3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA7800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB28F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB23E000 \SystemRoot\System32\DRIVERS\srv.sys
0xABB32000 \SystemRoot\system32\drivers\spsys.sys
0x8AEF7000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xAB38B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA5922000 \SystemRoot\system32\drivers\peauth.sys
0xA58BA000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAA97B000 \SystemRoot\System32\Drivers\secdrv.SYS
0xABA8F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA78BA000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x8A9AC000 \SystemRoot\system32\drivers\cfwids.sys
0xABA16000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xC6D88000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA4E8A000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB91BE000 \SystemRoot\system32\drivers\mfebopk.sys
0xB90D3000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0x77CA0000 \Windows\System32\ntdll.dll

Processes (total 82):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
568 csrss.exe
608 C:\Windows\System32\wininit.exe
616 csrss.exe
668 C:\Windows\System32\winlogon.exe
696 C:\Windows\System32\services.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
880 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\audiodg.exe
1300 C:\Windows\System32\SLsvc.exe
1332 C:\Windows\System32\svchost.exe
1464 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\WLTRYSVC.EXE
1600 C:\Windows\System32\BCMWLTRY.EXE
1676 C:\Windows\System32\spoolsv.exe
1708 C:\Windows\System32\svchost.exe
2012 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
2032 C:\Windows\System32\AEstSrv.exe
364 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
424 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
600 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\rundll32.exe
1360 C:\Windows\System32\stacsv.exe
1684 C:\Windows\System32\svchost.exe
428 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\drivers\XAudio.exe
1968 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2076 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2148 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2408 C:\Windows\System32\taskeng.exe
816 C:\Windows\System32\SearchIndexer.exe
2568 C:\Windows\System32\lxcfcoms.exe
3972 taskeng.exe
800 C:\Windows\explorer.exe
4008 C:\Windows\System32\dwm.exe
2884 C:\Windows\System32\taskeng.exe
2164 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2656 C:\Windows\System32\hkcmd.exe
3396 C:\Windows\System32\igfxpers.exe
4092 C:\Windows\System32\WLTRAY.EXE
1888 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3628 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
3176 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
3296 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2212 C:\Windows\System32\wuauclt.exe
3544 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
1248 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3068 C:\Program Files\McAfee.com\Agent\mcagent.exe
3588 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3860 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
4088 C:\Program Files\DellSupport\DSAgnt.exe
3288 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1116 C:\Windows\ehome\ehtray.exe
3928 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
1064 C:\Program Files\Windows Media Player\wmpnscfg.exe
1272 C:\Program Files\Digital Line Detect\DLG.exe
3976 C:\Program Files\Dell\QuickSet\quickset.exe
2752 WmiPrvSE.exe
2640 C:\Windows\System32\igfxsrvc.exe
2128 C:\Windows\ehome\ehmsas.exe
1960 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
2904 C:\Program Files\Windows Media Player\wmpnetwk.exe
5184 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
5268 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
5304 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
5456 C:\Program Files\Mozilla Firefox\firefox.exe
5724 C:\Program Files\Mozilla Firefox\plugin-container.exe
5748 C:\Windows\System32\SearchProtocolHost.exe
4676 C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
4696 C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
3728 WmiPrvSE.exe
4284 C:\Windows\System32\consent.exe
5104 dllhost.exe
5344 dllhost.exe
4224 C:\Users\Andrew\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`8c500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`0c500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVS-75UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


Report •

#6
April 24, 2011 at 09:08:27
Happt Easter, therapy20!!

Looks as if TDSSKiller did its job:

>>2011/04/23 11:22:13.0611 4772 Detected object count: 1
2011/04/23 11:22:46.0472 4772 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/23 11:22:46.0473 4772 \HardDisk0 - ok
2011/04/23 11:22:46.0482 4772 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/23 11:22:52.0038 3492 Deinitialize success<<

#1: Are you still having redirection problems?

#2: Let's cross check the Master Boot Record...

Also download GMER's mbr.exe:
http://www2.gmer.net/mbr/mbr.exe

Save the file on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK).
At the prompt type or copy/paste the following, one at a time, pressing Enter after each:

cd\

mbr.exe -t

Then type: Exit
Press Enter to close the command window.

The report created is saved to C:\mbr.log.
Also post the mbr.log in your reply.


Report •

Ask Question