Trojan Horse Fakealert.UD

View previous topic View next topic Go down

Trojan Horse Fakealert.UD

Post by voodooshaman on Tue Nov 02, 2010 12:52 pm

Hi there. 1st time here.

Im having a problem with a trojan which i cannot remove using AVG or MBAM.
It redirects my web requests either to antimalware advert sites or I get a message saying my request was blocked by the website as it was identified as a malicious request. AVG constantly pops up saying the threat was found and then i click to remove but the problem never goes away. If i continually click refresh then eventually i will get the website I am after but this is obviously very annoying.

Any help much appreciated!

voodooshaman
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-10-23
OS OS : Windows 7
Points Points : 22423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Fakealert.UD

Post by Kenny94 on Tue Nov 02, 2010 1:34 pm

Hi voodooshaman and Welcome to GeekPolice!

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.


  • Instead of attaching, please copy/past both logs into your Thread

  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.]Then post your DDS (DDS.txt and Attach.txt


Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Fakealert.UD

Post by voodooshaman on Tue Nov 02, 2010 2:01 pm

thanks for quick response, here are the logs:


DDS (Ver_10-11-01.01) - NTFS_AMD64
Run by Dave at 13:54:34.49 on 02/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4026.2764 [GMT 0:00]


============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dave\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-9-7 381008]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-9-10 3210176]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-10-7 1737464]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-26 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-5-25 865824]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-26 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-6 144640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-26 243232]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2010-10-7 114304]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-4-26 75304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-7 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-9 517448]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-6 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-26 225280]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-10 1255736]

=============== Created Last 30 ================

2010-10-28 21:05:10 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-28 21:05:10 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-28 21:05:10 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-28 21:05:10 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-28 21:05:10 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-28 21:05:10 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-28 21:05:10 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-28 20:20:19 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-17 21:57:59 -------- d-----w- C:\Users\Dave\AppData\Local\Adobe
2010-10-17 15:08:58 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-10-17 15:08:08 -------- d-----w- C:\Users\Dave\AppData\Roaming\uTorrent
2010-10-14 19:31:57 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-10-14 19:31:57 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-10-14 19:21:36 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-14 19:21:35 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-14 19:14:07 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-14 19:14:07 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-14 19:14:07 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-14 19:14:06 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-14 19:13:24 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-14 19:13:23 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-14 19:13:23 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-10-14 19:13:23 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-14 19:04:53 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-14 19:04:53 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-14 18:57:18 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-14 18:57:17 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-14 18:54:40 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-10-14 18:54:40 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-14 18:43:45 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-14 18:43:45 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-14 18:36:00 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-14 18:36:00 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-14 18:36:00 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-14 18:36:00 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-14 18:36:00 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-14 18:33:53 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-10-12 12:45:43 -------- d-----w- C:\PROGRA~3\FarmFrenzy2
2010-10-10 21:35:47 -------- d-----w- C:\24c762877494a1a130ef45b1e2
2010-10-10 15:39:57 -------- d-----w- C:\Users\Dave\AppData\Local\Oberon Games
2010-10-10 11:11:34 -------- d-----w- C:\Windows\SysWow64\Wat
2010-10-10 11:11:34 -------- d-----w- C:\Windows\System32\Wat
2010-10-10 10:17:12 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-10-10 10:17:11 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-10-10 10:17:11 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-10-10 10:17:11 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-10-10 10:17:11 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-10-10 10:17:11 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-10-10 10:17:11 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-10-10 10:17:11 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-10-10 10:17:11 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-10-10 10:17:11 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-10-10 10:16:55 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2010-10-09 16:25:32 -------- d--h--w- C:\$AVG
2010-10-09 16:01:00 -------- d-----w- C:\Users\Dave\AppData\Local\AVG Security Toolbar
2010-10-09 15:55:18 -------- d-----w- C:\Users\Dave\AppData\Roaming\AVG10
2010-10-09 15:54:02 -------- d--h--w- C:\PROGRA~3\Common Files
2010-10-09 15:53:58 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar
2010-10-09 15:53:45 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2010-10-09 15:53:14 -------- d-----w- C:\Windows\System32\drivers\AVG
2010-10-09 15:53:14 -------- d-----w- C:\PROGRA~3\AVG10
2010-10-09 15:52:18 -------- d-----w- C:\Program Files (x86)\AVG
2010-10-09 14:32:07 -------- d-----w- C:\Users\Dave\AppData\Roaming\Malwarebytes
2010-10-09 14:31:57 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-09 14:31:56 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-09 14:31:56 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-09 14:31:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-09 02:07:42 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2010-10-09 02:01:24 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-09 02:01:24 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-10-09 01:26:58 -------- d-----w- C:\PROGRA~3\MFAData
2010-10-09 00:44:19 1736608 ----a-w- C:\Windows\System32\ntdll.dll
2010-10-09 00:44:19 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll
2010-10-09 00:44:18 612352 ----a-w- C:\Windows\System32\vbscript.dll
2010-10-09 00:44:18 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-10-09 00:44:17 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2010-10-09 00:44:17 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2010-10-09 00:42:58 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-10-09 00:42:57 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-10-09 00:42:57 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2010-10-09 00:42:57 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2010-10-09 00:41:58 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-10-09 00:41:57 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-10-09 00:41:57 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2010-10-09 00:40:56 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-10-09 00:40:56 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-10-09 00:40:54 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2010-10-09 00:40:54 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2010-10-09 00:40:54 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2010-10-09 00:40:54 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2010-10-09 00:40:33 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-10-09 00:40:33 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-10-09 00:40:32 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-09 00:40:32 366080 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-09 00:40:32 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-09 00:40:32 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-09 00:06:01 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-10-09 00:06:01 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-10-09 00:05:59 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-10-09 00:05:59 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-10-08 21:05:25 -------- d-----w- C:\Users\Dave\AppData\Local\Thunderbird
2010-10-08 18:28:05 -------- d-----w- C:\Users\Dave\AppData\Local\Microsoft Games
2010-10-07 23:00:40 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{454AB600-4293-4B07-8F12-714C874BB6AB}\mpengine.dll
2010-10-07 23:00:39 270208 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-07 21:41:40 -------- d-----w- C:\Users\Dave\AppData\Local\Mozilla
2010-10-07 20:58:33 -------- d-----w- C:\Users\Dave\AppData\Roaming\Spotify
2010-10-07 20:58:33 -------- d-----w- C:\Users\Dave\AppData\Local\Spotify
2010-10-07 20:58:30 -------- d-----w- C:\Program Files (x86)\Spotify
2010-10-07 20:17:46 -------- d-----w- C:\Users\Dave\AppData\Local\Google
2010-10-07 20:16:51 -------- d-----w- C:\Users\Dave\AppData\Roaming\Birdstep Technology
2010-10-07 20:16:40 -------- d-----w- C:\PROGRA~3\Birdstep Technology
2010-10-07 20:16:30 29696 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2010-10-07 20:16:30 243200 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys
2010-10-07 20:16:30 117248 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2010-10-07 20:16:30 114304 ----a-w- C:\Windows\System32\drivers\ewusbdev.sys
2010-10-07 20:16:19 71259 ----a-w- C:\Windows\Huawei ModemsUninstall.exe
2010-10-07 20:16:19 -------- d-----w- C:\Program Files (x86)\Huawei Modems
2010-10-07 20:16:07 -------- d-----w- C:\Program Files (x86)\3 Mobile Broadband
2010-10-07 20:15:37 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-10-07 20:15:37 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-10-07 20:15:37 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-10-07 20:15:37 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-10-07 20:15:37 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-10-07 20:15:35 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-10-07 20:15:35 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-10-07 20:13:47 -------- d-----w- C:\Users\Dave\AppData\Roaming\Intel Corporation
2010-10-07 20:13:38 -------- d-----w- C:\Users\Dave\AppData\Local\EgisTec IPS
2010-10-07 20:13:03 -------- d-----w- C:\Users\Dave\AppData\Local\VirtualStore
2010-10-07 20:12:22 -------- d-----w- C:\Program Files (x86)\OEM
2010-10-07 20:12:17 -------- d-----w- C:\Program Files\Acer Accessory Store

==================== Find3M ====================

2010-09-13 15:28:00 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 02:48:58 381008 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-09-07 02:48:56 41040 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-09-07 02:48:52 305232 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-09-07 02:48:50 30288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2010-08-19 20:42:38 35920 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2010-08-19 20:42:38 157264 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys

============= FINISH: 13:55:30.20 ===============



and.....


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07/10/2010 21:10:40
System Uptime: 11/02/2010 08:49:09 (6341 hours ago)

Motherboard: Acer | | Aspire 5734Z
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | uPGA-478 | 2300/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 453 GiB total, 413.327 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 07/10/2010 21:15:56 - Installed 3Connect
RP2: 07/10/2010 21:21:48 - Installed 3Connect
RP3: 08/10/2010 00:00:26 - Windows Update
RP4: 09/10/2010 03:00:23 - Windows Update
RP5: 09/10/2010 16:51:59 - Installed AVG 2011
RP6: 09/10/2010 16:52:27 - Installed AVG 2011
RP7: 10/10/2010 11:12:41 - Windows Update
RP8: 10/10/2010 22:35:06 - Windows Update
RP9: 12/10/2010 13:25:23 - Windows Update
RP10: 14/10/2010 23:21:31 - Windows Update
RP11: 16/10/2010 17:58:36 - Windows Update
RP12: 31/10/2010 19:55:41 - Windows Update

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
3Connect
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Amazonia
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
µTorrent
Backup Manager Basic
Cake Mania
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 9
Dairy Dash
Dream Day First Home
eBay Worldwide
eSobi v2
Farm Frenzy 2
Galapago
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heroes of Hellas
Huawei modem
Identity Card
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Thunderbird (3.1.6)
MSVCRT
MyWinLocker
MyWinLocker Suite
Norton Online Backup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shredder
Spin & Win
Spotify
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

==== Event Viewer Messages From Past Week ========

26/10/2010 17:29:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
26/10/2010 17:29:22, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/11/2010 12:52:00, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

voodooshaman
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-10-23
OS OS : Windows 7
Points Points : 22423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Fakealert.UD

Post by Kenny94 on Tue Nov 02, 2010 2:34 pm


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Fakealert.UD

Post by voodooshaman on Tue Nov 02, 2010 2:49 pm

2010/11/02 14:40:14.0556 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/02 14:40:14.0556 ================================================================================
2010/11/02 14:40:14.0556 SystemInfo:
2010/11/02 14:40:14.0556
2010/11/02 14:40:14.0556 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/02 14:40:14.0566 Product type: Workstation
2010/11/02 14:40:14.0566 ComputerName: DAVE-PC
2010/11/02 14:40:14.0566 UserName: Dave
2010/11/02 14:40:14.0566 Windows directory: C:\Windows
2010/11/02 14:40:14.0566 System windows directory: C:\Windows
2010/11/02 14:40:14.0566 Running under WOW64
2010/11/02 14:40:14.0566 Processor architecture: Intel x64
2010/11/02 14:40:14.0566 Number of processors: 2
2010/11/02 14:40:14.0566 Page size: 0x1000
2010/11/02 14:40:14.0566 Boot type: Normal boot
2010/11/02 14:40:14.0566 ================================================================================
2010/11/02 14:40:14.0566 Utility is running under WOW64
2010/11/02 14:40:14.0816 Initialize success
2010/11/02 14:40:20.0520 ================================================================================
2010/11/02 14:40:20.0520 Scan started
2010/11/02 14:40:20.0520 Mode: Manual;
2010/11/02 14:40:20.0520 ================================================================================
2010/11/02 14:40:21.0710 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/02 14:40:21.0850 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/02 14:40:21.0980 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/02 14:40:22.0130 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/02 14:40:22.0440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/02 14:40:22.0600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/02 14:40:22.0740 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/11/02 14:40:22.0880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/02 14:40:23.0070 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/02 14:40:23.0830 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/02 14:40:23.0940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/02 14:40:23.0970 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/02 14:40:24.0010 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/02 14:40:24.0070 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/02 14:40:24.0120 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/02 14:40:24.0180 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/11/02 14:40:24.0230 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/11/02 14:40:24.0260 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/02 14:40:24.0310 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/02 14:40:24.0350 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/02 14:40:24.0500 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
2010/11/02 14:40:24.0570 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/02 14:40:24.0610 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2010/11/02 14:40:24.0630 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/02 14:40:24.0680 Avgldx64 (ef415e445e5376624ed78685ee9647d4) C:\Windows\system32\DRIVERS\avgldx64.sys
2010/11/02 14:40:24.0730 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
2010/11/02 14:40:24.0780 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys
2010/11/02 14:40:24.0840 Avgtdia (ee472479301fef0b6a17e16d8a0deceb) C:\Windows\system32\DRIVERS\avgtdia.sys
2010/11/02 14:40:25.0030 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/11/02 14:40:25.0140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/11/02 14:40:25.0290 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\Windows\system32\DRIVERS\bcmwl664.sys
2010/11/02 14:40:25.0470 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/11/02 14:40:25.0540 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/02 14:40:25.0570 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/02 14:40:25.0610 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/02 14:40:25.0650 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/02 14:40:25.0670 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/11/02 14:40:25.0700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/02 14:40:25.0720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/02 14:40:25.0750 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/02 14:40:25.0780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/02 14:40:25.0830 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/02 14:40:25.0870 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/02 14:40:25.0920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/02 14:40:25.0970 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/11/02 14:40:26.0080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/02 14:40:26.0120 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/02 14:40:26.0160 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/11/02 14:40:26.0200 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/02 14:40:26.0230 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/02 14:40:26.0270 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/02 14:40:26.0340 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/11/02 14:40:26.0370 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/11/02 14:40:26.0410 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/11/02 14:40:26.0470 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/11/02 14:40:26.0540 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/02 14:40:26.0720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/11/02 14:40:26.0950 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/02 14:40:27.0000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/02 14:40:27.0060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/11/02 14:40:27.0080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/11/02 14:40:27.0120 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/02 14:40:27.0190 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/11/02 14:40:27.0210 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/11/02 14:40:27.0250 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/02 14:40:27.0290 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/11/02 14:40:27.0330 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/11/02 14:40:27.0360 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/02 14:40:27.0420 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/02 14:40:27.0490 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/02 14:40:27.0570 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/02 14:40:27.0590 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/11/02 14:40:27.0640 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/02 14:40:27.0660 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/02 14:40:27.0690 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/02 14:40:27.0710 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/02 14:40:27.0750 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/02 14:40:27.0810 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/02 14:40:27.0860 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/11/02 14:40:27.0920 hwdatacard (8f9b0fc4ec3a8194bd4cbc5ed3e7abeb) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2010/11/02 14:40:27.0970 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/02 14:40:28.0010 hwusbdev (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
2010/11/02 14:40:28.0130 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/02 14:40:28.0200 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
2010/11/02 14:40:28.0260 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/02 14:40:28.0540 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/11/02 14:40:28.0850 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/02 14:40:28.0980 IntcAzAudAddService (1768ccc0ccda73a5b3d7a17a3c52e870) C:\Windows\system32\drivers\RTKVHD64.sys
2010/11/02 14:40:29.0080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/02 14:40:29.0130 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/02 14:40:29.0150 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/02 14:40:29.0180 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/02 14:40:29.0200 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/11/02 14:40:29.0230 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/11/02 14:40:29.0250 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/02 14:40:29.0310 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/02 14:40:29.0350 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/02 14:40:29.0390 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/02 14:40:29.0430 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/02 14:40:29.0480 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/02 14:40:29.0510 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/11/02 14:40:29.0570 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\Windows\system32\DRIVERS\L1C62x64.sys
2010/11/02 14:40:29.0650 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/02 14:40:29.0730 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/02 14:40:29.0750 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/02 14:40:29.0780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/02 14:40:29.0800 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/02 14:40:29.0850 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/11/02 14:40:30.0000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/02 14:40:30.0030 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/02 14:40:30.0070 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/11/02 14:40:30.0110 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/02 14:40:30.0150 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/02 14:40:30.0190 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/02 14:40:30.0230 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/11/02 14:40:30.0240 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/02 14:40:30.0270 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/02 14:40:30.0320 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/02 14:40:30.0370 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/02 14:40:30.0400 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/02 14:40:30.0430 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/02 14:40:30.0480 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/02 14:40:30.0500 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/02 14:40:30.0560 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/11/02 14:40:30.0580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/02 14:40:30.0600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/02 14:40:30.0650 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/02 14:40:30.0680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/02 14:40:30.0700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/11/02 14:40:30.0740 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/11/02 14:40:30.0780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/02 14:40:30.0820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/11/02 14:40:30.0840 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/02 14:40:30.0890 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/11/02 14:40:30.0930 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2010/11/02 14:40:30.0960 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2010/11/02 14:40:30.0980 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2010/11/02 14:40:31.0100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/02 14:40:31.0180 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/11/02 14:40:31.0230 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/02 14:40:31.0270 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/02 14:40:31.0290 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/02 14:40:31.0330 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/02 14:40:31.0360 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/11/02 14:40:31.0400 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/02 14:40:31.0430 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/02 14:40:31.0490 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/02 14:40:31.0530 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/11/02 14:40:31.0560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/02 14:40:31.0640 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/11/02 14:40:31.0730 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2010/11/02 14:40:31.0780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/11/02 14:40:31.0810 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/02 14:40:31.0830 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/02 14:40:31.0870 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/02 14:40:31.0890 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/02 14:40:31.0960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/11/02 14:40:31.0990 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/11/02 14:40:32.0020 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/11/02 14:40:32.0040 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/02 14:40:32.0080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/02 14:40:32.0100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/11/02 14:40:32.0150 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/11/02 14:40:32.0260 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/02 14:40:32.0290 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/11/02 14:40:32.0370 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/02 14:40:32.0430 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/02 14:40:32.0510 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/02 14:40:32.0560 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/02 14:40:32.0580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/02 14:40:32.0650 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/02 14:40:32.0730 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/02 14:40:32.0770 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/02 14:40:32.0790 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/02 14:40:32.0830 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/02 14:40:32.0870 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/02 14:40:32.0900 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/02 14:40:32.0930 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/02 14:40:32.0960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/02 14:40:32.0980 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/11/02 14:40:33.0020 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/11/02 14:40:33.0110 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/02 14:40:33.0150 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\System32\Drivers\RtsUStor.sys
2010/11/02 14:40:33.0180 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/02 14:40:33.0210 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/02 14:40:33.0290 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/02 14:40:33.0350 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/02 14:40:33.0370 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/11/02 14:40:33.0390 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/02 14:40:33.0430 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/02 14:40:33.0450 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/02 14:40:33.0480 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/02 14:40:33.0500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/02 14:40:33.0530 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/02 14:40:33.0560 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/02 14:40:33.0602 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/11/02 14:40:33.0642 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/11/02 14:40:33.0772 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/11/02 14:40:33.0842 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/02 14:40:33.0872 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/02 14:40:33.0932 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/02 14:40:33.0962 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/02 14:40:34.0022 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/02 14:40:34.0172 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/11/02 14:40:34.0292 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/02 14:40:34.0342 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/02 14:40:34.0382 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/11/02 14:40:34.0402 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/11/02 14:40:34.0452 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/02 14:40:34.0472 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/02 14:40:34.0562 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/02 14:40:34.0612 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/02 14:40:34.0632 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/02 14:40:34.0682 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2010/11/02 14:40:34.0722 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/02 14:40:34.0832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/02 14:40:34.0872 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/02 14:40:34.0912 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/02 14:40:34.0962 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/02 14:40:34.0982 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/02 14:40:35.0022 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/02 14:40:35.0062 usbhub (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/02 14:40:35.0092 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/02 14:40:35.0112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/02 14:40:35.0152 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/02 14:40:35.0182 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/02 14:40:35.0232 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2010/11/02 14:40:35.0312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/02 14:40:35.0352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/02 14:40:35.0382 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/11/02 14:40:35.0402 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/02 14:40:35.0422 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/02 14:40:35.0462 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/02 14:40:35.0482 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/11/02 14:40:35.0502 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/02 14:40:35.0562 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/02 14:40:35.0602 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/11/02 14:40:35.0642 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/11/02 14:40:35.0682 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/02 14:40:35.0732 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/02 14:40:35.0752 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/02 14:40:35.0812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/11/02 14:40:35.0862 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/02 14:40:35.0932 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/02 14:40:35.0962 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/11/02 14:40:36.0082 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/02 14:40:36.0172 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/02 14:40:36.0252 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/11/02 14:40:36.0302 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/02 14:40:36.0412 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/02 14:40:36.0412 ================================================================================
2010/11/02 14:40:36.0412 Scan finished
2010/11/02 14:40:36.0412 ================================================================================
2010/11/02 14:40:36.0432 Detected object count: 1
2010/11/02 14:40:45.0606 \HardDisk0\MBR - will be cured after reboot
2010/11/02 14:40:45.0606 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/11/02 14:41:15.0856 Deinitialize success

voodooshaman
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-10-23
OS OS : Windows 7
Points Points : 22423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Fakealert.UD

Post by Kenny94 on Tue Nov 02, 2010 3:20 pm

The search redirections should have stopped now.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read [You must be registered and logged in to see this link.].


  • Please go [You must be registered and logged in to see this link.] then click on:
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:


    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Fakealert.UD

Post by voodooshaman on Tue Nov 02, 2010 4:35 pm

not sure if this is the right log - all it says is

C:\Users\Dave\Downloads\AntivirusRemovalTool.exe probably unknown NewHeur_PE virus



things are looking better. and you're right the redirects have stopped.

Thanks a lot!

voodooshaman
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-10-23
OS OS : Windows 7
Points Points : 22423
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Fakealert.UD

Post by Kenny94 on Tue Nov 02, 2010 6:29 pm

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this File:

C:\Users\Dave\Downloads\AntivirusRemovalTool.exe

Your Computer is Clean
[You must be registered and logged in to see this link.]


Some final items:



Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.], both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.]

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.


Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit [You must be registered and logged in to see this link.] regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

[You must be registered and logged in to see this link.]- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

[You must be registered and logged in to see this link.]- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]






Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Fakealert.UD

Post by voodooshaman on Tue Nov 02, 2010 8:13 pm

Thanks a lot for your help, Kenny. Everything seems to be running more smoothly.
All the Best.

voodooshaman
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-10-23
OS OS : Windows 7
Points Points : 22423
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum