Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I might have an issue


  • Please log in to reply
7 replies to this topic

#1 dobber1978

dobber1978

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 25 May 2011 - 06:40 PM

Ok,

So I use google chrome as my default browser and I have had an issue lately.

I will go to google.com to perform a search, it will search normally and when I go to click on one of the result a totally different website will come up.

For example I did a search for GM as in GM vehicles and when I clicked the top link for gm.ca it went somewhere else. I could type the gm.ca into the address bar and it would work fine but if I click the google search result it doesn't work so great. Heads to some ad site.

This doesn't happen all the time, seems sometimes I can just restart my browser and it works fine again, no idea what would trigger this.

Any suggestions or should I start doing scans and posting the logs here??

Thanks
Jeff

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 AM

Posted 25 May 2011 - 07:25 PM

Hello, I moved this to Am I Infected. This forum has log requirements and as there are none you will get skipped.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dobber1978

dobber1978
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 26 May 2011 - 05:23 PM

Ok, performed the two recommended scans and nothing was found. Logs are below.

TDSS Killer Log File

2011/05/26 17:33:19.0739 7480 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/26 17:33:20.0207 7480 ================================================================================
2011/05/26 17:33:20.0207 7480 SystemInfo:
2011/05/26 17:33:20.0207 7480
2011/05/26 17:33:20.0207 7480 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/26 17:33:20.0207 7480 Product type: Workstation
2011/05/26 17:33:20.0207 7480 ComputerName: LISA-PC
2011/05/26 17:33:20.0207 7480 UserName: Lisa
2011/05/26 17:33:20.0207 7480 Windows directory: C:\Windows
2011/05/26 17:33:20.0207 7480 System windows directory: C:\Windows
2011/05/26 17:33:20.0207 7480 Processor architecture: Intel x86
2011/05/26 17:33:20.0207 7480 Number of processors: 2
2011/05/26 17:33:20.0207 7480 Page size: 0x1000
2011/05/26 17:33:20.0207 7480 Boot type: Normal boot
2011/05/26 17:33:20.0207 7480 ================================================================================
2011/05/26 17:33:21.0580 7480 Initialize success
2011/05/26 17:33:29.0864 6244 ================================================================================
2011/05/26 17:33:29.0864 6244 Scan started
2011/05/26 17:33:29.0864 6244 Mode: Manual;
2011/05/26 17:33:29.0864 6244 ================================================================================
2011/05/26 17:33:31.0003 6244 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/26 17:33:31.0065 6244 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/26 17:33:31.0112 6244 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/26 17:33:31.0174 6244 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/26 17:33:31.0205 6244 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/26 17:33:31.0283 6244 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/26 17:33:31.0346 6244 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/26 17:33:31.0424 6244 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/26 17:33:31.0486 6244 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/05/26 17:33:31.0517 6244 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/26 17:33:31.0564 6244 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/05/26 17:33:31.0611 6244 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/26 17:33:31.0642 6244 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/26 17:33:31.0720 6244 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/26 17:33:31.0751 6244 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/26 17:33:31.0829 6244 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/26 17:33:31.0861 6244 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/26 17:33:31.0923 6244 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/05/26 17:33:31.0970 6244 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/26 17:33:32.0095 6244 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
2011/05/26 17:33:32.0235 6244 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/26 17:33:32.0282 6244 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/26 17:33:32.0329 6244 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/26 17:33:32.0375 6244 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/26 17:33:32.0438 6244 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/26 17:33:32.0500 6244 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/26 17:33:32.0547 6244 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/26 17:33:32.0609 6244 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/26 17:33:32.0687 6244 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/26 17:33:32.0734 6244 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/26 17:33:32.0797 6244 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/26 17:33:32.0859 6244 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/26 17:33:32.0953 6244 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/26 17:33:32.0999 6244 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/05/26 17:33:33.0062 6244 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/26 17:33:33.0124 6244 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/26 17:33:33.0187 6244 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/26 17:33:33.0265 6244 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/26 17:33:33.0327 6244 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/26 17:33:33.0421 6244 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/26 17:33:33.0499 6244 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/26 17:33:33.0592 6244 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/26 17:33:33.0686 6244 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/26 17:33:33.0779 6244 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/26 17:33:33.0935 6244 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/26 17:33:34.0013 6244 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/26 17:33:34.0201 6244 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/26 17:33:34.0294 6244 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/26 17:33:34.0357 6244 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/26 17:33:34.0466 6244 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/26 17:33:34.0528 6244 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/26 17:33:34.0559 6244 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/26 17:33:34.0731 6244 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/26 17:33:34.0856 6244 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
2011/05/26 17:33:34.0949 6244 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/26 17:33:35.0027 6244 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/26 17:33:35.0121 6244 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/26 17:33:35.0246 6244 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/26 17:33:35.0339 6244 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/26 17:33:35.0386 6244 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/26 17:33:35.0433 6244 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/26 17:33:35.0511 6244 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/26 17:33:35.0573 6244 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/26 17:33:35.0651 6244 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/26 17:33:35.0745 6244 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/26 17:33:35.0839 6244 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/26 17:33:36.0041 6244 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/26 17:33:36.0166 6244 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/26 17:33:36.0213 6244 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/26 17:33:36.0353 6244 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110518.001\IDSvix86.sys
2011/05/26 17:33:36.0431 6244 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/26 17:33:36.0494 6244 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/26 17:33:36.0541 6244 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/26 17:33:36.0603 6244 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/26 17:33:36.0697 6244 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/26 17:33:36.0775 6244 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/26 17:33:36.0837 6244 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/26 17:33:36.0884 6244 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/26 17:33:36.0962 6244 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/26 17:33:37.0009 6244 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/26 17:33:37.0040 6244 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/26 17:33:37.0087 6244 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/26 17:33:37.0118 6244 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/05/26 17:33:37.0180 6244 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/26 17:33:37.0274 6244 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/26 17:33:37.0352 6244 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/26 17:33:37.0383 6244 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/26 17:33:37.0414 6244 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/26 17:33:37.0477 6244 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/26 17:33:37.0539 6244 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/26 17:33:37.0617 6244 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/26 17:33:37.0664 6244 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/26 17:33:37.0711 6244 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/26 17:33:37.0757 6244 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/26 17:33:37.0804 6244 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/26 17:33:37.0898 6244 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/26 17:33:37.0976 6244 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/26 17:33:38.0023 6244 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/26 17:33:38.0069 6244 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/26 17:33:38.0116 6244 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/26 17:33:38.0179 6244 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/26 17:33:38.0225 6244 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/26 17:33:38.0272 6244 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/05/26 17:33:38.0350 6244 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/26 17:33:38.0428 6244 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/26 17:33:38.0491 6244 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/26 17:33:38.0553 6244 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/26 17:33:38.0584 6244 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/26 17:33:38.0615 6244 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/26 17:33:38.0678 6244 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/26 17:33:38.0725 6244 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/26 17:33:38.0771 6244 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/26 17:33:38.0818 6244 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/26 17:33:38.0912 6244 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/26 17:33:39.0005 6244 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110526.002\NAVENG.SYS
2011/05/26 17:33:39.0099 6244 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110526.002\NAVEX15.SYS
2011/05/26 17:33:39.0255 6244 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/26 17:33:39.0302 6244 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/26 17:33:39.0364 6244 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/26 17:33:39.0427 6244 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/26 17:33:39.0473 6244 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/26 17:33:39.0505 6244 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/26 17:33:39.0551 6244 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/26 17:33:39.0692 6244 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/05/26 17:33:39.0801 6244 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/26 17:33:39.0863 6244 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/26 17:33:39.0910 6244 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/26 17:33:39.0988 6244 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/26 17:33:40.0051 6244 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/26 17:33:40.0097 6244 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/26 17:33:40.0144 6244 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/26 17:33:40.0191 6244 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/26 17:33:40.0238 6244 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/26 17:33:40.0378 6244 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/26 17:33:40.0456 6244 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/26 17:33:40.0519 6244 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/26 17:33:40.0550 6244 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/26 17:33:40.0612 6244 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/26 17:33:40.0659 6244 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
2011/05/26 17:33:40.0706 6244 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/26 17:33:40.0799 6244 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/26 17:33:40.0940 6244 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/26 17:33:40.0987 6244 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/26 17:33:41.0080 6244 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/26 17:33:41.0158 6244 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/26 17:33:41.0252 6244 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/26 17:33:41.0314 6244 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/26 17:33:41.0423 6244 R300 (9afa62db7f553a0f1f52c70b738b0064) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/26 17:33:41.0517 6244 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/26 17:33:41.0579 6244 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/26 17:33:41.0626 6244 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/26 17:33:41.0689 6244 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/26 17:33:41.0735 6244 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/26 17:33:41.0782 6244 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/26 17:33:41.0829 6244 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/26 17:33:41.0860 6244 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/26 17:33:41.0969 6244 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/26 17:33:42.0063 6244 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/05/26 17:33:42.0110 6244 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/05/26 17:33:42.0172 6244 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/26 17:33:42.0235 6244 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/26 17:33:42.0313 6244 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/26 17:33:42.0359 6244 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/26 17:33:42.0422 6244 Ser2pl (e42f03d1081c4f60d3db6c38235b1456) C:\Windows\system32\DRIVERS\ser2pl.sys
2011/05/26 17:33:42.0453 6244 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/26 17:33:42.0500 6244 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/26 17:33:42.0547 6244 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/26 17:33:42.0640 6244 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/26 17:33:42.0656 6244 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/26 17:33:42.0703 6244 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/26 17:33:42.0734 6244 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/26 17:33:42.0796 6244 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/26 17:33:42.0827 6244 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/26 17:33:42.0874 6244 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/26 17:33:42.0983 6244 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/26 17:33:43.0030 6244 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/26 17:33:43.0155 6244 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
2011/05/26 17:33:43.0202 6244 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
2011/05/26 17:33:43.0264 6244 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/26 17:33:43.0311 6244 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/26 17:33:43.0358 6244 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/26 17:33:43.0436 6244 ss_bus (54946449a0eb74915a4bb34f7ee51a5a) C:\Windows\system32\DRIVERS\ss_bus.sys
2011/05/26 17:33:43.0483 6244 ss_mdfl (4450bc0b2e9d7d9b90e3c3de4ea00a78) C:\Windows\system32\DRIVERS\ss_mdfl.sys
2011/05/26 17:33:43.0529 6244 ss_mdm (30b8d0dd01ead1243f329caf7d7d1517) C:\Windows\system32\DRIVERS\ss_mdm.sys
2011/05/26 17:33:43.0592 6244 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/26 17:33:43.0654 6244 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/26 17:33:43.0701 6244 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS
2011/05/26 17:33:43.0763 6244 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
2011/05/26 17:33:43.0826 6244 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/05/26 17:33:43.0873 6244 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS
2011/05/26 17:33:43.0951 6244 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS
2011/05/26 17:33:44.0013 6244 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/26 17:33:44.0060 6244 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/26 17:33:44.0169 6244 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/26 17:33:44.0247 6244 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/26 17:33:44.0294 6244 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/26 17:33:44.0356 6244 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/26 17:33:44.0403 6244 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/26 17:33:44.0465 6244 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/26 17:33:44.0512 6244 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/26 17:33:44.0621 6244 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/26 17:33:44.0653 6244 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/26 17:33:44.0699 6244 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/26 17:33:44.0746 6244 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/26 17:33:44.0824 6244 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/26 17:33:44.0887 6244 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/26 17:33:44.0933 6244 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/26 17:33:45.0011 6244 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/26 17:33:45.0058 6244 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/26 17:33:45.0121 6244 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/26 17:33:45.0199 6244 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/26 17:33:45.0261 6244 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/26 17:33:45.0339 6244 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/26 17:33:45.0401 6244 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/26 17:33:45.0448 6244 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/26 17:33:45.0495 6244 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/26 17:33:45.0526 6244 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/26 17:33:45.0589 6244 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/26 17:33:45.0635 6244 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/26 17:33:45.0682 6244 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/26 17:33:45.0745 6244 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/26 17:33:45.0791 6244 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/26 17:33:45.0838 6244 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/26 17:33:45.0869 6244 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/26 17:33:45.0932 6244 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/05/26 17:33:45.0994 6244 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/26 17:33:46.0057 6244 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/26 17:33:46.0119 6244 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/26 17:33:46.0166 6244 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/26 17:33:46.0244 6244 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/26 17:33:46.0306 6244 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 17:33:46.0337 6244 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 17:33:46.0384 6244 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/26 17:33:46.0447 6244 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/26 17:33:46.0556 6244 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/26 17:33:46.0696 6244 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/26 17:33:46.0805 6244 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/26 17:33:46.0852 6244 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/26 17:33:46.0930 6244 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/26 17:33:47.0008 6244 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/05/26 17:33:47.0024 6244 ================================================================================
2011/05/26 17:33:47.0024 6244 Scan finished
2011/05/26 17:33:47.0024 6244 ================================================================================
2011/05/26 17:33:47.0039 7252 Detected object count: 0
2011/05/26 17:33:47.0039 7252 Actual detected object count: 0
2011/05/26 17:34:10.0486 3736 Deinitialize success






Malwarebytes Scan Log



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6686

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

26/05/2011 5:48:14 PM
mbam-log-2011-05-26 (17-48-14).txt

Scan type: Quick scan
Objects scanned: 156329
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 AM

Posted 26 May 2011 - 07:25 PM

Hello, are you using a router and are there other PC's connected?


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dobber1978

dobber1978
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 27 May 2011 - 04:16 PM

We have cable coming into the home connected to cable modem, cable modem connected to our VoIP and VoIP connected to a wireless router. The wireless router has one computer hard wired, this computer run Ubuntu. One the wireless there is this machine that is infected, a Wii, Ipod, etc...

Here is the scan from ESET


C:\Users\Lisa\Downloads\AutorunDabblerToolkit.zip INF/Autorun.gen trojan deleted - quarantined


Thats it, one found, one deleted.

Jeff

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 AM

Posted 27 May 2011 - 06:49 PM

Hello, we have 3 more items to try.
First
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


Second
If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address,
then you may proceed.



We'll do the third if needed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 dobber1978

dobber1978
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 29 May 2011 - 03:56 PM

I ran the gooredfix, log is below

I haven't had it redirect recently, that is in the last day or two, I will keep posted if it continues to happen.

Thanks
Jeff

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:52 on 29/05/2011 (Lisa)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:55 12/05/2011]

C:\Users\Lisa\Application Data\Mozilla\Firefox\Profiles\s8p9j357.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [16:45 18/03/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:05 09/01/2010]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\" [01:56 18/10/2010]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [00:19 15/12/2010]

-=E.O.F=-

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 AM

Posted 29 May 2011 - 09:44 PM

You're welcome. In a day or two if there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users