Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search-engine redirects: have now officially run out of ideas!


  • This topic is locked This topic is locked

#1
MIAł

MIAł

    New Member

  • Member
  • Pip
  • 9 posts
Hi there:

Many thanks for offering this service, which I've just discovered!

I've been wresting with problems over the past week: the most serious of these now seem to have been dealt with, but (having tried every sensible-looking suggestion I've been able to find) I'm still getting search-engine re-directs happening in Google and Bing. Of all the forum offerings I've encountered, G2G looks to be the most on the ball, so here goes...

This is on an old Dell Dimension 3000 with 1Gb RAM, running Win XP SP2 (also somewhat ancient, but still required for various reasons best known to clients!): ethernet to router, then satellite modem. Browser is IE8.

Not clear how the initial problem was introduced: either through the web, or from guest pc on network.

Problem seemingly spotted initially on the fly by Microsoft Security Essentials: pop-up report said it was neutralising / removing it. Then ran full scan: stopped at some point with (possibly fake?) BSOD. No restart - blk screen, flashing cursor only.

Installed HDD as slave on another pc: ran Spybot and MSE scans - found / removed Alureon.

Moved to original pc, ran fixmbr / fixboot: this enabled Windows startup, but with the dubious pleasures of 'Professional Shield Pro'.

Tried (separately, uninstalling between attempts)
- MSE
- Spybot
- MBAM
Various targets removed: 'Pro Shield' stopped, but now seeing the search-engine re-directions applied in Google and Bing.

Looked at
- task manager (for any obviously / possibly dodgy processes)
- registry settings (esp various autorun entries)
- Hosts file (no extra entries)
- DNS settings (ensured dynamic)
- router DNS / IP settings (seemed to make sense)
- ensured no proxy server had been set

Then tried
- Ad-Aware
- Panda
- Trend Housecall
- Eset
- TDSS killers from Symantec and Kaspersky
- Hitman (v3.5.9 b127)
- etc etc
Nothing found by any of these, but still getting the problem.

Having found stories of problems being associated with mods to atapi.sys, tried copying in a new version (set read-only): no help.

Having looked at numerous different type of forum, found G2G: followed full list of instructions at 'How to fix Google redirects' (http://www.geekstogo...ogle-redirects/), but still no change.

Possible (?) linked anomalies
- mouse (USB) sometimes stops moving (fixed by unplug / replug)
- keyboard was spontaneously switching mappings between UK / US (until one was removed from available options)

I have also tried re-installing MSE: it installs, but will not run persistently - just seems to flash up and then disappear.

OTL Log and extras enclosed here.

Very many thanks for any insight you may be able to offer here!

Hopefully,

mia

Attached Files


Edited by MIAł, 04 August 2011 - 09:21 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello MIAł and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{a44595d7-5fff-11e0-831d-001111e84211}\Shell - "" = AutoRun
    O33 - MountPoints2\{a44595d7-5fff-11e0-831d-001111e84211}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a44595d7-5fff-11e0-831d-001111e84211}\Shell\AutoRun\command - "" = G:\launcher.exe
    O33 - MountPoints2\{a44595d8-5fff-11e0-831d-001111e84211}\Shell\AutoRun\command - "" = G:\Launch.exe
    [2011/07/29 21:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kI01602DfPdE01602
    [2011/07/15 18:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004
    [2011/08/04 19:41:31 | 000,000,340 | -HS- | M] () -- C:\WINDOWS\tasks\CVYS.job
    [2011/08/04 19:41:31 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\IXNMQLPH.job
    [2011/08/03 09:10:00 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dtihabob.dat
    [2011/08/03 09:10:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Gpevinasowovoneg.bin
    [2011/07/29 20:38:25 | 000,063,488 | RHS- | M] () -- C:\WINDOWS\System32\REGEDT32Y.dll
    [2011/07/10 13:31:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp26EB9.FOT
    [2011/07/10 13:31:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp19EB9.FOT
    [2011/07/10 13:31:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp0BEB9.FOT
    [2011/07/10 13:31:21 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp41EB9.FOT
    [2011/07/10 13:08:58 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpB7740.FOT
    [2011/07/10 13:08:58 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp80840.FOT
    [2011/07/10 13:08:58 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp56840.FOT
    [2011/07/10 13:08:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp07140.FOT
    [2011/07/09 19:06:29 | 000,000,248 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18013988
    [2011/07/09 19:06:29 | 000,000,200 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18013988r
    [2011/07/09 18:56:19 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18013988
    [2006/07/20 11:03:56 | 001,417,681 | -H-- | C] () -- C:\Documents and Settings\MIA\Application Data\Install.dat
    [2005/04/24 14:32:39 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\MIA\Local Settings\Application Data\fusioncache.dat

    :Files
    ipconfig /flushdns /c
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c
    C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004
    C:\Documents and Settings\All Users\Application Data\kI01602DfPdE01602

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL fixlog
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
MIAł

MIAł

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thx for this, maliprog;

Here is the OTL log - others to follow

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a44595d7-5fff-11e0-831d-001111e84211}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a44595d7-5fff-11e0-831d-001111e84211}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a44595d7-5fff-11e0-831d-001111e84211}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a44595d7-5fff-11e0-831d-001111e84211}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a44595d7-5fff-11e0-831d-001111e84211}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a44595d7-5fff-11e0-831d-001111e84211}\ not found.
File G:\launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a44595d8-5fff-11e0-831d-001111e84211}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a44595d8-5fff-11e0-831d-001111e84211}\ not found.
File G:\Launch.exe not found.
Folder C:\Documents and Settings\All Users\Application Data\kI01602DfPdE01602\ not found.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004\resources\media\img folder moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004\resources\media\css folder moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004\resources\media folder moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004\resources\common\scripts folder moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004\resources\common\alert folder moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004\resources\common folder moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004\resources folder moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004\redist folder moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004\payloads\AdobeColorCommonSet1.0.1All folder moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004\payloads folder moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004 folder moved successfully.
C:\WINDOWS\tasks\CVYS.job moved successfully.
C:\WINDOWS\tasks\IXNMQLPH.job moved successfully.
C:\WINDOWS\Dtihabob.dat moved successfully.
C:\WINDOWS\Gpevinasowovoneg.bin moved successfully.
C:\WINDOWS\SYSTEM32\REGEDT32Y.dll moved successfully.
C:\WINDOWS\SYSTEM32\tmp26EB9.FOT moved successfully.
C:\WINDOWS\SYSTEM32\tmp19EB9.FOT moved successfully.
C:\WINDOWS\SYSTEM32\tmp0BEB9.FOT moved successfully.
C:\WINDOWS\SYSTEM32\tmp41EB9.FOT moved successfully.
C:\WINDOWS\SYSTEM32\tmpB7740.FOT moved successfully.
C:\WINDOWS\SYSTEM32\tmp80840.FOT moved successfully.
C:\WINDOWS\SYSTEM32\tmp56840.FOT moved successfully.
C:\WINDOWS\SYSTEM32\tmp07140.FOT moved successfully.
C:\Documents and Settings\All Users\Application Data\~18013988 moved successfully.
C:\Documents and Settings\All Users\Application Data\~18013988r moved successfully.
C:\Documents and Settings\All Users\Application Data\18013988 moved successfully.
C:\Documents and Settings\MIA\Application Data\Install.dat moved successfully.
C:\Documents and Settings\MIA\Local Settings\Application Data\fusioncache.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\MIA\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\MIA\Desktop\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : D54VWZ61
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-11-11-E8-42-11
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : 05 August 2011 09:00:24
Lease Expires . . . . . . . . . . : 06 August 2011 09:00:24
C:\Documents and Settings\MIA\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\MIA\Desktop\cmd.txt deleted successfully.
< nslookup google.com /c >
Server: UnKnown
Address: 192.168.1.1
Name: google.com
Addresses: 74.125.127.105, 74.125.127.106, 74.125.127.147, 74.125.127.99
74.125.127.103, 74.125.127.104
C:\Documents and Settings\MIA\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\MIA\Desktop\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
Server: UnKnown
Address: 192.168.1.1
Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76
C:\Documents and Settings\MIA\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\MIA\Desktop\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.127.103] with 32 bytes of data:
Reply from 74.125.127.103: bytes=32 time=627ms TTL=48
Reply from 74.125.127.103: bytes=32 time=1149ms TTL=48
Ping statistics for 74.125.127.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 627ms, Maximum = 1149ms, Average = 888ms
C:\Documents and Settings\MIA\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\MIA\Desktop\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=1272ms TTL=44
Reply from 67.195.160.76: bytes=32 time=789ms TTL=44
Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 789ms, Maximum = 1272ms, Average = 1030ms
C:\Documents and Settings\MIA\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\MIA\Desktop\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 e8 42 11 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.8 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.8 192.168.1.8 20
192.168.1.0 255.255.255.0 192.168.1.8 192.168.1.8 20
192.168.1.8 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.8 192.168.1.8 20
224.0.0.0 240.0.0.0 192.168.1.8 192.168.1.8 20
255.255.255.255 255.255.255.255 192.168.1.8 192.168.1.8 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\MIA\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\MIA\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\MIA\Local Settings\Application Data\Installer4004 not found.
C:\Documents and Settings\All Users\Application Data\kI01602DfPdE01602 folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08052011_091012
  • 0

#4
MIAł

MIAł

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the Kaspersky TDSSkiller log (nothing found)

2011/08/05 09:16:03.0906 0680 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/05 09:16:05.0906 0680 ================================================================================
2011/08/05 09:16:05.0906 0680 SystemInfo:
2011/08/05 09:16:05.0906 0680
2011/08/05 09:16:05.0906 0680 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/05 09:16:05.0906 0680 Product type: Workstation
2011/08/05 09:16:05.0906 0680 ComputerName: D54VWZ61
2011/08/05 09:16:05.0906 0680 UserName: MIA
2011/08/05 09:16:05.0906 0680 Windows directory: C:\WINDOWS
2011/08/05 09:16:05.0906 0680 System windows directory: C:\WINDOWS
2011/08/05 09:16:05.0906 0680 Processor architecture: Intel x86
2011/08/05 09:16:05.0906 0680 Number of processors: 2
2011/08/05 09:16:05.0906 0680 Page size: 0x1000
2011/08/05 09:16:05.0906 0680 Boot type: Normal boot
2011/08/05 09:16:05.0906 0680 ================================================================================
2011/08/05 09:16:07.0140 0680 Initialize success
2011/08/05 09:16:08.0734 0552 ================================================================================
2011/08/05 09:16:08.0734 0552 Scan started
2011/08/05 09:16:08.0734 0552 Mode: Manual;
2011/08/05 09:16:08.0734 0552 ================================================================================
2011/08/05 09:16:09.0984 0552 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/05 09:16:10.0109 0552 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/05 09:16:10.0203 0552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/05 09:16:10.0296 0552 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/05 09:16:10.0406 0552 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/08/05 09:16:10.0531 0552 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/08/05 09:16:10.0656 0552 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/05 09:16:10.0765 0552 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/05 09:16:10.0859 0552 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/05 09:16:10.0968 0552 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/05 09:16:11.0062 0552 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/05 09:16:11.0171 0552 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/05 09:16:11.0281 0552 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/05 09:16:11.0375 0552 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/05 09:16:11.0468 0552 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/05 09:16:11.0578 0552 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/05 09:16:11.0671 0552 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/05 09:16:11.0781 0552 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/05 09:16:11.0953 0552 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/05 09:16:12.0203 0552 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/05 09:16:13.0031 0552 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/05 09:16:13.0765 0552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/05 09:16:14.0406 0552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/05 09:16:14.0703 0552 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2011/08/05 09:16:15.0250 0552 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/05 09:16:15.0671 0552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/05 09:16:15.0953 0552 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/05 09:16:16.0375 0552 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/05 09:16:16.0640 0552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/05 09:16:16.0890 0552 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/05 09:16:17.0203 0552 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/05 09:16:17.0843 0552 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/05 09:16:18.0484 0552 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/05 09:16:18.0703 0552 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/05 09:16:19.0203 0552 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/05 09:16:19.0625 0552 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/05 09:16:20.0156 0552 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/05 09:16:21.0218 0552 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/05 09:16:21.0625 0552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/05 09:16:21.0875 0552 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/05 09:16:22.0031 0552 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/05 09:16:22.0156 0552 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/05 09:16:22.0265 0552 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/08/05 09:16:22.0406 0552 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/08/05 09:16:22.0562 0552 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/08/05 09:16:22.0687 0552 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/08/05 09:16:22.0812 0552 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/05 09:16:22.0984 0552 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/05 09:16:23.0140 0552 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/05 09:16:23.0250 0552 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/05 09:16:23.0375 0552 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/05 09:16:23.0531 0552 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/05 09:16:23.0625 0552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/05 09:16:23.0734 0552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/05 09:16:23.0875 0552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/05 09:16:24.0015 0552 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/05 09:16:24.0171 0552 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/05 09:16:24.0281 0552 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/05 09:16:24.0406 0552 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/05 09:16:24.0531 0552 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/05 09:16:24.0640 0552 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/05 09:16:24.0765 0552 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/05 09:16:24.0906 0552 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/05 09:16:25.0093 0552 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/05 09:16:25.0187 0552 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/05 09:16:25.0312 0552 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/08/05 09:16:25.0437 0552 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/08/05 09:16:25.0546 0552 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/08/05 09:16:25.0671 0552 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/05 09:16:25.0812 0552 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/05 09:16:25.0921 0552 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/05 09:16:26.0093 0552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/05 09:16:26.0218 0552 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/05 09:16:26.0343 0552 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/05 09:16:26.0484 0552 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/05 09:16:26.0609 0552 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/05 09:16:26.0703 0552 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/05 09:16:26.0828 0552 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/05 09:16:26.0921 0552 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/05 09:16:27.0062 0552 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/05 09:16:27.0203 0552 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/05 09:16:27.0421 0552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/05 09:16:27.0546 0552 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/05 09:16:27.0640 0552 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/05 09:16:27.0750 0552 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/08/05 09:16:27.0875 0552 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/05 09:16:27.0984 0552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/05 09:16:28.0109 0552 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/05 09:16:29.0187 0552 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/05 09:16:29.0328 0552 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/05 09:16:29.0453 0552 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/05 09:16:29.0640 0552 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/05 09:16:29.0765 0552 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/05 09:16:29.0875 0552 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/05 09:16:29.0984 0552 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/05 09:16:30.0218 0552 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/05 09:16:30.0312 0552 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/05 09:16:30.0421 0552 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/05 09:16:30.0546 0552 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/05 09:16:30.0671 0552 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/05 09:16:30.0796 0552 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/05 09:16:30.0890 0552 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/05 09:16:31.0015 0552 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/05 09:16:31.0140 0552 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/05 09:16:31.0218 0552 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/05 09:16:31.0312 0552 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/05 09:16:31.0437 0552 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/05 09:16:31.0593 0552 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/05 09:16:31.0781 0552 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/05 09:16:31.0890 0552 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/05 09:16:32.0015 0552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/05 09:16:32.0171 0552 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/05 09:16:32.0359 0552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/05 09:16:32.0500 0552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/05 09:16:32.0609 0552 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/05 09:16:32.0703 0552 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/05 09:16:32.0812 0552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/05 09:16:32.0921 0552 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/05 09:16:33.0078 0552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/05 09:16:33.0218 0552 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/05 09:16:33.0484 0552 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/05 09:16:33.0625 0552 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/05 09:16:33.0796 0552 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/05 09:16:33.0921 0552 prodrv06 (6d3b2fc5dec2f59b28fe5fa17250a7b0) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/08/05 09:16:34.0046 0552 prohlp02 (c5f47b7ec2ec906847d5f80ba779a5bd) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/08/05 09:16:34.0156 0552 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
2011/08/05 09:16:34.0265 0552 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/05 09:16:34.0390 0552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/05 09:16:34.0500 0552 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/05 09:16:34.0609 0552 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/05 09:16:34.0718 0552 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/05 09:16:34.0828 0552 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/05 09:16:34.0937 0552 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/05 09:16:35.0015 0552 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/05 09:16:35.0109 0552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/05 09:16:35.0218 0552 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/05 09:16:35.0359 0552 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/05 09:16:35.0437 0552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/05 09:16:35.0562 0552 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/05 09:16:35.0640 0552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/05 09:16:35.0765 0552 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/05 09:16:35.0890 0552 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/05 09:16:36.0031 0552 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/05 09:16:36.0218 0552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/05 09:16:36.0359 0552 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/08/05 09:16:36.0531 0552 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/05 09:16:36.0671 0552 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/05 09:16:36.0796 0552 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/08/05 09:16:36.0921 0552 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/05 09:16:37.0156 0552 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/05 09:16:37.0296 0552 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/05 09:16:37.0437 0552 smwdm (86c4d93b7b7818d066c52fdb03c6c921) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/05 09:16:37.0562 0552 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/05 09:16:37.0687 0552 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/05 09:16:37.0843 0552 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/05 09:16:37.0984 0552 SQTECH905C (334b7b4378a715427d640dae7ccecb09) C:\WINDOWS\system32\Drivers\Capt905c.sys
2011/08/05 09:16:38.0125 0552 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/05 09:16:38.0281 0552 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/05 09:16:38.0406 0552 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/08/05 09:16:38.0546 0552 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/08/05 09:16:38.0671 0552 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/05 09:16:38.0781 0552 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/05 09:16:38.0890 0552 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/05 09:16:39.0000 0552 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/05 09:16:39.0109 0552 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/05 09:16:39.0218 0552 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/05 09:16:39.0328 0552 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/05 09:16:39.0453 0552 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/05 09:16:39.0593 0552 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/05 09:16:39.0734 0552 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/05 09:16:39.0843 0552 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/05 09:16:39.0984 0552 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/05 09:16:40.0093 0552 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/08/05 09:16:40.0203 0552 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/08/05 09:16:40.0296 0552 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/08/05 09:16:40.0359 0552 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/08/05 09:16:40.0437 0552 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/08/05 09:16:40.0515 0552 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/08/05 09:16:40.0609 0552 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/08/05 09:16:40.0703 0552 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/08/05 09:16:40.0812 0552 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/08/05 09:16:40.0921 0552 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/05 09:16:41.0046 0552 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/05 09:16:41.0140 0552 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/05 09:16:41.0281 0552 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/05 09:16:41.0437 0552 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/05 09:16:41.0578 0552 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/05 09:16:41.0796 0552 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/05 09:16:41.0984 0552 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/05 09:16:42.0578 0552 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/05 09:16:43.0171 0552 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/05 09:16:43.0546 0552 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/05 09:16:43.0812 0552 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/05 09:16:44.0250 0552 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/05 09:16:44.0781 0552 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/05 09:16:45.0437 0552 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/05 09:16:45.0906 0552 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/05 09:16:46.0453 0552 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/05 09:16:47.0218 0552 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/05 09:16:47.0515 0552 WmBEnum (f4beffb095457721f6e678fe4e87a676) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/08/05 09:16:47.0656 0552 WmFilter (f12a6785f34a321ae35762806b97f58c) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/08/05 09:16:47.0812 0552 WmVirHid (8818190fb4c78d224b92ff4cd369868c) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/08/05 09:16:47.0937 0552 WmXlCore (e52708c4d0c8406b241260593ec60e0c) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/08/05 09:16:48.0078 0552 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/05 09:16:48.0187 0552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/05 09:16:48.0312 0552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/05 09:16:48.0375 0552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/05 09:16:48.0515 0552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
2011/08/05 09:16:48.0562 0552 Boot (0x1200) (4e1ceec6116cbad0de11fc188713b754) \Device\Harddisk0\DR0\Partition0
2011/08/05 09:16:48.0578 0552 Boot (0x1200) (7a10757768aed626ebbc2ae6a68a1231) \Device\Harddisk1\DR4\Partition0
2011/08/05 09:16:48.0578 0552 ================================================================================
2011/08/05 09:16:48.0578 0552 Scan finished
2011/08/05 09:16:48.0578 0552 ================================================================================
2011/08/05 09:16:48.0593 1560 Detected object count: 0
2011/08/05 09:16:48.0593 1560 Actual detected object count: 0
  • 0

#5
MIAł

MIAł

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the aswMBR log - thx again for looking at these

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-05 09:21:02
-----------------------------
09:21:02.250 OS Version: Windows 5.1.2600 Service Pack 2
09:21:02.250 Number of processors: 2 586 0x401
09:21:02.250 ComputerName: D54VWZ61 UserName: MIA
09:21:02.593 Initialize success
09:33:22.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:33:22.890 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
09:33:24.906 Disk 0 MBR read successfully
09:33:24.906 Disk 0 MBR scan
09:33:24.906 Disk 0 Windows XP default MBR code
09:33:24.906 Disk 0 scanning sectors +156232125
09:33:25.000 Disk 0 scanning C:\WINDOWS\system32\drivers
09:33:35.437 Service scanning
09:33:36.703 Modules scanning
09:34:12.734 Disk 0 trace - called modules:
09:34:12.750 ntoskrnl.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:34:12.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f541a8]
09:34:12.765 3 CLASSPNP.SYS[f775805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f58d98]
09:34:12.765 \Driver\atapi[0x86f88c28] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf7bab661]
09:34:12.781 Scan finished successfully
09:34:34.031 Disk 0 MBR has been saved successfully to "F:\software\MBR.dat"
09:34:34.062 The log file has been saved successfully to "F:\software\aswMBR_Log_5Aug11.txt"
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi MIAł,

Before we continue... How is your system now? Do you still get redirected?
  • 0

#7
MIAł

MIAł

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I've now tried quite a few searches in Google and Bing, and none have these have been redirected: how do the logs look to you?

I really appreciate your help with this
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice to hear that. Let's make sure your system is clean.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Complete scan sometimes takes up to 3 hours to finish so please be patient.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#9
MIAł

MIAł

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
So here's the Dr Web log: found a few more oddities hiding...

02498828.FIL;C:\$VAULT$.AVG;Trojan.LowZones.174;Deleted.;
02502171.FIL;C:\$VAULT$.AVG;Trojan.Fakealert;Deleted.;
02504359.FIL;C:\$VAULT$.AVG;Trojan.Fakealert;Deleted.;
03071718.FIL;C:\$VAULT$.AVG;Trojan.LowZones.174;Deleted.;
Free-MSN-Emoticons-Pack-01.exe;C:\Program Files\Free MSN Emoticons Pack 1;BackDoor.Sturf.48;Deleted.;
Dc1.exe;C:\RECYCLER\S-1-5-21-778095897-2782591419-3919275624-1006;Trojan.Siggen2.54984;Incurable.Moved.;
A0000155.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1;Trojan.Hiloti.8;Deleted.;
A0001467.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1;BackDoor.Sturf.48;Deleted.;
A0018929.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30;BackDoor.Sturf.48;Deleted.;
A0018930.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30;Trojan.Siggen2.54984;Incurable.Moved.;
A0010716.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9;Trojan.Fakealert.23317;Deleted.;
A0010717.ocx;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9;Adware.Gdown;;
BatchFlows.frm;F:\code\main;Modification of VBS.Generic.17;Moved.;
OTM.exe;F:\software;Trojan.Siggen2.54984;Incurable.Moved.;
dds.scr;F:\software\sUBs DDS;Trojan.MulDrop2.44246;Incurable.Moved.;
A0018931.exe;F:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30;Trojan.Siggen2.54984;Incurable.Moved.;
A0018932.scr;F:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30;Trojan.MulDrop2.44246;Incurable.Moved.;
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi MIAł,

Your logs and system are clean now. I'm glad we fix up your computer. Last few steps we need to do:

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

Advertisements


#11
MIAł

MIAł

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the good news!

What should I do with the 'Quarantine' folder established by DrWeb?

Thx also for the recommendations. There are a few of these which are difficult for us: we live ina rural area, and the 'best' connection (Xplorenet satellite)available is slow and volume-limited, so frequent large automatic updates are a problem. I also have to keep some old software in use (including XP SP2) to match client systems. However, most of the other suggestions have been followed for some time.

I would be interested to know if you find any particular AV offering(s) to be more reliable than others?

Here is the OTL log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.D54VWZ61
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.D54VWZ61.000
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.D54VWZ61.001
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.D54VWZ61.002
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.D54VWZ61.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Edward
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MIA
->Temp folder emptied: 38444319 bytes
->Temporary Internet Files folder emptied: 1064129 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1874 bytes

User: NetworkService
->Temp folder emptied: 1152 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1141 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2524477678 bytes

Total Files Cleaned = 2,445.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.D54VWZ61

User: Administrator.D54VWZ61.000

User: Administrator.D54VWZ61.001

User: Administrator.D54VWZ61.002

User: Administrator.D54VWZ61.003
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Edward
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: MIA
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.26.1 log created on 08062011_104232

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#12
MIAł

MIAł

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
PS - I have sent you some coffee(s)...!
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can remove Dr.Web quarantine. Delete it. I understand all about limited Internet speed. My AV recommendation is as follows:


If I may say, I strongly recommend Free AVAST because new technology implemented in it.

Thank you very much for your donation! I can drink coffee for the whole week :)! I really really appreciate it!
  • 0

#14
MIAł

MIAł

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks again for your help, and for the suggestions

I had MSE running, but seems it did let through quite a bit!

Happy fixing!
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Goodbye and stay safe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP