Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search Engine Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Search Engine Redirect

Unread postby Cypher » March 4th, 2011, 7:11 am

Hi Sliktor.
I installed windows 7 on my own and I do have an installation disk.

Good then if you understand the possible risk involved and would like to attempt to fix this infection, I would urge you first to ensure you have backed up any important data.
Give me an update on your computers performance after doing the following.


Download MBRBackup to your Desktop.

  • Right-click MBRBackup.exe and select " Run as administrator " to run it.
  • Click SaveMBR (top left corner) and save the backup file to your Desktop.
  • It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.
  • Exit the program.
  • I strongly suggest you keep a copy of this backup stored on an external device.

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Search Engine Redirect

Unread postby Sliktor » March 4th, 2011, 2:32 pm

Ok. I saved a copy of the backup on my desktop and on flash drive.

I double-clicked ComboFix.exe from my desktop. A progress bar appeared and then my computer immediately went to the bluescreen and restarted. Here is the problem information that windows showed after restart.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: a
BCP1: C0850845
BCP2: 00000002
BCP3: 00000001
BCP4: 832870BC
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 4th, 2011, 2:38 pm

Hi.
Did you disable Trend Micro Internet Security Pro before running ComboFix?
Try running ComboFix again, if you still have problems try running it in safe mode.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 4th, 2011, 8:27 pm

Hello.
I tried again, double checking to ensure trend micro was disabled and I bluescreened again. I booted up into safe mode and, after ensuring trend micro wasn't running, ran ComboFix again and received another bluescreen.
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 5th, 2011, 6:10 am

Hi Sliktor.
Ok a change of approach, see if you can complete the instructions below.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Important!: Run this fix once and once only.
  • Right click TDSSKiller.exe and select " Run as administrator " to run it.
  • Then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found, click the default action Cure > Continue > Reboot now.
  • If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 5th, 2011, 12:11 pm

Here is the TDSKiller log.

