Virus that redirects Google searches

August 1, 2011 at 04:57:11
Specs: Windows 7
I have the virus that redirects Google searches. What do I do?

See More: Virus that redirects Google searches

Report •

#1
August 1, 2011 at 07:17:23
Firstly, you need to identify what's causing the redirects - does it occur in both IE and Firefox? Does it occur in SMWN? If you log in with a different account, do the redirects still occur (here, we're determining if it's something usermode or kernelmode i.e. a Trojan or a Bootkit)?


Report •

#2
August 1, 2011 at 15:08:48
I currently don't have Firefox downloaded but it does happen in IE. The redirects do still occur with a different account. I'm not sure what SMWN means.

Report •

#3
August 1, 2011 at 18:10:56
smirkingrevenge,

SMWN = Safe Mode with Networking

If the source of the infection is the Master Boot Record, It loads as soon as you boot into Windows!


For this reason, please download aswMBR:
http://public.avast.com/~gmerek/asw...
Save it to the Desktop.

Vista/Windows 7 users - Right-click and select: 'Run as Administrator'

Click Scan

Upon completion of the scan, click ‘Save log’ and save it to the Desktop,
Note - Do NOT attempt any fix anything!!.

Please post the log produced by aswMBR in your next reply.


Also, you will notice that another file is created on the Desktop. It is named MBR.dat.

If you have a USB flash drive, please move the mbr.dat file to it.
If not, move the mbr.dat from the Desktop, to the C:\ drive.

This is important, just in case we need to have access to the MBR information!!


Next, download TDSSKiller
http://support.kaspersky.com/downlo...

Execute TDSSKiller.exe by double-clicking on it.

Click: ‘Start Scan’

If Malicious objects are found, DO NOT allow the tool to Cure.
Click the arrow next to 'Cure' and select Skip
We need to see the report first, as it may show false detections!!

Click: 'Continue'

When the tool is done, a log is produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt

Please post the TDSSKiller log in your reply.

Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

Related Solutions

#4
August 1, 2011 at 18:45:34
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-01 21:41:49
-----------------------------
21:41:49.419 OS Version: Windows x64 6.1.7601 Service Pack 1
21:41:49.419 Number of processors: 2 586 0x602
21:41:49.420 ComputerName: SIMON-PC UserName: Lea
21:41:50.515 Initialize success
21:42:02.710 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
21:42:02.713 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 11
21:42:04.731 Disk 0 MBR read successfully
21:42:04.735 Disk 0 MBR scan
21:42:04.738 Disk 0 Windows VISTA default MBR code
21:42:04.741 Service scanning
21:42:08.236 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:42:08.830 Modules scanning
21:42:08.833 Disk 0 trace - called modules:
21:42:08.864 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80048352c0]<<
21:42:08.868 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ae25c0]
21:42:08.872 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8004a64040]
21:42:08.875 \Driver\amdxata[0xfffffa80048dc190] -> IRP_MJ_CREATE -> 0xfffffa80048352c0
21:42:08.879 Scan finished successfully
21:42:24.903 Disk 0 MBR has been saved successfully to "C:\Users\Lea\Desktop\MBR.dat"
21:42:24.908 The log file has been saved successfully to "C:\Users\Lea\Desktop\aswMBR.txt"

2011/08/01 21:43:46.0473 2468 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/01 21:43:46.0894 2468 ================================================================================
2011/08/01 21:43:46.0894 2468 SystemInfo:
2011/08/01 21:43:46.0894 2468
2011/08/01 21:43:46.0894 2468 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/01 21:43:46.0894 2468 Product type: Workstation
2011/08/01 21:43:46.0894 2468 ComputerName: SIMON-PC
2011/08/01 21:43:46.0894 2468 UserName: Lea
2011/08/01 21:43:46.0894 2468 Windows directory: C:\Windows
2011/08/01 21:43:46.0894 2468 System windows directory: C:\Windows
2011/08/01 21:43:46.0894 2468 Running under WOW64
2011/08/01 21:43:46.0894 2468 Processor architecture: Intel x64
2011/08/01 21:43:46.0894 2468 Number of processors: 2
2011/08/01 21:43:46.0894 2468 Page size: 0x1000
2011/08/01 21:43:46.0894 2468 Boot type: Normal boot
2011/08/01 21:43:46.0894 2468 ================================================================================
2011/08/01 21:43:48.0075 2468 Initialize success
2011/08/01 21:43:50.0178 3664 ================================================================================
2011/08/01 21:43:50.0178 3664 Scan started
2011/08/01 21:43:50.0178 3664 Mode: Manual;
2011/08/01 21:43:50.0178 3664 ================================================================================
2011/08/01 21:43:51.0425 3664 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/01 21:43:51.0492 3664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/01 21:43:51.0567 3664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/01 21:43:51.0724 3664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/01 21:43:51.0874 3664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/01 21:43:51.0912 3664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/01 21:43:52.0005 3664 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/01 21:43:52.0150 3664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/01 21:43:52.0251 3664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/01 21:43:52.0400 3664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/01 21:43:52.0463 3664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/01 21:43:52.0520 3664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/01 21:43:52.0664 3664 amdsata (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/01 21:43:52.0739 3664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/01 21:43:52.0837 3664 amdxata (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/01 21:43:52.0902 3664 ApfiltrService (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/08/01 21:43:53.0038 3664 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/01 21:43:53.0143 3664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/01 21:43:53.0192 3664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/01 21:43:53.0289 3664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/01 21:43:53.0413 3664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/01 21:43:53.0533 3664 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/01 21:43:53.0697 3664 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/01 21:43:53.0939 3664 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/01 21:43:54.0245 3664 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/01 21:43:54.0418 3664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/01 21:43:54.0546 3664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/01 21:43:54.0639 3664 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/08/01 21:43:54.0753 3664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/01 21:43:54.0849 3664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/01 21:43:55.0020 3664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/01 21:43:55.0080 3664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/01 21:43:55.0093 3664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/01 21:43:55.0224 3664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/01 21:43:55.0241 3664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/01 21:43:55.0259 3664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/01 21:43:55.0277 3664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/01 21:43:55.0297 3664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/01 21:43:55.0386 3664 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/08/01 21:43:55.0482 3664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/01 21:43:55.0566 3664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/08/01 21:43:55.0733 3664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/01 21:43:55.0770 3664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/01 21:43:55.0923 3664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/01 21:43:55.0975 3664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/01 21:43:56.0038 3664 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/01 21:43:56.0162 3664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/01 21:43:56.0244 3664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/01 21:43:56.0363 3664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/01 21:43:56.0794 3664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/01 21:43:56.0962 3664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/01 21:43:57.0023 3664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/01 21:43:57.0181 3664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/01 21:43:57.0254 3664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/01 21:43:57.0421 3664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/01 21:43:57.0629 3664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/01 21:43:57.0781 3664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/01 21:43:57.0841 3664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/01 21:43:57.0869 3664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/01 21:43:57.0991 3664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/01 21:43:58.0052 3664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/01 21:43:58.0078 3664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/01 21:43:58.0194 3664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/01 21:43:58.0250 3664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/01 21:43:58.0292 3664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/01 21:43:58.0387 3664 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/01 21:43:58.0458 3664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/01 21:43:58.0491 3664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/01 21:43:58.0641 3664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/01 21:43:58.0712 3664 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2011/08/01 21:43:58.0766 3664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/01 21:43:58.0926 3664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/01 21:43:58.0989 3664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/01 21:43:59.0034 3664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/01 21:43:59.0104 3664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/01 21:43:59.0126 3664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/01 21:43:59.0236 3664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/08/01 21:43:59.0276 3664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/01 21:43:59.0444 3664 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/08/01 21:43:59.0607 3664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/01 21:43:59.0737 3664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/01 21:43:59.0827 3664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/01 21:43:59.0970 3664 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/08/01 21:44:00.0167 3664 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/01 21:44:00.0472 3664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/01 21:44:00.0587 3664 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/01 21:44:00.0709 3664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/01 21:44:00.0774 3664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/01 21:44:00.0939 3664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/01 21:44:01.0001 3664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/01 21:44:01.0058 3664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/01 21:44:01.0218 3664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/01 21:44:01.0274 3664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/01 21:44:01.0339 3664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/01 21:44:01.0462 3664 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/08/01 21:44:01.0530 3664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/01 21:44:01.0671 3664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/01 21:44:01.0723 3664 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/01 21:44:01.0775 3664 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/01 21:44:01.0991 3664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/01 21:44:02.0220 3664 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/08/01 21:44:02.0317 3664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/01 21:44:02.0481 3664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/01 21:44:02.0501 3664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/01 21:44:02.0519 3664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/01 21:44:02.0538 3664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/01 21:44:02.0591 3664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/01 21:44:02.0738 3664 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/01 21:44:02.0779 3664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/01 21:44:02.0844 3664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/01 21:44:02.0945 3664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/01 21:44:03.0037 3664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/01 21:44:03.0121 3664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/01 21:44:03.0211 3664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/01 21:44:03.0277 3664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/01 21:44:03.0336 3664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/01 21:44:03.0406 3664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/01 21:44:03.0480 3664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/01 21:44:03.0589 3664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/01 21:44:03.0652 3664 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/01 21:44:03.0671 3664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/01 21:44:03.0723 3664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/01 21:44:03.0816 3664 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/01 21:44:03.0901 3664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/01 21:44:03.0928 3664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/01 21:44:04.0030 3664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/01 21:44:04.0111 3664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/01 21:44:04.0181 3664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/01 21:44:04.0214 3664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/01 21:44:04.0292 3664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/01 21:44:04.0399 3664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/01 21:44:04.0499 3664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/01 21:44:04.0540 3664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/01 21:44:04.0595 3664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/01 21:44:04.0712 3664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/01 21:44:04.0870 3664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/01 21:44:04.0981 3664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/01 21:44:05.0038 3664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/01 21:44:05.0182 3664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/01 21:44:05.0263 3664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/01 21:44:05.0315 3664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/01 21:44:05.0428 3664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/01 21:44:05.0479 3664 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/01 21:44:05.0649 3664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/01 21:44:05.0849 3664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/01 21:44:05.0885 3664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/01 21:44:05.0982 3664 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/08/01 21:44:06.0117 3664 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/08/01 21:44:06.0144 3664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/01 21:44:06.0202 3664 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/08/01 21:44:06.0283 3664 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/08/01 21:44:06.0341 3664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/01 21:44:06.0425 3664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/01 21:44:06.0571 3664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/01 21:44:06.0621 3664 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/01 21:44:06.0692 3664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/01 21:44:06.0815 3664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/01 21:44:06.0852 3664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/01 21:44:06.0880 3664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/01 21:44:06.0913 3664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/01 21:44:07.0152 3664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/01 21:44:07.0390 3664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/01 21:44:07.0550 3664 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/01 21:44:07.0623 3664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/01 21:44:07.0730 3664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/01 21:44:07.0764 3664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/01 21:44:07.0778 3664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/01 21:44:07.0862 3664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/01 21:44:07.0967 3664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/01 21:44:08.0024 3664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/01 21:44:08.0050 3664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/01 21:44:08.0157 3664 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/01 21:44:08.0194 3664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/01 21:44:08.0221 3664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/01 21:44:08.0324 3664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/01 21:44:08.0365 3664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/01 21:44:08.0416 3664 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/01 21:44:08.0541 3664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/01 21:44:08.0643 3664 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/08/01 21:44:08.0762 3664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/01 21:44:08.0925 3664 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
2011/08/01 21:44:09.0009 3664 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
2011/08/01 21:44:09.0134 3664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/01 21:44:09.0236 3664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/01 21:44:09.0367 3664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/01 21:44:09.0435 3664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/01 21:44:09.0551 3664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/01 21:44:09.0608 3664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/01 21:44:09.0771 3664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/01 21:44:09.0800 3664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/01 21:44:09.0837 3664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/01 21:44:09.0873 3664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/01 21:44:09.0995 3664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/01 21:44:10.0018 3664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/01 21:44:10.0052 3664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/01 21:44:10.0111 3664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/01 21:44:10.0286 3664 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/08/01 21:44:10.0286 3664 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/08/01 21:44:10.0293 3664 sptd - detected LockedFile.Multi.Generic (1)
2011/08/01 21:44:10.0411 3664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/01 21:44:10.0522 3664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/01 21:44:10.0600 3664 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/08/01 21:44:10.0654 3664 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/08/01 21:44:10.0783 3664 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/08/01 21:44:10.0938 3664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/01 21:44:11.0093 3664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/01 21:44:11.0173 3664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/01 21:44:11.0403 3664 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/08/01 21:44:11.0603 3664 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/01 21:44:11.0746 3664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/01 21:44:11.0790 3664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/01 21:44:11.0835 3664 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/01 21:44:11.0898 3664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/01 21:44:12.0042 3664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/01 21:44:12.0164 3664 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
2011/08/01 21:44:12.0300 3664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/01 21:44:12.0354 3664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/01 21:44:12.0650 3664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/01 21:44:13.0034 3664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/01 21:44:13.0159 3664 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/08/01 21:44:13.0226 3664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/01 21:44:13.0310 3664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/01 21:44:13.0461 3664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/01 21:44:13.0534 3664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/01 21:44:13.0727 3664 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/01 21:44:13.0791 3664 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/08/01 21:44:13.0930 3664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/01 21:44:13.0966 3664 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
2011/08/01 21:44:14.0043 3664 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/08/01 21:44:14.0195 3664 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/08/01 21:44:14.0228 3664 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2011/08/01 21:44:14.0299 3664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/01 21:44:14.0392 3664 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/01 21:44:14.0466 3664 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
2011/08/01 21:44:14.0613 3664 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/01 21:44:14.0664 3664 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/08/01 21:44:14.0721 3664 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/01 21:44:14.0887 3664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/01 21:44:14.0947 3664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/01 21:44:14.0974 3664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/01 21:44:15.0035 3664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/01 21:44:15.0162 3664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/01 21:44:15.0229 3664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/01 21:44:15.0305 3664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/01 21:44:15.0359 3664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/01 21:44:15.0469 3664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/01 21:44:15.0509 3664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/01 21:44:15.0539 3664 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/01 21:44:15.0564 3664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/01 21:44:15.0703 3664 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/01 21:44:15.0716 3664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/01 21:44:15.0796 3664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/01 21:44:15.0848 3664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/01 21:44:16.0044 3664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/01 21:44:16.0094 3664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/01 21:44:16.0231 3664 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/08/01 21:44:16.0453 3664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/01 21:44:16.0554 3664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/01 21:44:16.0708 3664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/01 21:44:16.0794 3664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/01 21:44:16.0915 3664 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/01 21:44:16.0972 3664 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/08/01 21:44:17.0060 3664 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/01 21:44:17.0094 3664 Boot (0x1200) (78442146a04e6a0fa262ea3513e7513c) \Device\Harddisk0\DR0\Partition0
2011/08/01 21:44:17.0113 3664 Boot (0x1200) (466a0c5b5fff799438b1cee32093d24e) \Device\Harddisk0\DR0\Partition1
2011/08/01 21:44:17.0119 3664 ================================================================================
2011/08/01 21:44:17.0119 3664 Scan finished
2011/08/01 21:44:17.0119 3664 ================================================================================
2011/08/01 21:44:17.0136 2032 Detected object count: 1
2011/08/01 21:44:17.0136 2032 Actual detected object count: 1
2011/08/01 21:44:30.0860 2032 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/01 21:44:43.0508 2224 Deinitialize success


Report •

#5
August 1, 2011 at 20:24:08
smirkingrevenge,

The TDSSKiller log shows:

2011/08/01 21:44:10.0286 3664 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/08/01 21:44:10.0286 3664 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys.
md5: 602884696850c86434530790b110e8eb
2011/08/01 21:44:10.0293 3664 sptd - detected LockedFile.Multi.Generic (1)

It is part of your CD emulator, and is safe.


Let’s go the following route…

Please download ComboFix:
http://download.bleepingcomputer.co...

Save ComboFix.exe to your Desktop!!


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of CF.

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link: http://www.bleepingcomputer.com/for...


Now, right-click on ComboFix.exe and select: 'Run as Administrator'
Follow the prompts.

Make sure you skip the Recovery Console part since you are running Vista or Windows 7.

Click on 'Yes', to continue scanning for malware.

When finished, CF produces a report. Need to take a look at this report, since some malicious files may persist, and a ComboFix script may be needed to remove them.

However, since this report can be quite large, please go to the Uploading website:
http://uploading.com/files/upload/

In: 'Select files to upload', click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
‘Your file has been uploaded successfully: (Name and size of the file)’

Please copy the 'Download link', and provide it in your reply.

Notes:

1.Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#6
August 1, 2011 at 21:01:53
I did everything you said, CF finished but now I can't open anything on my computer. Whenever I try to open Google Chrome (or anything else) it says "Illegal operation attempted on the registry key that has been marked for deletion." IE won't open either.

Report •

#7
August 1, 2011 at 21:19:59
Reboot the machine. You may need to do so more than once.

After you reboot, then see if it works.

Can you find and upload the CF log as previously requested (Uploading website)

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#8
Report •

#9
August 1, 2011 at 21:49:59
Are you still experiencing redirections?

Signing out for tonight.

Will check things out tomorrow.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#10
August 2, 2011 at 10:11:51
The redirections have stopped. Thanks a lot for your help!

Report •

Ask Question