Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't kill browser re-direct


  • This topic is locked This topic is locked
23 replies to this topic

#1 beerbus

beerbus

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 27 February 2011 - 11:53 AM

Forum Members:

Had major issue with google redirect virus. Effecting IE and Chrome. Couldn't kill virus using numerous virus scanning tools. As a last resort- I backed up the drive, and re-formated. Loaded clean version of Win7 64x. Open IE for first time, with clean version of IE and Win7. Within one minute the redirect virus back!! How did this happen?

Virus continues to redirect me to useless web sites.

I'm stumped on how to rid my machine of this. Can someone help? Please,

Thanks!!!

Please find below my DSS Log:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by David at 11:23:25.51 on Sun 02/27/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2430 [GMT -5:00]

AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Program Files\Microsoft Games\solitaire\solitaire.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\David\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mg201.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=6gvhqvmb8k4at
mWinlogon: Userinit=userinit.exe
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coIEPlg.dll
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-2-27 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2011-2-27 221232]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-14 953904]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-2-27 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110225.001\IDSviA64.sys [2011-2-26 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011-2-27 150064]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2011-2-27 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-2-26 132656]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0402000.00C\symtdiv.sys [2011-2-26 451120]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-26 48488]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736]

=============== Created Last 30 ================

2011-02-27 15:52:27 85504 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMUD054C.DLL
2011-02-27 15:52:16 788992 ----a-w- C:\Windows\System32\lexlog.dll
2011-02-27 15:52:15 -------- d-----w- C:\Program Files\Lexmark_HostCD
2011-02-27 15:51:58 796160 ----a-w- C:\Windows\System32\gencoin.dll
2011-02-27 15:51:58 1310720 ----a-w- C:\Windows\System32\softcoin.dll
2011-02-27 15:51:54 -------- d-----w- C:\Program Files\Lexmark
2011-02-27 15:50:50 -------- d-----w- C:\Lexmark
2011-02-27 15:04:59 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys
2011-02-27 15:04:59 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtsp64.sys
2011-02-27 15:04:59 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys
2011-02-27 15:04:59 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys
2011-02-27 15:04:59 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtspx64.sys
2011-02-27 15:04:59 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys
2011-02-27 15:04:59 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys
2011-02-27 15:04:52 -------- d-----w- C:\Windows\System32\drivers\N360x64\0403000.005
2011-02-27 05:45:25 -------- d-----w- C:\Users\David\AppData\Local\NPE
2011-02-27 05:24:42 -------- d-----w- C:\Program Files (x86)\TRENDnet
2011-02-27 05:24:36 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-02-27 05:24:36 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-02-27 05:24:36 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-02-27 05:24:36 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-02-27 05:24:35 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-02-27 04:53:40 -------- d-----w- C:\Users\David\AppData\Local\Microsoft Games
2011-02-27 04:32:50 -------- d-----w- C:\Program Files (x86)\Common Files\Config
2011-02-27 04:32:37 -------- d-----w- C:\Program Files (x86)\Common Files\Inet
2011-02-27 04:27:35 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2011-02-27 04:27:33 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-02-27 04:27:32 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-02-27 04:27:32 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-02-27 04:27:32 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-02-27 04:27:32 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-02-27 04:27:32 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-02-27 04:27:32 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-02-27 04:27:32 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-02-27 04:27:29 4199784 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2011-02-27 04:26:42 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2011-02-27 04:26:26 -------- d-----w- C:\Users\David\AppData\Roaming\Intuit
2011-02-27 04:26:26 -------- d-----w- C:\Program Files (x86)\Quicken
2011-02-27 04:26:05 -------- d-----w- C:\PROGRA~3\Intuit
2011-02-27 04:12:32 -------- d-----w- C:\IExp1.tmp
2011-02-27 04:12:28 -------- d-----w- C:\Windows\RegisteredPackages
2011-02-27 04:12:28 -------- d-----w- C:\IExp0.tmp
2011-02-27 04:12:27 -------- d--h--w- C:\Windows\msdownld.tmp
2011-02-27 04:12:22 -------- d-----w- C:\Program Files (x86)\Windows Media Components
2011-02-27 04:12:12 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2011-02-27 04:01:43 -------- d-----w- C:\Program Files (x86)\Family Tree Maker 2010
2011-02-27 04:01:43 -------- d-----w- C:\Program Files (x86)\BCL Technologies
2011-02-27 03:50:26 -------- d-----w- C:\Users\David\AppData\Local\CrashDumps
2011-02-27 03:43:29 -------- d-----w- C:\Windows\SysWow64\Wat
2011-02-27 03:43:29 -------- d-----w- C:\Windows\System32\Wat
2011-02-27 03:39:03 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-27 03:39:03 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-27 03:30:42 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-02-27 03:30:42 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-02-27 03:22:42 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-02-27 03:22:42 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-02-27 03:22:42 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-02-27 03:22:42 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-02-27 03:22:42 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-02-27 03:22:42 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-02-27 03:22:42 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-02-27 03:22:42 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-02-27 03:22:42 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-02-27 03:22:42 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-02-27 02:36:03 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-02-27 02:35:32 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-02-27 02:35:24 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-02-27 02:35:24 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-02-27 02:35:24 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-02-27 02:35:24 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-02-27 02:35:21 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-02-27 02:35:21 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-02-27 02:29:20 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\22cbff3a1cbd62645\InstallManager_WLE_WLE.exe
2011-02-27 02:26:30 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be1164411cbd62539\MeshBetaRemover.exe
2011-02-27 02:20:11 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dc3150c11cbd6242b\DSETUP.dll
2011-02-27 02:20:11 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dc3150c11cbd6242b\DXSETUP.exe
2011-02-27 02:20:11 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dc3150c11cbd6242b\dsetup32.dll
2011-02-27 02:19:22 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be7741751cbd6242a\DSETUP.dll
2011-02-27 02:19:22 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be7741751cbd6242a\DXSETUP.exe
2011-02-27 02:19:22 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be7741751cbd6242a\dsetup32.dll
2011-02-27 01:47:29 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4a3e681b1cbd62016\Silverlight.4.0.exe
2011-02-27 01:39:12 -------- d-----w- C:\Users\David\AppData\Local\Windows Live
2011-02-27 01:39:11 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-02-27 01:38:33 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-02-27 01:38:33 206848 ----a-w- C:\Windows\System32\mfps.dll
2011-02-27 01:38:33 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-02-27 01:38:33 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2011-02-27 01:38:33 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2011-02-27 01:38:32 4068864 ----a-w- C:\Windows\System32\mf.dll
2011-02-27 01:38:32 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2011-02-27 01:37:33 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-02-27 01:32:53 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-27 01:32:52 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-27 01:32:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-27 01:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-27 01:31:55 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-02-27 01:31:55 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-02-27 01:31:15 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-02-27 01:31:15 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-02-27 01:31:15 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-02-27 01:31:15 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-02-27 01:31:08 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2011-02-27 01:31:07 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2011-02-27 01:28:33 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-02-27 01:27:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-02-27 01:23:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-02-27 01:23:59 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-02-27 01:23:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-02-27 01:23:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-02-27 01:21:36 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-27 01:21:36 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-27 01:21:24 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-02-27 01:21:24 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-27 01:21:24 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-27 01:21:24 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-02-27 01:21:24 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-27 01:20:39 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-02-27 01:20:39 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2011-02-27 01:20:39 2085376 ----a-w- C:\Windows\System32\ole32.dll
2011-02-27 01:20:39 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2011-02-27 01:16:57 148992 ----a-w- C:\Windows\System32\t2embed.dll
2011-02-27 01:16:57 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2011-02-27 01:16:48 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-02-27 01:16:48 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-02-27 01:16:48 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-02-27 01:16:36 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2011-02-27 01:16:36 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2011-02-27 01:16:35 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2011-02-27 01:16:35 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2011-02-27 01:16:04 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-02-27 01:10:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-27 01:09:50 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2011-02-27 01:09:48 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-27 01:09:48 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-27 01:09:48 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-27 01:03:32 -------- d-----w- C:\Users\David\AppData\Local\WindowsUpdate
2011-02-27 01:00:15 -------- d-----w- C:\Windows\PCHEALTH
2011-02-27 00:57:34 -------- d-----w- C:\Users\David\AppData\Local\Microsoft Help
2011-02-27 00:57:31 -------- d-sh--w- C:\Windows\Installer
2011-02-27 00:46:11 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\cchpx64.sys
2011-02-27 00:46:11 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\srtsp64.sys
2011-02-27 00:46:11 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\symtdiv.sys
2011-02-27 00:46:11 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0402000.00C\symds64.sys
2011-02-27 00:46:11 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\srtspx64.sys
2011-02-27 00:46:11 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\symefa64.sys
2011-02-27 00:46:11 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\ironx64.sys
2011-02-27 00:46:05 -------- d-----w- C:\Windows\System32\drivers\N360x64\0402000.00C
2011-02-27 00:34:45 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-02-26 23:30:53 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-02-26 23:30:53 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2011-02-26 23:30:53 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2011-02-26 23:30:52 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-02-26 23:30:52 -------- d-----w- C:\Program Files\Symantec
2011-02-26 23:30:52 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-02-26 23:30:22 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-02-26 23:30:21 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-02-26 23:28:42 -------- d-----w- C:\PROGRA~3\Norton
2011-02-26 23:23:45 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-02-26 23:23:45 -------- d-----w- C:\PROGRA~3\NortonInstaller
2011-02-26 23:13:32 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-02-26 23:13:32 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-02-26 23:13:32 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-02-26 23:13:32 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

==================== Find3M ====================

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 11:23:51.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 05 March 2011 - 09:41 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply



information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 beerbus

beerbus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 05 March 2011 - 01:21 PM

Gringo,

Thanks for the reply to my posting.

I am suffering from the google-analytics redirect virus.

Since my original posting, I was concerned that maybe my router was hijacked. I did a hard reset. No change. Still have the bug.

At work, I'm the guy who's normally fixing everyone's messed up machines. Now I can't fix my own....

BTW, I see you are in Puerto Rico. My wife and I have vacationed there, and have also left on cruise ships 3x from the Harbor. I nice place- with nice people.

I look forward to hearing back from you.

Thanks for your assistance.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 05 March 2011 - 06:29 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 beerbus

beerbus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 05 March 2011 - 08:20 PM

Dear Gringo:

Please find attached the combofix file.

Still have redirect issues. Norton, when it was turned on, kept reporting attacks to my computer.

Thank you for your assistance.

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 05 March 2011 - 08:30 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 beerbus

beerbus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 06 March 2011 - 11:58 AM

Gringo,
Please see TDSSKiller file pasted below per your request:

2011/03/06 11:53:09.0575 3184 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/06 11:53:09.0731 3184 ================================================================================
2011/03/06 11:53:09.0731 3184 SystemInfo:
2011/03/06 11:53:09.0731 3184
2011/03/06 11:53:09.0731 3184 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/06 11:53:09.0731 3184 Product type: Workstation
2011/03/06 11:53:09.0731 3184 ComputerName: BLUELIGHTS
2011/03/06 11:53:09.0731 3184 UserName: David
2011/03/06 11:53:09.0731 3184 Windows directory: C:\Windows
2011/03/06 11:53:09.0731 3184 System windows directory: C:\Windows
2011/03/06 11:53:09.0731 3184 Running under WOW64
2011/03/06 11:53:09.0731 3184 Processor architecture: Intel x64
2011/03/06 11:53:09.0731 3184 Number of processors: 2
2011/03/06 11:53:09.0731 3184 Page size: 0x1000
2011/03/06 11:53:09.0731 3184 Boot type: Normal boot
2011/03/06 11:53:09.0731 3184 ================================================================================
2011/03/06 11:53:10.0371 3184 Initialize success
2011/03/06 11:53:28.0092 2912 ================================================================================
2011/03/06 11:53:28.0092 2912 Scan started
2011/03/06 11:53:28.0092 2912 Mode: Manual;
2011/03/06 11:53:28.0092 2912 ================================================================================
2011/03/06 11:53:29.0371 2912 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/06 11:53:29.0403 2912 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/06 11:53:29.0418 2912 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/06 11:53:29.0449 2912 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/06 11:53:29.0465 2912 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/06 11:53:29.0481 2912 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/06 11:53:29.0512 2912 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/06 11:53:29.0574 2912 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/06 11:53:29.0605 2912 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/06 11:53:29.0637 2912 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/06 11:53:29.0637 2912 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/06 11:53:29.0652 2912 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/06 11:53:29.0683 2912 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/06 11:53:29.0699 2912 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/06 11:53:29.0715 2912 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/06 11:53:29.0793 2912 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/06 11:53:29.0824 2912 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/06 11:53:29.0855 2912 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/06 11:53:29.0871 2912 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/06 11:53:29.0886 2912 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/06 11:53:29.0933 2912 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/06 11:53:30.0042 2912 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/06 11:53:30.0073 2912 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/06 11:53:30.0198 2912 BHDrvx64 (0163c18a9ebc4a76542790cec49f5120) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110225.002\BHDrvx64.sys
2011/03/06 11:53:30.0292 2912 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/06 11:53:30.0307 2912 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/06 11:53:30.0323 2912 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/06 11:53:30.0339 2912 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/06 11:53:30.0354 2912 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/06 11:53:30.0385 2912 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/06 11:53:30.0401 2912 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/06 11:53:30.0417 2912 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/06 11:53:30.0479 2912 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/06 11:53:30.0510 2912 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/06 11:53:30.0541 2912 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/06 11:53:30.0573 2912 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/06 11:53:30.0635 2912 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/06 11:53:30.0713 2912 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/06 11:53:30.0729 2912 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/06 11:53:30.0760 2912 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/06 11:53:30.0775 2912 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/06 11:53:30.0838 2912 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/06 11:53:30.0869 2912 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/06 11:53:30.0916 2912 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/06 11:53:30.0931 2912 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/06 11:53:30.0978 2912 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/06 11:53:31.0056 2912 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/06 11:53:31.0087 2912 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/06 11:53:31.0165 2912 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/06 11:53:31.0243 2912 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/03/06 11:53:31.0321 2912 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/06 11:53:31.0368 2912 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/06 11:53:31.0384 2912 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/06 11:53:31.0415 2912 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/06 11:53:31.0446 2912 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/06 11:53:31.0462 2912 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/06 11:53:31.0555 2912 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/06 11:53:31.0571 2912 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/06 11:53:31.0587 2912 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/06 11:53:31.0602 2912 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/06 11:53:31.0633 2912 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/06 11:53:31.0665 2912 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/03/06 11:53:31.0680 2912 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/06 11:53:31.0743 2912 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/06 11:53:31.0774 2912 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/06 11:53:31.0821 2912 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/06 11:53:31.0852 2912 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/06 11:53:31.0883 2912 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/03/06 11:53:31.0899 2912 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/06 11:53:31.0961 2912 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/06 11:53:31.0977 2912 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/06 11:53:31.0992 2912 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/06 11:53:32.0055 2912 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/06 11:53:32.0086 2912 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/06 11:53:32.0117 2912 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/06 11:53:32.0148 2912 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/06 11:53:32.0211 2912 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/06 11:53:32.0226 2912 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/06 11:53:32.0382 2912 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110303.001\IDSvia64.sys
2011/03/06 11:53:32.0445 2912 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/06 11:53:32.0460 2912 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/06 11:53:32.0491 2912 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/06 11:53:32.0523 2912 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/06 11:53:32.0538 2912 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/06 11:53:32.0554 2912 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/06 11:53:32.0632 2912 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/06 11:53:32.0647 2912 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/06 11:53:32.0663 2912 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/06 11:53:32.0694 2912 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/06 11:53:32.0725 2912 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/06 11:53:32.0741 2912 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/06 11:53:32.0772 2912 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/06 11:53:32.0835 2912 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/06 11:53:32.0881 2912 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/06 11:53:32.0913 2912 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/06 11:53:32.0928 2912 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/06 11:53:32.0944 2912 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/06 11:53:32.0959 2912 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/06 11:53:32.0975 2912 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/06 11:53:32.0991 2912 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/06 11:53:33.0037 2912 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/06 11:53:33.0084 2912 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/06 11:53:33.0100 2912 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/06 11:53:33.0131 2912 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/06 11:53:33.0147 2912 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/06 11:53:33.0178 2912 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/06 11:53:33.0193 2912 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/06 11:53:33.0256 2912 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/06 11:53:33.0287 2912 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/06 11:53:33.0318 2912 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/06 11:53:33.0334 2912 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/06 11:53:33.0349 2912 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/06 11:53:33.0381 2912 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/06 11:53:33.0427 2912 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/06 11:53:33.0474 2912 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/06 11:53:33.0490 2912 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/06 11:53:33.0505 2912 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/06 11:53:33.0537 2912 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/06 11:53:33.0552 2912 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/06 11:53:33.0568 2912 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/06 11:53:33.0583 2912 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/06 11:53:33.0599 2912 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/06 11:53:33.0646 2912 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/06 11:53:33.0677 2912 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/06 11:53:33.0708 2912 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/06 11:53:33.0739 2912 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/06 11:53:33.0911 2912 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110305.002\ENG64.SYS
2011/03/06 11:53:33.0958 2912 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110305.002\EX64.SYS
2011/03/06 11:53:34.0098 2912 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/06 11:53:34.0129 2912 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/06 11:53:34.0161 2912 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/06 11:53:34.0207 2912 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/06 11:53:34.0223 2912 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/06 11:53:34.0270 2912 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/06 11:53:34.0285 2912 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/06 11:53:34.0301 2912 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/06 11:53:34.0332 2912 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/06 11:53:34.0395 2912 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/06 11:53:34.0410 2912 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/06 11:53:34.0473 2912 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/06 11:53:34.0488 2912 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/06 11:53:34.0660 2912 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/06 11:53:34.0753 2912 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/06 11:53:34.0785 2912 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/06 11:53:34.0800 2912 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/06 11:53:34.0816 2912 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/06 11:53:34.0847 2912 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/06 11:53:34.0863 2912 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/06 11:53:34.0878 2912 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/06 11:53:34.0894 2912 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/06 11:53:34.0956 2912 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/06 11:53:34.0972 2912 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/06 11:53:34.0987 2912 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/06 11:53:35.0065 2912 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
2011/03/06 11:53:35.0097 2912 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/06 11:53:35.0112 2912 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/06 11:53:35.0206 2912 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/06 11:53:35.0237 2912 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
2011/03/06 11:53:35.0268 2912 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/06 11:53:35.0299 2912 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/06 11:53:35.0315 2912 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/06 11:53:35.0331 2912 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/06 11:53:35.0362 2912 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/06 11:53:35.0377 2912 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/06 11:53:35.0393 2912 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/06 11:53:35.0409 2912 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/06 11:53:35.0440 2912 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/06 11:53:35.0487 2912 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/06 11:53:35.0502 2912 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/06 11:53:35.0549 2912 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/06 11:53:35.0565 2912 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/06 11:53:35.0580 2912 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/06 11:53:35.0611 2912 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/06 11:53:35.0689 2912 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/06 11:53:35.0721 2912 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/03/06 11:53:35.0752 2912 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/06 11:53:35.0767 2912 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/06 11:53:35.0799 2912 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/06 11:53:35.0877 2912 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/06 11:53:35.0908 2912 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/06 11:53:35.0923 2912 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/06 11:53:35.0986 2912 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/06 11:53:36.0001 2912 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/06 11:53:36.0017 2912 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/06 11:53:36.0033 2912 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/06 11:53:36.0111 2912 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/06 11:53:36.0126 2912 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/06 11:53:36.0142 2912 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/06 11:53:36.0189 2912 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/06 11:53:36.0282 2912 SRTSP (9a359fb3d10c9de23edc427ada8ac8be) C:\Windows\System32\Drivers\N360x64\0500000.07D\SRTSP64.SYS
2011/03/06 11:53:36.0360 2912 SRTSPX (a14a9aaa8005d411ef1657601f55776d) C:\Windows\system32\drivers\N360x64\0500000.07D\SRTSPX64.SYS
2011/03/06 11:53:36.0391 2912 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/06 11:53:36.0423 2912 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/06 11:53:36.0438 2912 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/06 11:53:36.0469 2912 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/06 11:53:36.0501 2912 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/06 11:53:36.0610 2912 SymDS (6d33d1669b3b6193658129d1767a4aff) C:\Windows\system32\drivers\N360x64\0500000.07D\SYMDS64.SYS
2011/03/06 11:53:36.0641 2912 SymEFA (9acc52c79420236dcb1ab1a17ed0df2e) C:\Windows\system32\drivers\N360x64\0500000.07D\SYMEFA64.SYS
2011/03/06 11:53:36.0688 2912 SymEvent (84e27ca1a5af320a705e767ea53086e5) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/03/06 11:53:36.0766 2912 SymIM (2bcd15af83c4deb107740320f034e8dd) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/03/06 11:53:36.0859 2912 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0500000.07D\Ironx64.SYS
2011/03/06 11:53:36.0906 2912 SymNetS (af56ca02f9dc706709c0a7df5c1dab82) C:\Windows\system32\drivers\N360x64\0500000.07D\SYMNETS.SYS
2011/03/06 11:53:37.0000 2912 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/06 11:53:37.0078 2912 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/06 11:53:37.0125 2912 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/06 11:53:37.0156 2912 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/06 11:53:37.0171 2912 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/06 11:53:37.0203 2912 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/06 11:53:37.0218 2912 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/06 11:53:37.0249 2912 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/06 11:53:37.0296 2912 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/06 11:53:37.0327 2912 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/06 11:53:37.0343 2912 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/06 11:53:37.0374 2912 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/06 11:53:37.0390 2912 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/06 11:53:37.0421 2912 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/06 11:53:37.0452 2912 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/06 11:53:37.0483 2912 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/06 11:53:37.0499 2912 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/06 11:53:37.0515 2912 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/06 11:53:37.0530 2912 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/06 11:53:37.0577 2912 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/06 11:53:37.0593 2912 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/06 11:53:37.0608 2912 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/06 11:53:37.0639 2912 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/06 11:53:37.0655 2912 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/06 11:53:37.0702 2912 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/06 11:53:37.0717 2912 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/06 11:53:37.0733 2912 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/06 11:53:37.0780 2912 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/06 11:53:37.0795 2912 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/06 11:53:37.0811 2912 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/06 11:53:37.0827 2912 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/06 11:53:37.0858 2912 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/06 11:53:37.0873 2912 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/03/06 11:53:37.0889 2912 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/06 11:53:37.0920 2912 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/06 11:53:37.0936 2912 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/06 11:53:37.0983 2912 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/06 11:53:38.0029 2912 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/06 11:53:38.0092 2912 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/06 11:53:38.0123 2912 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/06 11:53:38.0217 2912 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/06 11:53:38.0248 2912 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/06 11:53:38.0279 2912 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/06 11:53:38.0326 2912 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/06 11:53:38.0419 2912 ================================================================================
2011/03/06 11:53:38.0419 2912 Scan finished
2011/03/06 11:53:38.0419 2912 ================================================================================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 06 March 2011 - 03:47 PM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 beerbus

beerbus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 07 March 2011 - 01:33 PM

Gringo,

Will be out of town until Weds. Will run requested test then.

I'll be back.

Thanks!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 07 March 2011 - 02:55 PM

ok no problem

3/10
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 beerbus

beerbus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 09 March 2011 - 03:47 PM

Dear Gringo,

Please find results of Modem test:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Bluelights
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 40-61-86-E1-52-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1d13:bbfb:3deb:d117%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, March 09, 2011 8:22:17 AM
Lease Expires . . . . . . . . . . : Thursday, March 10, 2011 2:27:29 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239100294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-FB-5F-44-40-61-86-E1-52-4E
DNS Servers . . . . . . . . . . . : 213.109.67.27
213.109.72.22
1.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{4502656B-D5AC-465B-9BB6-7409BE266505}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:5b:3ee3:b30f:3032(Preferred)
Link-local IPv6 Address . . . . . : fe80::5b:3ee3:b30f:3032%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 213.109.67.27

Name: google.com
Addresses: 72.14.204.103
72.14.204.104
72.14.204.147
72.14.204.99

Server: UnKnown
Address: 213.109.67.27

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
67.195.160.76
98.137.149.56
69.147.125.65


Pinging google.com [72.14.204.147] with 32 bytes of data:
Reply from 72.14.204.147: bytes=32 time=97ms TTL=49
Reply from 72.14.204.147: bytes=32 time=87ms TTL=55

Ping statistics for 72.14.204.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 87ms, Maximum = 97ms, Average = 92ms

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=88ms TTL=49
Reply from 69.147.125.65: bytes=32 time=78ms TTL=49

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 78ms, Maximum = 88ms, Average = 83ms
===========================================================================
Interface List
11...40 61 86 e1 52 4e ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.107 276
192.168.1.107 255.255.255.255 On-link 192.168.1.107 276
192.168.1.255 255.255.255.255 On-link 192.168.1.107 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.107 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.107 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:5b:3ee3:b30f:3032/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::5b:3ee3:b30f:3032/128
On-link
11 276 fe80::1d13:bbfb:3deb:d117/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 09 March 2011 - 05:04 PM

Hello

Yes it looks like the DNS settings on the router have been changed.

Resetting Router

Letís try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 beerbus

beerbus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 09 March 2011 - 06:35 PM

Gringo,

1. Updated firmware on Router
2. Telneted into router
3. Did hard reset to router
4. Changed password of router
5. Flushed DNS
6. Ran Router.bat

Thanks for your help.

Please see results below:


Windows IP Configuration

Host Name . . . . . . . . . . . . : Bluelights
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 40-61-86-E1-52-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1d13:bbfb:3deb:d117%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, March 09, 2011 8:22:17 AM
Lease Expires . . . . . . . . . . : Thursday, March 10, 2011 6:14:05 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239100294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-FB-5F-44-40-61-86-E1-52-4E
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{4502656B-D5AC-465B-9BB6-7409BE266505}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2087:2b1c:b30f:3032(Preferred)
Link-local IPv6 Address . . . . . : fe80::2087:2b1c:b30f:3032%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server:
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.20
74.125.225.16
74.125.225.19
74.125.225.17
74.125.225.18

Server:
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging google.com [74.125.225.18] with 32 bytes of data:
Reply from 74.125.225.18: bytes=32 time=15ms TTL=51
Reply from 74.125.225.18: bytes=32 time=14ms TTL=55

Ping statistics for 74.125.225.18:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 15ms, Average = 14ms

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=82ms TTL=55
Reply from 72.30.2.43: bytes=32 time=82ms TTL=55

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 82ms, Maximum = 82ms, Average = 82ms
===========================================================================
Interface List
11...40 61 86 e1 52 4e ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.107 276
192.168.1.107 255.255.255.255 On-link 192.168.1.107 276
192.168.1.255 255.255.255.255 On-link 192.168.1.107 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.107 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.107 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:2087:2b1c:b30f:3032/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
11 276 fe80::1d13:bbfb:3deb:d117/128
On-link
13 306 fe80::2087:2b1c:b30f:3032/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:05 PM

Posted 09 March 2011 - 08:55 PM

Hello

How are the redirects now?


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 beerbus

beerbus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 10 March 2011 - 01:39 PM

Gringo,

Redirects have decreased. This is good.

Will run browsers (IE9 and Chrome) more for further evaluation.

Will run malware next.

Back at you Friday or early Saturday with malware results. Am on the road again.

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users