2011/03/05 08:58:32.0188 2700 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/05 08:58:32.0507 2700 ================================================================================
2011/03/05 08:58:32.0507 2700 SystemInfo:
2011/03/05 08:58:32.0507 2700
2011/03/05 08:58:32.0507 2700 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/05 08:58:32.0507 2700 Product type: Workstation
2011/03/05 08:58:32.0507 2700 ComputerName: SLIKTOR-PC
2011/03/05 08:58:32.0507 2700 UserName: Sliktor
2011/03/05 08:58:32.0507 2700 Windows directory: C:\Windows
2011/03/05 08:58:32.0507 2700 System windows directory: C:\Windows
2011/03/05 08:58:32.0507 2700 Processor architecture: Intel x86
2011/03/05 08:58:32.0507 2700 Number of processors: 2
2011/03/05 08:58:32.0507 2700 Page size: 0x1000
2011/03/05 08:58:32.0507 2700 Boot type: Normal boot
2011/03/05 08:58:32.0507 2700 ================================================================================
2011/03/05 08:58:33.0365 2700 Initialize success
2011/03/05 08:58:42.0688 5600 ================================================================================
2011/03/05 08:58:42.0688 5600 Scan started
2011/03/05 08:58:42.0688 5600 Mode: Manual;
2011/03/05 08:58:42.0688 5600 ================================================================================
2011/03/05 08:58:43.0341 5600 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/05 08:58:43.0394 5600 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/05 08:58:43.0444 5600 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/05 08:58:43.0511 5600 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/05 08:58:43.0573 5600 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/05 08:58:43.0624 5600 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/05 08:58:43.0687 5600 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/05 08:58:43.0734 5600 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/05 08:58:43.0786 5600 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/05 08:58:43.0857 5600 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/05 08:58:43.0897 5600 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/05 08:58:43.0940 5600 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/05 08:58:43.0980 5600 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/05 08:58:44.0020 5600 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/05 08:58:44.0058 5600 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/05 08:58:44.0099 5600 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/05 08:58:44.0186 5600 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/05 08:58:44.0227 5600 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/05 08:58:44.0276 5600 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/05 08:58:44.0316 5600 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/05 08:58:44.0390 5600 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/05 08:58:44.0427 5600 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/05 08:58:44.0511 5600 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/05 08:58:44.0571 5600 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/05 08:58:44.0625 5600 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/05 08:58:44.0663 5600 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/05 08:58:44.0717 5600 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/05 08:58:44.0750 5600 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/05 08:58:44.0794 5600 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/05 08:58:44.0843 5600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/05 08:58:44.0874 5600 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/05 08:58:44.0912 5600 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/05 08:58:44.0964 5600 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/03/05 08:58:45.0002 5600 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/05 08:58:45.0052 5600 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/03/05 08:58:45.0107 5600 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/03/05 08:58:45.0200 5600 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/03/05 08:58:45.0269 5600 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2011/03/05 08:58:45.0321 5600 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2011/03/05 08:58:45.0366 5600 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/03/05 08:58:45.0419 5600 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/03/05 08:58:45.0458 5600 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/05 08:58:45.0504 5600 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/05 08:58:45.0554 5600 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/05 08:58:45.0605 5600 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/05 08:58:45.0684 5600 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/05 08:58:45.0722 5600 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/05 08:58:45.0775 5600 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/05 08:58:45.0818 5600 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/05 08:58:45.0857 5600 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/05 08:58:45.0977 5600 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/05 08:58:46.0030 5600 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/03/05 08:58:46.0097 5600 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/05 08:58:46.0138 5600 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/05 08:58:46.0171 5600 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/05 08:58:46.0238 5600 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/05 08:58:46.0303 5600 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/05 08:58:46.0748 5600 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/05 08:58:46.0987 5600 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/05 08:58:47.0037 5600 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/05 08:58:47.0106 5600 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/05 08:58:47.0153 5600 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/05 08:58:47.0197 5600 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/05 08:58:47.0247 5600 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/05 08:58:47.0285 5600 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/05 08:58:47.0325 5600 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/05 08:58:47.0360 5600 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/05 08:58:47.0420 5600 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/05 08:58:47.0457 5600 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/05 08:58:47.0490 5600 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/05 08:58:47.0530 5600 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/05 08:58:47.0576 5600 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/05 08:58:47.0630 5600 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/03/05 08:58:47.0679 5600 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/05 08:58:47.0722 5600 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/05 08:58:47.0768 5600 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/05 08:58:47.0813 5600 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/05 08:58:47.0870 5600 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/05 08:58:47.0933 5600 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/05 08:58:47.0982 5600 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/05 08:58:48.0073 5600 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/05 08:58:48.0112 5600 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/05 08:58:48.0175 5600 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/05 08:58:48.0359 5600 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/05 08:58:48.0586 5600 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/05 08:58:48.0682 5600 IntcAzAudAddService (efad2bc74d06c5f53fa64b6dd6dbb459) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/05 08:58:48.0852 5600 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/05 08:58:48.0887 5600 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/05 08:58:48.0943 5600 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/05 08:58:48.0987 5600 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/05 08:58:49.0035 5600 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/05 08:58:49.0078 5600 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/05 08:58:49.0110 5600 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/05 08:58:49.0163 5600 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/05 08:58:49.0212 5600 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/05 08:58:49.0251 5600 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/05 08:58:49.0301 5600 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/05 08:58:49.0335 5600 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/05 08:58:49.0401 5600 LachesisFltr (5e34cd48b7eb440bb77e93528cc9f0cc) C:\Windows\system32\drivers\Lachesis.sys
2011/03/05 08:58:49.0486 5600 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
2011/03/05 08:58:49.0534 5600 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/05 08:58:49.0590 5600 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/05 08:58:49.0638 5600 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/05 08:58:49.0681 5600 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/05 08:58:49.0720 5600 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/05 08:58:49.0758 5600 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/05 08:58:49.0821 5600 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/03/05 08:58:49.0849 5600 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/05 08:58:49.0902 5600 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/05 08:58:50.0019 5600 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/05 08:58:50.0065 5600 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/05 08:58:50.0117 5600 MotioninJoyXFilter (2711ff575578e1c4abb057256fcf9a77) C:\Windows\system32\DRIVERS\MijXfilt.sys
2011/03/05 08:58:50.0161 5600 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/05 08:58:50.0206 5600 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/05 08:58:50.0239 5600 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/05 08:58:50.0286 5600 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/05 08:58:50.0329 5600 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/05 08:58:50.0378 5600 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/05 08:58:50.0428 5600 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/05 08:58:50.0480 5600 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/05 08:58:50.0520 5600 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/05 08:58:50.0557 5600 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/05 08:58:50.0596 5600 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/05 08:58:50.0652 5600 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/05 08:58:50.0691 5600 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/05 08:58:50.0725 5600 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/05 08:58:50.0776 5600 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/05 08:58:50.0807 5600 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/05 08:58:50.0837 5600 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/05 08:58:50.0877 5600 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/05 08:58:50.0925 5600 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/05 08:58:50.0991 5600 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/05 08:58:51.0019 5600 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/05 08:58:51.0058 5600 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/05 08:58:51.0139 5600 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/05 08:58:51.0247 5600 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/05 08:58:51.0282 5600 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/05 08:58:51.0321 5600 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/05 08:58:51.0362 5600 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/05 08:58:51.0408 5600 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/05 08:58:51.0455 5600 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/05 08:58:51.0488 5600 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/05 08:58:51.0529 5600 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/05 08:58:51.0678 5600 NETw4v32 (4547b8aedd8119fcc127fdc7f282e983) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/03/05 08:58:51.0995 5600 netw5v32 (39cba1ae2a400ef99c3dec9f9f601876) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/03/05 08:58:52.0337 5600 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/05 08:58:52.0408 5600 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/05 08:58:52.0488 5600 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/05 08:58:52.0551 5600 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/05 08:58:52.0644 5600 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/05 08:58:52.0865 5600 nvlddmkm (99c0a0df332a5b28e8a3d08cc8d879f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/05 08:58:53.0871 5600 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/05 08:58:53.0927 5600 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/05 08:58:53.0963 5600 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/05 08:58:54.0003 5600 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/05 08:58:54.0042 5600 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/05 08:58:54.0082 5600 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/05 08:58:54.0123 5600 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/05 08:58:54.0226 5600 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/03/05 08:58:54.0261 5600 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/05 08:58:54.0314 5600 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/05 08:58:54.0430 5600 pnarp (8092d881311b313c99099870f663f888) C:\Windows\system32\DRIVERS\pnarp.sys
2011/03/05 08:58:54.0508 5600 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/05 08:58:54.0549 5600 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/05 08:58:54.0608 5600 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/05 08:58:54.0668 5600 purendis (9715050608550825b23507213cae0208) C:\Windows\system32\DRIVERS\purendis.sys
2011/03/05 08:58:54.0736 5600 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/05 08:58:54.0912 5600 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/05 08:58:54.0968 5600 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/05 08:58:55.0003 5600 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/05 08:58:55.0051 5600 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/05 08:58:55.0097 5600 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/05 08:58:55.0149 5600 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/05 08:58:55.0187 5600 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/05 08:58:55.0241 5600 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/05 08:58:55.0292 5600 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/05 08:58:55.0336 5600 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/05 08:58:55.0380 5600 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/03/05 08:58:55.0425 5600 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/05 08:58:55.0474 5600 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/05 08:58:55.0518 5600 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/05 08:58:55.0562 5600 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/05 08:58:55.0637 5600 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/03/05 08:58:55.0703 5600 rimmptsk (bb7e95fc672b27a645b9df07fe5ee815) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/03/05 08:58:55.0752 5600 rimsptsk (59f802b0741fc2f1236285367cbe2ca8) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/05 08:58:55.0801 5600 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/05 08:58:55.0880 5600 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/03/05 08:58:55.0941 5600 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/05 08:58:56.0016 5600 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/05 08:58:56.0076 5600 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/05 08:58:56.0145 5600 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
2011/03/05 08:58:56.0236 5600 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/05 08:58:56.0307 5600 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/05 08:58:56.0354 5600 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/05 08:58:56.0430 5600 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/05 08:58:56.0475 5600 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/05 08:58:56.0536 5600 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/05 08:58:56.0574 5600 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/05 08:58:56.0612 5600 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/05 08:58:56.0646 5600 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/05 08:58:56.0700 5600 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/05 08:58:56.0848 5600 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/05 08:58:56.0924 5600 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/05 08:58:56.0971 5600 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/05 08:58:57.0029 5600 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/05 08:58:57.0137 5600 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/05 08:58:57.0217 5600 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/05 08:58:57.0271 5600 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/05 08:58:57.0364 5600 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/05 08:58:57.0422 5600 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/05 08:58:57.0458 5600 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/05 08:58:57.0498 5600 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/05 08:58:57.0604 5600 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/05 08:58:57.0729 5600 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/05 08:58:57.0767 5600 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/05 08:58:57.0808 5600 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/05 08:58:57.0849 5600 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/05 08:58:57.0891 5600 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/05 08:58:57.0935 5600 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/05 08:58:58.0002 5600 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\Windows\system32\DRIVERS\tmactmon.sys
2011/03/05 08:58:58.0057 5600 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\Windows\system32\DRIVERS\tmcomm.sys
2011/03/05 08:58:58.0119 5600 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2011/03/05 08:58:58.0169 5600 tmlwf (4e87d02e56e9b1af831c5d521597d629) C:\Windows\system32\DRIVERS\tmlwf.sys
2011/03/05 08:58:58.0241 5600 tmpreflt (9cbbe54780770fdb7aaa73be530e4d80) C:\Windows\system32\DRIVERS\tmpreflt.sys
2011/03/05 08:58:58.0295 5600 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/03/05 08:58:58.0363 5600 tmwfp (d9882fd91b7c4c35acaa8498d1f3cd68) C:\Windows\system32\DRIVERS\tmwfp.sys
2011/03/05 08:58:58.0450 5600 tmxpflt (6cc393305bd60056ca09a4c8032a169a) C:\Windows\system32\DRIVERS\tmxpflt.sys
2011/03/05 08:58:58.0519 5600 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/05 08:58:58.0576 5600 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/05 08:58:58.0624 5600 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/05 08:58:58.0669 5600 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/05 08:58:58.0743 5600 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/05 08:58:58.0781 5600 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/05 08:58:58.0816 5600 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/05 08:58:58.0882 5600 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/03/05 08:58:58.0923 5600 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/05 08:58:58.0970 5600 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/05 08:58:59.0005 5600 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/05 08:58:59.0050 5600 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/05 08:58:59.0101 5600 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/05 08:58:59.0170 5600 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/05 08:58:59.0213 5600 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/05 08:58:59.0264 5600 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/05 08:58:59.0329 5600 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/05 08:58:59.0397 5600 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/05 08:58:59.0490 5600 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/05 08:58:59.0533 5600 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/05 08:58:59.0580 5600 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/05 08:58:59.0623 5600 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/05 08:58:59.0655 5600 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/05 08:58:59.0693 5600 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/05 08:58:59.0735 5600 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/05 08:58:59.0812 5600 vsapint (bbdd84ca629c1f7c8172b4405867f196) C:\Windows\system32\DRIVERS\vsapint.sys
2011/03/05 08:58:59.0906 5600 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/05 08:59:00.0009 5600 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/03/05 08:59:00.0061 5600 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/05 08:59:00.0108 5600 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 08:59:00.0136 5600 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 08:59:00.0207 5600 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/05 08:59:00.0248 5600 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/05 08:59:00.0366 5600 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/05 08:59:00.0401 5600 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/05 08:59:00.0457 5600 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
2011/03/05 08:59:00.0566 5600 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/05 08:59:00.0629 5600 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/05 08:59:00.0688 5600 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/03/05 08:59:00.0722 5600 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/03/05 08:59:00.0777 5600 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/05 08:59:00.0820 5600 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/05 08:59:00.0939 5600 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
2011/03/05 08:59:01.0021 5600 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
2011/03/05 08:59:01.0075 5600 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/05 08:59:01.0080 5600 ================================================================================
2011/03/05 08:59:01.0080 5600 Scan finished
2011/03/05 08:59:01.0080 5600 ================================================================================
2011/03/05 08:59:01.0093 3368 Detected object count: 1
2011/03/05 08:59:09.0392 3368 \HardDisk0 - will be cured after reboot
2011/03/05 08:59:09.0413 3368 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/05 08:59:16.0055 3960 Deinitialize success





EDIT - Google is not redirecting anymore.
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 5th, 2011, 12:26 pm

Hi Sliktor.
Google is not redirecting anymore.

Excellent good work, please stay with me we still have some work to do.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 24.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
    Note: Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Please disable Trend Micro Internet Security Pro as it may interfere with the below scan.
Note: Don't forget to re-enable it after the fix.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please let me know how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 6th, 2011, 12:08 am

Here is the new log. Everything seems to be working great.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=73b8bfc6ca87e445b7334abc72b73748
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-06 03:18:32
# local_time=2011-03-05 08:18:32 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=516 16774526 100 100 0 33963114 0 0
# compatibility_mode=5893 16776574 100 94 31383638 50921137 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=143688
# found=8
# cleaned=0
# scan_time=5166
C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\63b3978b-7cfc60d9 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-397d4d55 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-184622fc probably a variant of Win32/Agent.FPEXZHL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\752509ab-49f2bcc2 probably a variant of Win32/Agent.HRYTTOE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7fa50935-58aea953 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\384ba27d-4db69171 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sliktor\AppData\Roaming\Mozilla\Firefox\Profiles\f2n48t6l.default\extensions\{0b521176-81b5-4849-b963-98c7a257827d}\opinstaller.msi multiple threats (unable to clean) 00000000000000000000000000000000 I
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 6th, 2011, 6:45 am

Hi Sliktor.
Everything seems to be working great.

Good news :)
Just a few things to clean up then if no further problems i will give you final instructions.

Back Up registry with ERUNT

  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Right-click on erunt_setup.exe and select " Run as administrator " to run it.
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "D4027C7F-154A-4066-A1AD-4243D8127440"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
    
    :Files
    C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll 
    C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\63b3978b-7cfc60d9
    C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-397d4d55 
    C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-184622fc 
    C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\752509ab-49f2bcc2
    C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7fa50935-58aea953
    C:\Users\Sliktor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\384ba27d-4db69171
    C:\Users\Sliktor\AppData\Roaming\Mozilla\Firefox\Profiles\f2n48t6l.default\extensions\{0b521176-81b5-4849-b963-98c7a257827d}\opinstaller.msi
    ipconfig /flushdns /c
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [ClearAllRestorePoints]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Logs/Information to Post in your Next Reply

  • OTM log.
  • Please let me know how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 6th, 2011, 8:26 pm

How long should OTM take? It ran for nearly 10 hours today. Windows said it was not responding, I did a manual reboot. There was no log, and I couldn't copy what was currently in the results screen. I copied down the last line.

========FILES========
DllUnregisterServer procedure not found in C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\

That's all I could read on the line. The program reached that point and stopped responding. I let it run all day to see if it would work after awhile but nothing. ERUNT ran fine though.

Here is windows problem box results that appeared when I attempted to click on the screen.

Description:
A problem caused this program to stop interacting with Windows.

Problem signature:
Problem Event Name: AppHangB1
Application Name: OTM.exe
Application Version: 3.1.17.2
Application Timestamp: 2a425e19
Hang Signature: a065
Hang Type: 0
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
Additional Hang Signature 1: a0653db4c18ffb00cf43f634bd3ea3a3
Additional Hang Signature 2: 2a1b
Additional Hang Signature 3: 2a1b8b10153fc6b452ef6a7cddc63c87
Additional Hang Signature 4: a065
Additional Hang Signature 5: a0653db4c18ffb00cf43f634bd3ea3a3
Additional Hang Signature 6: 2a1b
Additional Hang Signature 7: 2a1b8b10153fc6b452ef6a7cddc63c87
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 7th, 2011, 7:07 am

Hi Sliktor.
How long should OTM take? It ran for nearly 10 hours today.

No it shouldn't have taken more than a few minutes to run, how is your PC performing now are you having any problems?
Do the following please.

Clear Java cache

  • Click on Start > Control Panel > Classic view then double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button.
  • There are two options in the window to clear the cache - Leave BOTH Checked.
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
  • Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 7th, 2011, 2:44 pm

Okay, I cleared the Java cache. No noticeable problems. I do have some windows updates waiting to be installed now, including the Windows 7 service pack 1. Am waiting until I get the all clear before installing anything.
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 7th, 2011, 2:50 pm

Hi Sliktor.
your latest set of logs appear to be clean!
Run through the instructions below then you can install service pack 1 :)
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTM

  • Right-click OTM.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 7th, 2011, 6:07 pm

Hey Cypher!
Thanks for all the help! Everything seems to be working great now!
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 8th, 2011, 6:04 am

Hi Sliktor.
Thanks for all the help! Everything seems to be working great now!

You're most welcome glad we could help.
Good luck and stay safe.
As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 79 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware