Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

yahoo redirect


  • This topic is locked This topic is locked
20 replies to this topic

#1 Tami H

Tami H

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 09 September 2011 - 07:28 PM

Hi there. Our home computer (Dell Xperion with Windows XP Home edition 32) has been infected with some sort of malware. I think we got it off of one our girls' game sites. :( anyway.... I've been running Avast anti virus scan / and boot scan and also MalwareBytes Anti Malware, but it doesn't seem to be finding all of the files. It might work ok for a couple of searches, but then it will start redirecting again. I've been deleting all of the temp internet files before running the scans, but it's still not taking care of it. I'm not super computer saavy, but I try very hard to figure things out. It would be wonderful if you could help me solve this. Were a little low on funds to actually take it into a computer shop, so we'd love to be able to fix it ourselves. I do have screen shots of what the redirect looks like, if you need that.
Also, we use Mozilla browser....and it does not redirect when we use the google search bar. It only does it with yahoo.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 09 September 2011 - 08:15 PM

Hello, please run these,post the logs and tell me how it is now.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Tami H

Tami H
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 September 2011 - 08:09 AM

Hi -- i ran the TDSSKiller but it didn't find anything. Here is the log from the MiniToolBox:
MiniToolBox by Farbar
Ran by Tami (administrator) on 10-09-2011 at 09:06:49
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : HANKEYFAMILY

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

Physical Address. . . . . . . . . : 00-13-72-06-33-59

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.65

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Saturday, September 10, 2011 8:40:25 AM

Lease Expires . . . . . . . . . . : Sunday, September 11, 2011 8:40:25 AM

Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.225.50, 74.125.225.49, 74.125.225.48, 74.125.225.52
74.125.225.51



Pinging google.com [74.125.225.51] with 32 bytes of data:



Reply from 74.125.225.51: bytes=32 time=16ms TTL=55

Reply from 74.125.225.51: bytes=32 time=16ms TTL=54



Ping statistics for 74.125.225.51:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 16ms, Average = 16ms

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=31ms TTL=50

Reply from 67.195.160.76: bytes=32 time=30ms TTL=50



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 31ms, Average = 30ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 06 33 59 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.65 192.168.1.65 20
192.168.1.0 255.255.255.0 192.168.1.65 192.168.1.65 20
192.168.1.65 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.65 192.168.1.65 20
224.0.0.0 240.0.0.0 192.168.1.65 192.168.1.65 20
255.255.255.255 255.255.255.255 192.168.1.65 192.168.1.65 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\VetRedir.dll [74864] (Computer Associates International, Inc.)
Catalog9 02 C:\WINDOWS\system32\VetRedir.dll [74864] (Computer Associates International, Inc.)
Catalog9 03 C:\WINDOWS\system32\VetRedir.dll [74864] (Computer Associates International, Inc.)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\VetRedir.dll [74864] (Computer Associates International, Inc.)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/08/2011 08:43:39 PM) (Source: Application Error) (User: )
Description: Faulting application mom.exe, version 2.0.0.0, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Processing media-specific event for [mom.exe!ws!]

Error: (09/08/2011 08:42:51 PM) (Source: Application Error) (User: )
Description: Faulting application dacsminiapp.exe, version 1.0.2994.19633, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Processing media-specific event for [dacsminiapp.exe!ws!]

Error: (09/08/2011 03:21:46 PM) (Source: Application Error) (User: )
Description: Faulting application mom.exe, version 2.0.0.0, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Processing media-specific event for [mom.exe!ws!]

Error: (09/08/2011 03:21:10 PM) (Source: Application Error) (User: )
Description: Faulting application dacsminiapp.exe, version 1.0.2994.19633, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Processing media-specific event for [dacsminiapp.exe!ws!]

Error: (09/07/2011 09:32:47 AM) (Source: Application Error) (User: )
Description: Faulting application mom.exe, version 2.0.0.0, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Processing media-specific event for [mom.exe!ws!]

Error: (09/07/2011 09:32:25 AM) (Source: Application Error) (User: )
Description: Faulting application dacsminiapp.exe, version 1.0.2994.19633, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Processing media-specific event for [dacsminiapp.exe!ws!]

Error: (09/06/2011 07:26:11 PM) (Source: Application Error) (User: )
Description: Faulting application mom.exe, version 2.0.0.0, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Processing media-specific event for [mom.exe!ws!]

Error: (09/06/2011 07:24:55 PM) (Source: Application Error) (User: )
Description: Faulting application dacsminiapp.exe, version 1.0.2994.19633, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Processing media-specific event for [dacsminiapp.exe!ws!]

Error: (09/06/2011 08:45:32 AM) (Source: Application Error) (User: )
Description: Faulting application mom.exe, version 2.0.0.0, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Processing media-specific event for [mom.exe!ws!]

Error: (09/06/2011 08:45:04 AM) (Source: Application Error) (User: )
Description: Faulting application dacsminiapp.exe, version 1.0.2994.19633, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Processing media-specific event for [dacsminiapp.exe!ws!]


System errors:
=============
Error: (09/10/2011 08:41:53 AM) (Source: Service Control Manager) (User: )
Description: The VET Message Service service depends on the CAISafe service which failed to start because of the following error:
%%2

Error: (09/10/2011 08:41:53 AM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (09/10/2011 08:41:53 AM) (Source: Service Control Manager) (User: )
Description: The CAISafe service failed to start due to the following error:
%%2

Error: (09/08/2011 03:21:48 PM) (Source: Service Control Manager) (User: )
Description: The VET Message Service service depends on the CAISafe service which failed to start because of the following error:
%%2

Error: (09/08/2011 03:21:48 PM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (09/08/2011 03:21:48 PM) (Source: Service Control Manager) (User: )
Description: The CAISafe service failed to start due to the following error:
%%2

Error: (09/07/2011 09:27:42 AM) (Source: Service Control Manager) (User: )
Description: The VET Message Service service depends on the CAISafe service which failed to start because of the following error:
%%2

Error: (09/07/2011 09:27:42 AM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (09/07/2011 09:27:42 AM) (Source: Service Control Manager) (User: )
Description: The CAISafe service failed to start due to the following error:
%%2

Error: (09/06/2011 10:22:57 PM) (Source: Service Control Manager) (User: )
Description: The VET Message Service service depends on the CAISafe service which failed to start because of the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (09/08/2011 08:43:39 PM) (Source: Application Error)(User: )
Description: mom.exe2.0.0.0kernel32.dll5.1.2600.354100012a6b

Error: (09/08/2011 08:42:51 PM) (Source: Application Error)(User: )
Description: dacsminiapp.exe1.0.2994.19633kernel32.dll5.1.2600.354100012a6b

Error: (09/08/2011 03:21:46 PM) (Source: Application Error)(User: )
Description: mom.exe2.0.0.0kernel32.dll5.1.2600.354100012a6b

Error: (09/08/2011 03:21:10 PM) (Source: Application Error)(User: )
Description: dacsminiapp.exe1.0.2994.19633kernel32.dll5.1.2600.354100012a6b

Error: (09/07/2011 09:32:47 AM) (Source: Application Error)(User: )
Description: mom.exe2.0.0.0kernel32.dll5.1.2600.354100012a6b

Error: (09/07/2011 09:32:25 AM) (Source: Application Error)(User: )
Description: dacsminiapp.exe1.0.2994.19633kernel32.dll5.1.2600.354100012a6b

Error: (09/06/2011 07:26:11 PM) (Source: Application Error)(User: )
Description: mom.exe2.0.0.0kernel32.dll5.1.2600.354100012a6b

Error: (09/06/2011 07:24:55 PM) (Source: Application Error)(User: )
Description: dacsminiapp.exe1.0.2994.19633kernel32.dll5.1.2600.354100012a6b

Error: (09/06/2011 08:45:32 AM) (Source: Application Error)(User: )
Description: mom.exe2.0.0.0kernel32.dll5.1.2600.354100012a6b

Error: (09/06/2011 08:45:04 AM) (Source: Application Error)(User: )
Description: dacsminiapp.exe1.0.2994.19633kernel32.dll5.1.2600.354100012a6b


=========================== Installed Programs ============================

Ad-Aware (Version: 9.5.0)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Illustrator 10 (Version: 10)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Adobe Shockwave Player (Version: 11)
Adobe SVG Viewer 3.0 (Version: 3.0)
Andrea VoiceCenter
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Camera Suite
AT&T Yahoo! Browser Configuration
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.008.1201.1503)
ATI Display Driver (Version: 8.561-081201a1-072271C-ATI)
avast! Free Antivirus (Version: 6.0.1289.0)
Bonjour (Version: 3.0.0.2)
Camera Window (Version: 4.5.2)
Canon Camera Window for ZoomBrowser EX (Version: 4.5.2)
Canon PhotoRecord (Version: 02.00.00029)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.0)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.0.1)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.11)
Canon Utilities ZoomBrowser EX (Version: 04.05.01148)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.1201.1504.27008)
Catalyst Control Center Graphics Full Existing (Version: 2008.1201.1504.27008)
Catalyst Control Center Graphics Full New (Version: 2008.1201.1504.27008)
Catalyst Control Center Graphics Light (Version: 2008.1201.1504.27008)
Catalyst Control Center Graphics Previews Common (Version: 2008.1201.1504.27008)
Catalyst Control Center HydraVision Full (Version: 2008.1201.1504.27008)
ccc-core-preinstall (Version: 2008.1201.1504.27008)
ccc-core-static (Version: 2008.1201.1504.27008)
ccc-utility (Version: 2008.1201.1504.27008)
CCC Help English (Version: 2008.1201.1503.27008)
CCleaner (Version: 3.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.1)
Creative MediaSource (Version: 3.00)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Game Console
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Content Portal (Version: 1.00.0000)
Digital Line Detect (Version: 1.10)
EducateU (Version: 1.00.0000)
EndNote 9.0.1 Volume License Edition (Version: 9.0.1.1748)
Fisher-Priceģ - Toddler
GemMaster Mystic
Google AFE
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.69)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Memories Disc (Version: 1.0.4.805)
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000)
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000)
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series (Version: 1.10.0000)
InstallMgr (Version: 1.0.39.0)
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.30.0000)
iTunes (Version: 10.4.1.10)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 15 (Version: 6.0.150)
Java™ 6 Update 20 (Version: 6.0.200)
Lernout & Hauspie TruVoice American English TTS Engine
Macromedia Flash Player (Version: 7.0.19.0)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Default Manager (Version: 1.1.53.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Modem Helper (Version: 2.40)
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
MSN Toolbar (Version: 1.0.39.0)
MSN Toolbar (Version: 3.0.1125.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
PeoplePC Common Authentication (Version: 1.0.87.0)
PhotoStitch (Version: 3.1.11)
PowerDVD 5.5
QuickBooks Simple Start Special Edition (Version: )
QuickTime (Version: 7.70.80.34)
RAW Image Task (Version: 0.9.0)
RemoteCapture Task 1.0.1 (Version: 1.0.1)
Safari (Version: 5.34.50.0)
Shutterfly Express Uploader (Version: 1.0.0)
Shutterfly Express Uploader (Version: 1.0.0.4)
Skins (Version: 2008.1201.1504.27008)
Sonic DLA (Version: 4.98)
Sonic Encoders (Version: 1.00)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
Sound Blaster Audigy ADVANCED MB Product Registration
The Digital Arts and Crafts Studio (Version: 1.0.0000)
UM150 Firmware Updates (Version: 1.0.0)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP (Version: 9.50.7523)
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB885250 (Version: 20050118.202711)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB886185 (Version: 20041021.090540)
Windows XP Hotfix - KB887472 (Version: 20041014.162858)
Windows XP Hotfix - KB887742 (Version: 20041103.095002)
Windows XP Hotfix - KB888113 (Version: 20041116.131036)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB888310 (Version: 20041027.095746)
Windows XP Hotfix - KB889673 (Version: 20041116.085848)
Windows XP Hotfix - KB890175 (Version: 20041201.233338)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB890927 (Version: 20050111.122717)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 1022.09 MB
Available physical RAM: 490.75 MB
Total Pagefile: 2458.19 MB
Available Pagefile: 1989.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:69.79 GB) (Free:45.64 GB) NTFS
3 Drive e: (AMERICAS EMEA1) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\HANKEYFAMILY

Administrator Brian Guest
HelpAssistant Kate Loral
SUPPORT_388945a0 Tami

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#4 Tami H

Tami H
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 September 2011 - 08:24 AM

this is the log from the malware scan:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7689

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

9/10/2011 9:23:42 AM
mbam-log-2011-09-10 (09-23-42).txt

Scan type: Quick scan
Objects scanned: 230451
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

#5 Tami H

Tami H
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 September 2011 - 08:25 AM

oh -- we are not on a router. it's just one pc in the home.

#6 Tami H

Tami H
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 September 2011 - 08:26 AM

just tried a search, and it's still redirecting. And not sure if this matters, but when i downloaded the tdsskiller, it didn't put an icon on my desktop. the program opened on it's own and i clicked start scan.

Edited by Tami H, 10 September 2011 - 08:28 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 10 September 2011 - 06:23 PM

Hi, Tdss created a long log though correct.

Do you use Firefox?




If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address,
then you may proceed.





Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Edited by boopme, 10 September 2011 - 06:27 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Tami H

Tami H
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 September 2011 - 08:08 PM

Ok -- I've done everything you said above and it's still redirecting. It only happens when we use the google or yahoo toolbar on firefox. Should i uninstall those?

Edited by Tami H, 10 September 2011 - 08:12 PM.


#9 Tami H

Tami H
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 September 2011 - 08:15 PM

Here is the log for the tdsskiller:

2011/09/10 21:14:35.0843 0528 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/10 21:14:36.0343 0528 ================================================================================
2011/09/10 21:14:36.0343 0528 SystemInfo:
2011/09/10 21:14:36.0343 0528
2011/09/10 21:14:36.0343 0528 OS Version: 5.1.2600 ServicePack: 2.0
2011/09/10 21:14:36.0343 0528 Product type: Workstation
2011/09/10 21:14:36.0343 0528 ComputerName: HANKEYFAMILY
2011/09/10 21:14:36.0343 0528 UserName: Tami
2011/09/10 21:14:36.0343 0528 Windows directory: C:\WINDOWS
2011/09/10 21:14:36.0343 0528 System windows directory: C:\WINDOWS
2011/09/10 21:14:36.0343 0528 Processor architecture: Intel x86
2011/09/10 21:14:36.0343 0528 Number of processors: 2
2011/09/10 21:14:36.0343 0528 Page size: 0x1000
2011/09/10 21:14:36.0343 0528 Boot type: Normal boot
2011/09/10 21:14:36.0343 0528 ================================================================================
2011/09/10 21:14:36.0734 0528 Initialize success
2011/09/10 21:14:39.0828 2512 ================================================================================
2011/09/10 21:14:39.0828 2512 Scan started
2011/09/10 21:14:39.0828 2512 Mode: Manual;
2011/09/10 21:14:39.0828 2512 ================================================================================
2011/09/10 21:14:40.0093 2512 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/09/10 21:14:40.0171 2512 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/10 21:14:40.0218 2512 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/10 21:14:40.0281 2512 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/10 21:14:40.0312 2512 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/10 21:14:40.0375 2512 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/09/10 21:14:40.0421 2512 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/09/10 21:14:40.0453 2512 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/09/10 21:14:40.0484 2512 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/10 21:14:40.0531 2512 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/10 21:14:40.0578 2512 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/10 21:14:40.0625 2512 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/10 21:14:40.0671 2512 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/10 21:14:40.0687 2512 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/10 21:14:40.0703 2512 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/10 21:14:40.0734 2512 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/10 21:14:40.0750 2512 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/10 21:14:40.0781 2512 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/10 21:14:40.0796 2512 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/10 21:14:40.0828 2512 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/10 21:14:40.0875 2512 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/09/10 21:14:40.0921 2512 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/09/10 21:14:40.0953 2512 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/09/10 21:14:41.0046 2512 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/09/10 21:14:41.0187 2512 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
2011/09/10 21:14:41.0250 2512 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/09/10 21:14:41.0328 2512 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/10 21:14:41.0375 2512 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/10 21:14:41.0531 2512 ati2mtag (15b2fe76e2eceb98c49ed52311a6f26f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/10 21:14:41.0703 2512 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/10 21:14:41.0781 2512 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/10 21:14:41.0828 2512 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/10 21:14:41.0921 2512 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/10 21:14:41.0921 2512 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/10 21:14:41.0953 2512 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/10 21:14:41.0984 2512 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/10 21:14:42.0031 2512 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/10 21:14:42.0078 2512 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/10 21:14:42.0140 2512 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/10 21:14:42.0187 2512 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/10 21:14:42.0234 2512 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/09/10 21:14:42.0265 2512 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2011/09/10 21:14:42.0296 2512 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/10 21:14:42.0312 2512 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/10 21:14:42.0343 2512 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/10 21:14:42.0390 2512 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/10 21:14:42.0515 2512 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/10 21:14:42.0531 2512 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/10 21:14:42.0578 2512 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/10 21:14:42.0609 2512 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/10 21:14:42.0640 2512 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/10 21:14:42.0656 2512 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/09/10 21:14:42.0687 2512 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/09/10 21:14:42.0828 2512 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/09/10 21:14:42.0875 2512 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/09/10 21:14:42.0921 2512 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/10 21:14:42.0953 2512 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/09/10 21:14:43.0000 2512 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/10 21:14:43.0062 2512 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/10 21:14:43.0093 2512 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/10 21:14:43.0125 2512 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/10 21:14:43.0171 2512 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/10 21:14:43.0187 2512 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/10 21:14:43.0218 2512 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/10 21:14:43.0250 2512 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/10 21:14:43.0281 2512 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/10 21:14:43.0343 2512 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/10 21:14:43.0390 2512 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/10 21:14:43.0421 2512 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/10 21:14:43.0468 2512 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/10 21:14:43.0546 2512 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/10 21:14:43.0578 2512 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/10 21:14:43.0609 2512 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/09/10 21:14:43.0656 2512 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/09/10 21:14:43.0734 2512 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/10 21:14:43.0765 2512 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/10 21:14:43.0796 2512 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/10 21:14:43.0828 2512 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/10 21:14:43.0921 2512 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
2011/09/10 21:14:43.0968 2512 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/10 21:14:44.0015 2512 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/10 21:14:44.0031 2512 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/10 21:14:44.0062 2512 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/10 21:14:44.0109 2512 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/10 21:14:44.0156 2512 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/10 21:14:44.0171 2512 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/10 21:14:44.0218 2512 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/10 21:14:44.0250 2512 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/10 21:14:44.0281 2512 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/10 21:14:44.0343 2512 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/10 21:14:44.0375 2512 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/10 21:14:44.0406 2512 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/10 21:14:44.0421 2512 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/10 21:14:44.0500 2512 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/10 21:14:44.0656 2512 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/09/10 21:14:44.0718 2512 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/10 21:14:44.0765 2512 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/10 21:14:44.0812 2512 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/09/10 21:14:44.0843 2512 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/10 21:14:44.0875 2512 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/10 21:14:44.0890 2512 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/10 21:14:44.0906 2512 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/10 21:14:44.0968 2512 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/10 21:14:44.0984 2512 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/10 21:14:45.0000 2512 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/10 21:14:45.0046 2512 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/10 21:14:45.0093 2512 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/10 21:14:45.0171 2512 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/10 21:14:45.0218 2512 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/10 21:14:45.0265 2512 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/10 21:14:45.0281 2512 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/10 21:14:45.0296 2512 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/10 21:14:45.0328 2512 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/10 21:14:45.0359 2512 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/10 21:14:45.0390 2512 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/10 21:14:45.0421 2512 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/10 21:14:45.0437 2512 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/10 21:14:45.0453 2512 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/10 21:14:45.0484 2512 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/10 21:14:45.0562 2512 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/10 21:14:45.0609 2512 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/10 21:14:45.0656 2512 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/10 21:14:45.0687 2512 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/10 21:14:45.0796 2512 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/10 21:14:45.0890 2512 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/10 21:14:45.0921 2512 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/10 21:14:45.0968 2512 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/09/10 21:14:46.0000 2512 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/10 21:14:46.0031 2512 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/10 21:14:46.0078 2512 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/10 21:14:46.0140 2512 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/10 21:14:46.0187 2512 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/10 21:14:46.0218 2512 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/10 21:14:46.0343 2512 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/10 21:14:46.0359 2512 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/10 21:14:46.0421 2512 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/10 21:14:46.0437 2512 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/10 21:14:46.0531 2512 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/10 21:14:46.0593 2512 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/10 21:14:46.0625 2512 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/10 21:14:46.0640 2512 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/10 21:14:46.0671 2512 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/10 21:14:46.0687 2512 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/10 21:14:46.0765 2512 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/10 21:14:46.0812 2512 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/10 21:14:46.0859 2512 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/10 21:14:46.0890 2512 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/10 21:14:46.0921 2512 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/10 21:14:46.0968 2512 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/10 21:14:46.0984 2512 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/10 21:14:47.0015 2512 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/10 21:14:47.0078 2512 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/10 21:14:47.0109 2512 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/10 21:14:47.0218 2512 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/10 21:14:47.0250 2512 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/10 21:14:47.0281 2512 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/10 21:14:47.0343 2512 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/10 21:14:47.0453 2512 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
2011/09/10 21:14:47.0531 2512 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/10 21:14:47.0562 2512 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/10 21:14:47.0609 2512 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/10 21:14:47.0656 2512 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/10 21:14:47.0718 2512 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/10 21:14:47.0812 2512 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/09/10 21:14:47.0828 2512 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/09/10 21:14:47.0906 2512 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/10 21:14:47.0937 2512 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/10 21:14:47.0968 2512 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/10 21:14:48.0015 2512 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/10 21:14:48.0031 2512 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/10 21:14:48.0046 2512 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/10 21:14:48.0062 2512 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/10 21:14:48.0109 2512 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/10 21:14:48.0171 2512 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/10 21:14:48.0234 2512 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/10 21:14:48.0250 2512 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/10 21:14:48.0296 2512 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/10 21:14:48.0343 2512 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/09/10 21:14:48.0390 2512 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/09/10 21:14:48.0421 2512 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/09/10 21:14:48.0437 2512 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2011/09/10 21:14:48.0453 2512 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/09/10 21:14:48.0484 2512 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/09/10 21:14:48.0500 2512 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/09/10 21:14:48.0515 2512 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/09/10 21:14:48.0546 2512 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/09/10 21:14:48.0593 2512 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/10 21:14:48.0625 2512 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/10 21:14:48.0656 2512 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/10 21:14:48.0750 2512 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/10 21:14:48.0828 2512 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/10 21:14:48.0859 2512 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/10 21:14:48.0890 2512 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/10 21:14:48.0906 2512 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/10 21:14:48.0937 2512 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/10 21:14:48.0968 2512 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/10 21:14:49.0000 2512 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/10 21:14:49.0046 2512 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/10 21:14:49.0093 2512 VET-FILT (4357fb4c00702cc1e2c7b8e43e73c72d) C:\WINDOWS\system32\drivers\VET-FILT.sys
2011/09/10 21:14:49.0125 2512 VET-REC (4cecb83be879ee3b7ae467b4a300a79f) C:\WINDOWS\system32\drivers\VET-REC.sys
2011/09/10 21:14:49.0171 2512 VETEBOOT (d5c1697210edf1187f049a5ef621e6a7) C:\WINDOWS\system32\drivers\VETEBOOT.sys
2011/09/10 21:14:49.0234 2512 VETEFILE (7aab9f9b4db329b0bd9ad9cfce563000) C:\WINDOWS\system32\drivers\VETEFILE.sys
2011/09/10 21:14:49.0296 2512 VETFDDNT (88130b90303b7672d4854e9e6de9fddd) C:\WINDOWS\system32\drivers\VETFDDNT.sys
2011/09/10 21:14:49.0328 2512 VETMONNT (f6dd77d84d76b8f7640a753af0952771) C:\WINDOWS\system32\drivers\VETMONNT.sys
2011/09/10 21:14:49.0359 2512 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/09/10 21:14:49.0390 2512 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/10 21:14:49.0406 2512 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/10 21:14:49.0453 2512 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/10 21:14:49.0484 2512 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/10 21:14:49.0546 2512 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/10 21:14:49.0625 2512 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/10 21:14:49.0718 2512 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
2011/09/10 21:14:49.0750 2512 Boot (0x1200) (82fa6d9fba19c25652238012190acc0e) \Device\Harddisk0\DR0\Partition0
2011/09/10 21:14:49.0750 2512 ================================================================================
2011/09/10 21:14:49.0750 2512 Scan finished
2011/09/10 21:14:49.0750 2512 ================================================================================
2011/09/10 21:14:49.0765 2428 Detected object count: 0
2011/09/10 21:14:49.0765 2428 Actual detected object count: 0

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 10 September 2011 - 08:30 PM

Possibly reinstallig Yahoo may work, I am not sure and it can't hurt.

With FireFox I have seen where it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Tami H

Tami H
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 September 2011 - 09:09 PM

Hi -- Removing the yahoo toolbar didn't help. It still redirects from the toolbar that comes with firefox.
i found this on the mozilla firefox help site. Do you think it's legit? It's def the registry keys that come up infected when i do a malware scan. How do i find the host file and im host file? Thank you so much for your help.

From FIREFOX:
Guys, here is the removal for the redirect virus. You will know this is your solution beyond the shadow of a doubt once you see where all of those annoying redirects are hiding at. Having some experience with the registry is very helpful. If you donít have any find somebody who does, backup your registry entries before making any changes and this info is for information purpose.

1.) Click on start, run, type in cmd press enter, type in ipconfig /flushdns press enter 2.) You need to check your Host file and lmHost file for domain entries if you see thousands of entries remove them. You will know them when you see them because your list will be HUGE! You will see THOUSANDS of domain entries in there. 3.) Next open the registry and go to these 2 hives. HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains delete everything except microsoft.com 4.) Next go to the Key P3P 2 folders up and delete the history entries. That will be all of the places you have been redirected to. You will see HUNDREDS to thousands of redirect domain entries! If you can replace the entire KEY on both Hives that would be better!!! 5.) You also need to check many other small things however these are the major identifiers. 6.) The reason why Virus scans and Spyware programs canít find the so called Virus. Because it is not one! Scanning the registry is pointless because those new registry KEY's are legit KEY's. Think of it as you have a Google or Yahoo or Bing search bar in your browser. Letís say you change the default search to a porn site. Is there anything wrong with your browser or default search engine? No! All spyware will scan past this because people have different search engines. It took me a month and a half to figure this out and I just happen to stumble upon the answer! 7.) I donít know how the registry entries were changed so be alert that you might catch this annoying issue again! 8.) If you can get another PC, get the registry KEY for I.E, it must be the same version and import the new entire KEY. That is the course of action I took.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 10 September 2011 - 09:26 PM

That makes sense buy first as its easier replace the HOSTS file.

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.


Are you comfortable in the registry? Then it can work but
First you MUST BACK UP the registry. This step involves making changes in the registry. Always back up your registry before making any changes.

Go to Start Ľ Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File Ľ Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File Ľ Exit.

Or you can download and use ERUNT which is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Tami H

Tami H
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 11 September 2011 - 01:26 PM

Bummer. That stuff didn't work. Do you want the malware log from a few days ago where it found all the crap on my system?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 11 September 2011 - 04:28 PM

Yes please
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Tami H

Tami H
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 11 September 2011 - 06:13 PM

Here is the malwarebytes log file from last week:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7655

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

9/5/2011 11:17:59 AM
mbam-log-2011-09-05 (11-17-59).txt

Scan type: Quick scan
Objects scanned: 229167
Time elapsed: 9 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Tami\application data\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Tami\application data\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Tami\application data\funwebproducts\Data\Tami (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\localservice\application data\02000000f1f8d7fe1406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000f1f8d7fe1406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000f1f8d7fe1406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000f1f8d7fe1406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000f1f8d7fe1406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000f1f8d7fe1406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000f1f8d7fe1406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000f1f8d7fe1406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Tami\application data\funwebproducts\Data\Tami\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Tami\application data\funwebproducts\Data\Tami\outfit.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Tami\application data\funwebproducts\Data\Tami\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users