Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox search engine redirect issue


  • This topic is locked This topic is locked
20 replies to this topic

#1 IndyDon

IndyDon

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 26 September 2011 - 06:13 PM

Have been having problems with being redirected to scam websites for a few weeks. I only use Firefox - IE is not on machine - and the redirects occur on both Google and Yahoo. The problem does not occur 100% of the time. But, if I reboot the computer it will come back and it often seems to come back if I just exit and go back into Firefox. Have used McAfee, Malwarebytes, AdWare, Registry Mechanic to try and fix but nothing helps.

Initially tried to restore my PC to a previous time but I am unable to do so. I have tried a handful of times and the Restore feature is not successful.

Probably unrelated, but I am no longer able to access my Lynksys router admin area at 192.168.1.1.

Thanks, in advance.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
Run by Family at 12:47:24 on 2011-09-26
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.1431 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.pctools.com/mrc/fix_homepage/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110913020004.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Tracks Eraser Pro] c:\program files\acesoft\tracks eraser pro\te.exe min
uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\family\locals~1\tempor~1\content.ie5\ghujwlaz\cvglob~1.sh! c:\docume~1\family\locals~1\tempor~1\content.ie5\odqfs5u7\office~1.sh! c:\docume~1\family\locals~1\tempor~1\content.ie5\odqfs5u7\client~1.sh! c:\docume~1\family\locals~1\tempor~1\content.ie5\8lqfgpmr\script~1.sh! c:\docume~1\family\locals~1\tempor~1\content.ie5\ghujwlaz\offlin~1.sh! c:\docume~1\family\recent\wishli~1.sh! c:\docume~1\family\recent\temp.sh! c:\docume~1\family\recent\starsb~1.sh! c:\docume~1\family\recent\pokema~1.sh! c:\docume~1\family\recent\mypict~1.sh! c:\docume~1\family\recent\lumasb~1.sh! c:\docume~1\family\recent\linksd~1.sh! c:\docume~1\family\recent\lights~2.sh! c:\docume~1\family\recent\lights~1.sh! c:\docume~1\family\recent\jason9~1.sh! c:\docume~1\family\recent\jason.sh! c:\docume~1\family\recent\hometx~1.sh! c:\docume~1\family\recent\faqtxt~1.sh! c:\docume~1\family\recent\amosbu~1.sh! c:\docume~1\family\recent\aboutt~1.sh! c:\docume~1\family\recent\p12bf7~1.sh! c:\docume~1\family\recent\p10009~2.sh! c:\docume~1\family\recent\p10008~1.sh! c:\docume~1\family\recent\p10007~4.sh! c:\docume~1\family\recent\p10007~3.sh! c:\docume~1\family\recent\p10007~2.sh! c:\docume~1\family\recent\p10007~1.sh! c:\docume~1\family\recent\namesd~1.sh! c:\docume~1\family\recent\myweb12.sh! c:\docume~1\family\recent\memo00~1.sh! c:\docume~1\family\recent\may2009.sh! c:\docume~1\family\recent\lights~3.sh! c:\docume~1\family\recent\june2009.sh! c:\docume~1\family\recent\july2009.sh! c:\docume~1\family\recent\ja83da~1.sh! c:\docume~1\family\recent\jason9~3.sh! c:\docume~1\family\recent\jason9~2.sh! c:\docume~1\family\recent\ja82da~1.sh! c:\docume~1\family\recent\jason9~4.sh! c:\docume~1\family\recent\jason1~2.sh! c:\docume~1\family\recent\excel.sh! c:\docume~1\family\recent\dscn11~1.sh! c:\docume~1\family\recent\defaul~1.sh! c:\docume~1\family\recent\chaino~1.sh! c:\docume~1\family\recent\cdsgiv~1.sh! c:\docume~1\family\recent\cdlett~1.sh! c:\docume~1\family\recent\caterp~1.sh! c:\docume~1\family\recent\butter~2.sh! c:\docume~1\family\recent\butter~1.sh! c:\docume~1\family\recent\awbasl~1.sh! c:\docume~1\family\recent\aviand~2.sh! c:\docume~1\family\recent\april2~1.sh! c:\docume~1\family\recent\word.sh! c:\docume~1\family\recent\volunt~1.sh! c:\docume~1\family\recent\usfwsb~1.sh! c:\docume~1\family\recent\toto20~1.sh! c:\docume~1\family\recent\totodo~1.sh! c:\docume~1\family\recent\tentjp~1.sh! c:\docume~1\family\recent\smiths~1.sh! c:\docume~1\family\recent\p10100~2.sh! c:\docume~1\family\recent\p10100~4.sh! c:\docume~1\family\recent\p12c3a~1.sh! c:\docume~1\family\recent\p10100~3.sh! c:\docume~1\family\recent\p10100~1.sh! c:\docume~1\family\recent\ordera~1.sh! c:\docume~1\family\recent\logosj~1.sh! c:\docume~1\family\recent\lights~4.sh! c:\docume~1\family\recent\lia60b~1.sh! c:\docume~1\family\recent\juvena~1.sh! c:\docume~1\family\recent\jdrf.sh! c:\docume~1\family\recent\chocie~1.sh! c:\docume~1\family\recent\bigoak~1.sh! c:\docume~1\family\recent\bigoak~3.sh! c:\docume~1\family\recent\bigoak~2.sh! c:\docume~1\family\recent\awbasb~1.sh! c:\docume~1\family\recent\agenda~1.sh! c:\docume~1\family\recent\aboutj~1.sh! c:\docume~1\family\recent\509710~1.sh! c:\docume~1\family\locals~1\tempor~1\content.ie5\oda7wp2n\script~1.sh! c:\docume~1\family\locals~1\tempor~1\content.ie5\wp2fkx2f\cvglob~1.sh! c:\docume~1\family\locals~1\tempor~1\content.ie5\k1qzc92f\office~1.sh! c:\docume~1\family\locals~1\tempor~1\content.ie5\wp2fkx2f\client~1.sh! c:\docume~1\family\locals~1\tempor~1\content.ie5\wp2fkx2f\offlin~1.sh! c:\docume~1\family\locals~1\tempor~1\content.ie5\cnoha1el\getmes~1.sh! c:\docume~1\family\recent\97lrjp~1.sh! c:\docume~1\family\recent\wlm_pr~2.sh! c:\docume~1\family\recent\wlm_pr~1.sh! c:\docume~1\family\recent\tn_nav~3.sh! c:\docume~1\family\recent\tn_nav~2.sh! c:\docume~1\family\recent\tn_nav~1.sh! c:\docume~1\family\recent\thry%3~1.sh! c:\docume~1\family\recent\stokes~1.sh! c:\docume~1\family\recent\septem~1.sh! c:\docume~1\family\recent\presno~1.sh! c:\docume~1\family\recent\presde~1.sh! c:\docume~1\family\recent\photos~1.sh! c:\docume~1\family\recent\p10104~3.sh! c:\docume~1\family\recent\p10104~2.sh! c:\docume~1\family\recent\p11db5~1.sh! c:\docume~1\family\recent\p10103~3.sh! c:\docume~1\family\recent\p10103~4.sh! c:\docume~1\family\recent\p10103~1.sh! c:\docume~1\family\recent\oct2009.sh! c:\docume~1\family\recent\nov2009.sh! c:\docume~1\family\recent\li23fc~1.sh! c:\docume~1\family\recent\lie005~1.sh! c:\docume~1\family\recent\li19b1~1.sh! c:\docume~1\family\recent\li4484~1.sh! c:\docume~1\family\recent\gorney~1.sh! c:\docume~1\family\recent\gorney~2.sh! c:\docume~1\family\recent\financ~1.sh! c:\docume~1\family\recent\fallfu~1.sh! c:\docume~1\family\recent\dec2009.sh! c:\docume~1\family\recent\d400jp~1.sh! c:\docume~1\family\recent\copyof~1.sh! c:\docume~1\family\recent\buildi~1.sh! c:\docume~1\family\recent\608047~1.sh! c:\docume~1\family\recent\3d401j~1.sh! c:\docume~1\family\recent\3d400j~1.sh! c:\docume~1\family\recent\wom_ke~1.sh! c:\docume~1\family\recent\winter~1.sh! c:\docume~1\family\recent\presid~1.sh! c:\docume~1\family\recent\practi~1.sh! c:\docume~1\family\recent\p10103~2.sh! c:\docume~1\family\recent\newsle~1.sh! c:\docume~1\family\recent\magicm~1.sh! c:\docume~1\family\recent\latert~1.sh! c:\docume~1\family\recent\kevinc~1.sh! c:\docume~1\family\recent\kevinc~2.sh! c:\docume~1\family\recent\iba.sh! c:\docume~1\family\recent\h00-20~1.sh! c:\docume~1\family\recent\fy2010~1.sh! c:\docume~1\family\recent\fy10co~1.sh! c:\docume~1\family\recent\finals~1.sh! c:\docume~1\family\recent\finalc~1.sh! c:\docume~1\family\recent\fields~1.sh! c:\docume~1\family\recent\d_gorn~1.sh! c:\docume~1\family\recent\draftc~1.sh! c:\docume~1\family\recent\don_go~1.sh! c:\docume~1\family\recent\don's.sh! c:\docume~1\family\recent\decemb~1.sh! c:\docume~1\family\recent\boardp~1.sh! c:\docume~1\family\recent\birds.sh! c:\docume~1\family\recent\askgen~1.sh! c:\docume~1\family\recent\amosbu~3.sh! c:\docume~1\family\recent\amosbu~2.sh! c:\docume~1\family\recent\ac_ite~1.sh! c:\docume~1\family\recent\ac_ite~2.sh! c:\docume~1\family\recent\ac_ite~3.sh! c:\docume~1\family\recent\ac_ite~4.sh! c:\docume~1\family\recent\2010wi~1.sh! c:\docume~1\family\locals~1\temp\plugtmp.SH!
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\family\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\pkware\pkzipm\11.20.0008\PKTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.87.72.134 68.87.77.134
TCP: Interfaces\{155C8BA0-CE17-445B-83A5-2DC294BCD2FE} : DhcpNameServer = 192.168.1.1 68.87.72.134 68.87.77.134
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll cecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\family\application data\mozilla\firefox\profiles\cmrxfwxb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\documents and settings\family\application data\mozilla\firefox\profiles\cmrxfwxb.default\extensions\runtime@panda3d.org\platform\winnt_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\documents and settings\family\local settings\application data\robloxversions\version-5ce51d8367464075\NPRobloxProxy.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Panda3D Game Engine Plug-In: runtime@panda3d.org - %profile%\extensions\runtime@panda3d.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-3 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-3 461864]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-3-17 89624]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-13 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-3 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-3-17 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-3-17 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-3-17 214904]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-3-17 166024]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-3-17 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-3-17 148520]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-9-3 632792]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-3-17 57432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-13 22216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-3 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-3 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-3-17 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-3-17 83688]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-25 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
S2 srv17EC;srv17EC;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-25 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-3-17 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-17 87808]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-3 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-3 40552]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2007-9-24 855040]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-12-20 11520]
.
=============== Created Last 30 ================
.
2011-09-13 18:48:53 -------- d-----w- c:\documents and settings\family\application data\Malwarebytes
2011-09-13 18:48:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-13 18:48:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-13 18:48:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-13 06:00:04 28504 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-09-08 00:23:37 388096 ----a-w- c:\documents and settings\family\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-07 20:13:43 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-05 13:08:21 66048 --sha-r- c:\windows\system32\w32time9.dll
.
==================== Find3M ====================
.
2011-09-20 17:24:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-15 19:35:43 72080 ----a-w- c:\documents and settings\family\g2mdlhlpx.exe
2011-08-18 19:25:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 14:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 14:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-15 22:03:02 24576 ----a-w- c:\windows\system32\userinit.exe
.
============= FINISH: 12:54:51.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 01 October 2011 - 06:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420626 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:32 AM

Posted 03 October 2011 - 10:36 AM

Are you still with us? Do you still need help?

Best Regards,
oneof4.


#4 IndyDon

IndyDon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 04 October 2011 - 06:06 AM

Yes, still having the same problem(s) and still in need of help. Ran DDS and GMER again and have attached updated files. Basic problem remains being redirected when using search engines. I am able to access websites by using bookmarks, typing in the URL directly, or visiting the cached version and then clicking on the URL. But, any time I use a search engine and click on the link, I am redirected to an inappropriate/wrong site.

Don't know if they are related, but still can't access Lynksys admin panel at 192.168.1.1 and have been unable to use the Restore function.

Thanks!
Attached File  ark.txt   92.05KB   2 downloadsAttached File  dds.txt   26.5KB   2 downloads

#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:32 AM

Posted 05 October 2011 - 08:49 AM

Hello IndyDon, and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Watch Topic. If you click on this, another page will open. Please choose Immediate Notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We have several programs we need to remove from your computer, so let's get started...

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove AdAware. It's not what it once was anyway.

==========

Next please perform the following:

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
The Recovery Console step that follows does not apply to Vista or Windows 7

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Best Regards,
oneof4.


#6 IndyDon

IndyDon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 05 October 2011 - 11:05 AM

oneof4, Many thanks for helping. Greatly appreciated! Followed instructions precisely. Removed AdWare; ran ComboFix; ComboFix log below. Appears PC is the same. Search engine redirects still occurring; still can't access Lynksys admin panel; no other issues obvious.


ComboFix 11-10-05.01 - Family 10/05/2011 11:15:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.1908 [GMT -4:00]
Running from: c:\documents and settings\Family\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Family\Application Data\Adobe\plugs
c:\documents and settings\Family\Application Data\Adobe\shed
c:\documents and settings\Family\g2mdlhlpx.exe
c:\documents and settings\Family\GoToAssistDownloadHelper.exe
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\kb913800.exe
c:\windows\setupapi.log
c:\windows\system32\_003486_.tmp.dll
c:\windows\system32\_003487_.tmp.dll
c:\windows\system32\_003488_.tmp.dll
c:\windows\system32\_003489_.tmp.dll
c:\windows\system32\_003496_.tmp.dll
c:\windows\system32\_003497_.tmp.dll
c:\windows\system32\_003498_.tmp.dll
c:\windows\system32\_003499_.tmp.dll
c:\windows\system32\_003501_.tmp.dll
c:\windows\system32\_003502_.tmp.dll
c:\windows\system32\_003505_.tmp.dll
c:\windows\system32\_003506_.tmp.dll
c:\windows\system32\_003508_.tmp.dll
c:\windows\system32\_003509_.tmp.dll
c:\windows\system32\_003510_.tmp.dll
c:\windows\system32\_003512_.tmp.dll
c:\windows\system32\_003515_.tmp.dll
c:\windows\system32\_003516_.tmp.dll
c:\windows\system32\_003520_.tmp.dll
c:\windows\system32\_003521_.tmp.dll
c:\windows\system32\_003523_.tmp.dll
c:\windows\system32\_003526_.tmp.dll
c:\windows\system32\_003528_.tmp.dll
c:\windows\system32\_003529_.tmp.dll
c:\windows\system32\_003530_.tmp.dll
c:\windows\system32\_003531_.tmp.dll
c:\windows\system32\_003532_.tmp.dll
c:\windows\system32\_003535_.tmp.dll
c:\windows\system32\_003536_.tmp.dll
c:\windows\system32\_003537_.tmp.dll
c:\windows\system32\_003538_.tmp.dll
c:\windows\system32\_003539_.tmp.dll
c:\windows\system32\_003544_.tmp.dll
c:\windows\system32\_003546_.tmp.dll
c:\windows\system32\_003547_.tmp.dll
c:\windows\system32\_003704_.tmp.dll
c:\windows\system32\_003705_.tmp.dll
c:\windows\system32\_003706_.tmp.dll
c:\windows\system32\_003707_.tmp.dll
c:\windows\system32\_003714_.tmp.dll
c:\windows\system32\_003715_.tmp.dll
c:\windows\system32\_003716_.tmp.dll
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003719_.tmp.dll
c:\windows\system32\_003722_.tmp.dll
c:\windows\system32\_003723_.tmp.dll
c:\windows\system32\_003724_.tmp.dll
c:\windows\system32\_003725_.tmp.dll
c:\windows\system32\_003726_.tmp.dll
c:\windows\system32\_003727_.tmp.dll
c:\windows\system32\_003728_.tmp.dll
c:\windows\system32\_003729_.tmp.dll
c:\windows\system32\_003730_.tmp.dll
c:\windows\system32\_003731_.tmp.dll
c:\windows\system32\_003732_.tmp.dll
c:\windows\system32\_003733_.tmp.dll
c:\windows\system32\_003736_.tmp.dll
c:\windows\system32\_003737_.tmp.dll
c:\windows\system32\_003738_.tmp.dll
c:\windows\system32\_003739_.tmp.dll
c:\windows\system32\_003740_.tmp.dll
c:\windows\system32\_003741_.tmp.dll
c:\windows\system32\_003742_.tmp.dll
c:\windows\system32\_003743_.tmp.dll
c:\windows\system32\_003745_.tmp.dll
c:\windows\system32\_003746_.tmp.dll
c:\windows\system32\_003747_.tmp.dll
c:\windows\system32\_003748_.tmp.dll
c:\windows\system32\_003751_.tmp.dll
c:\windows\system32\_003752_.tmp.dll
c:\windows\system32\_003753_.tmp.dll
c:\windows\system32\_003754_.tmp.dll
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003758_.tmp.dll
c:\windows\system32\_003759_.tmp.dll
c:\windows\system32\_003760_.tmp.dll
c:\windows\system32\_003761_.tmp.dll
c:\windows\system32\_003762_.tmp.dll
c:\windows\system32\_003763_.tmp.dll
c:\windows\system32\_003764_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003766_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003770_.tmp.dll
c:\windows\system32\_003771_.tmp.dll
c:\windows\system32\_003772_.tmp.dll
c:\windows\system32\_003773_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003775_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003780_.tmp.dll
c:\windows\system32\_003781_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003788_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003792_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003795_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003800_.tmp.dll
c:\windows\system32\_003801_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003803_.tmp.dll
c:\windows\system32\_003804_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003808_.tmp.dll
c:\windows\system32\_003810_.tmp.dll
c:\windows\system32\_003811_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003815_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003823_.tmp.dll
c:\windows\system32\_003826_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003828_.tmp.dll
c:\windows\system32\_003829_.tmp.dll
c:\windows\system32\_003830_.tmp.dll
c:\windows\system32\_003835_.tmp.dll
c:\windows\system32\_003837_.tmp.dll
c:\windows\system32\_003838_.tmp.dll
c:\windows\system32\_006962_.tmp.dll
c:\windows\system32\_006963_.tmp.dll
c:\windows\system32\_006964_.tmp.dll
c:\windows\system32\_006965_.tmp.dll
c:\windows\system32\_006972_.tmp.dll
c:\windows\system32\_006973_.tmp.dll
c:\windows\system32\_006974_.tmp.dll
c:\windows\system32\_006976_.tmp.dll
c:\windows\system32\_006977_.tmp.dll
c:\windows\system32\_006980_.tmp.dll
c:\windows\system32\_006981_.tmp.dll
c:\windows\system32\_006983_.tmp.dll
c:\windows\system32\_006984_.tmp.dll
c:\windows\system32\_006985_.tmp.dll
c:\windows\system32\_006987_.tmp.dll
c:\windows\system32\_006990_.tmp.dll
c:\windows\system32\_006991_.tmp.dll
c:\windows\system32\_006995_.tmp.dll
c:\windows\system32\_006996_.tmp.dll
c:\windows\system32\_006998_.tmp.dll
c:\windows\system32\_007001_.tmp.dll
c:\windows\system32\_007003_.tmp.dll
c:\windows\system32\_007004_.tmp.dll
c:\windows\system32\_007005_.tmp.dll
c:\windows\system32\_007006_.tmp.dll
c:\windows\system32\_007009_.tmp.dll
c:\windows\system32\_007010_.tmp.dll
c:\windows\system32\_007011_.tmp.dll
c:\windows\system32\_007012_.tmp.dll
c:\windows\system32\_007013_.tmp.dll
c:\windows\system32\_007018_.tmp.dll
c:\windows\system32\_007020_.tmp.dll
c:\windows\system32\_007021_.tmp.dll
c:\windows\system32\comct332.ocx
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\regobj.dll
c:\windows\system32\usp10(2).dll
c:\windows\twain_16.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))
.
.
2011-10-05 14:57 . 2011-10-05 15:32 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-05 14:56 . 2011-10-05 14:56 -------- d-----w- c:\windows\LastGood.Tmp
2011-09-13 18:48 . 2011-09-13 18:48 -------- d-----w- c:\documents and settings\Family\Application Data\Malwarebytes
2011-09-13 18:48 . 2011-09-13 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-13 06:00 . 2011-08-19 19:56 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-09-08 00:23 . 2011-09-08 00:23 388096 ----a-w- c:\documents and settings\Family\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-20 17:24 . 2011-05-19 13:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-15 14:00 . 2010-03-17 13:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 14:00 . 2010-03-17 13:47 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-08-15 14:00 . 2010-03-17 13:47 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 14:00 . 2010-03-17 13:47 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-08-15 14:00 . 2010-03-17 13:47 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 14:00 . 2010-03-17 13:47 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 14:00 . 2010-03-17 13:47 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-08-15 14:00 . 2009-04-03 19:48 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 14:00 . 2009-04-03 19:48 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 14:00 . 2009-04-03 19:48 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-07-15 22:03 . 2011-03-04 12:32 24576 ----a-w- c:\windows\system32\userinit.exe
2011-03-03 17:50 . 2010-04-07 16:33 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-08-31 16:27 . 2010-04-07 16:33 556344 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-04-22 19:00 . 2010-04-22 19:00 101760 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-04-14 18:01 . 2010-05-20 00:08 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Tracks Eraser Pro"="c:\program files\Acesoft\Tracks Eraser Pro\te.exe" [2009-11-06 1453888]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\documents and settings\Family\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2005-12-27 241664]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-6-28 40960]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-5-18 155648]
SecureZIP Attachments Status.lnk - c:\program files\PKWARE\PKZIPM\11.20.0008\PKTray.exe [2007-12-27 197984]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv17EC]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/17/2010 9:47 AM 89624]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 12:58 PM 1085440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/3/2009 3:51 PM 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/17/2010 9:47 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [3/17/2010 9:47 AM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [3/17/2010 9:48 AM 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [3/17/2010 9:47 AM 148520]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [9/3/2010 10:01 AM 632792]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/8/2010 12:40 PM 237568]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [11/8/2010 12:43 PM 1060352]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [11/8/2010 12:43 PM 484352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/17/2010 9:47 AM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/17/2010 9:47 AM 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/17/2010 9:47 AM 83688]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/20/2010 10:24 AM 11520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2009 10:27 PM 135664]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
S2 srv17EC;srv17EC;c:\windows\system32\svchost.exe -k netsvcs [8/16/2005 6:18 AM 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2009 10:27 PM 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/17/2010 9:47 AM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/17/2010 9:47 AM 87808]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [9/24/2007 3:39 PM 855040]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv17EC
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 02:27]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 02:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.pctools.com/mrc/fix_homepage/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1 68.87.72.134 68.87.77.134
FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\cmrxfwxb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Panda3D Game Engine Plug-In: runtime@panda3d.org - %profile%\extensions\runtime@panda3d.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-dimsntfy - (no file)
AddRemove-Python 2.1 - c:\python21\\Python21\UNWISE.EXE
AddRemove-Python 2.1 combined Win32 extensions - c:\python21\UNWISE~1.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-05 11:34
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv17EC]
"servicedll"="\\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv17EC.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3856)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe
.
**************************************************************************
.
Completion time: 2011-10-05 11:46:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-05 15:46
ComboFix2.txt 2008-02-14 19:04
.
Pre-Run: 22,052,106,240 bytes free
Post-Run: 22,647,701,504 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - ADF6FE11CBCD4BC4941E377DF9A248E2

Attached Files



#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:32 AM

Posted 06 October 2011 - 06:52 AM

Hello IndyDon :)

Okay, we nailed a few of the baddies, but there obviously must be others that are trying to hide, so please run the following:


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Best Regards,
oneof4.


#8 IndyDon

IndyDon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 06 October 2011 - 08:37 AM

Ran report and the log is below. Nothing was found. After I sent the reply yesterday, I rebooted machine and it appears the redirect issue has been fixed. I used both Yahoo and Google and have input a number of search terms like "norton", "mcafee", "anti-virus", etc that previously would not even produced results and have had no problems.

Since it appears the problem has been fixed (still can't access Lynksys admin panel so will need to look into that), any advice for going forward concerning anti-virus/malware protection? I really am grateful for your help, oneof4.

09:24:28.0515 3624 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
09:24:28.0906 3624 ============================================================
09:24:28.0906 3624 Current date / time: 2011/10/06 09:24:28.0906
09:24:28.0906 3624 SystemInfo:
09:24:28.0906 3624
09:24:28.0906 3624 OS Version: 5.1.2600 ServicePack: 2.0
09:24:28.0906 3624 Product type: Workstation
09:24:28.0906 3624 ComputerName: DHCLK191
09:24:28.0906 3624 UserName: Family
09:24:28.0906 3624 Windows directory: C:\WINDOWS
09:24:28.0906 3624 System windows directory: C:\WINDOWS
09:24:28.0906 3624 Processor architecture: Intel x86
09:24:28.0906 3624 Number of processors: 2
09:24:28.0906 3624 Page size: 0x1000
09:24:28.0906 3624 Boot type: Normal boot
09:24:28.0906 3624 ============================================================
09:24:29.0234 3624 Initialize success
09:24:50.0671 3592 ============================================================
09:24:50.0671 3592 Scan started
09:24:50.0671 3592 Mode: Manual;
09:24:50.0671 3592 ============================================================
09:24:51.0359 3592 Abiosdsk - ok
09:24:51.0453 3592 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:24:51.0468 3592 abp480n5 - ok
09:24:51.0500 3592 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:24:51.0500 3592 ACPI - ok
09:24:51.0546 3592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:24:51.0546 3592 ACPIEC - ok
09:24:51.0578 3592 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:24:51.0578 3592 adpu160m - ok
09:24:51.0609 3592 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
09:24:51.0609 3592 aec - ok
09:24:51.0640 3592 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
09:24:51.0640 3592 Afc - ok
09:24:51.0671 3592 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
09:24:51.0671 3592 AFD - ok
09:24:51.0703 3592 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:24:51.0703 3592 agp440 - ok
09:24:51.0718 3592 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:24:51.0718 3592 agpCPQ - ok
09:24:51.0781 3592 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:24:51.0781 3592 Aha154x - ok
09:24:51.0796 3592 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:24:51.0796 3592 aic78u2 - ok
09:24:51.0812 3592 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:24:51.0828 3592 aic78xx - ok
09:24:51.0843 3592 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:24:51.0843 3592 AliIde - ok
09:24:51.0890 3592 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:24:51.0890 3592 alim1541 - ok
09:24:51.0906 3592 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:24:51.0906 3592 amdagp - ok
09:24:51.0937 3592 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:24:51.0937 3592 amsint - ok
09:24:51.0953 3592 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:24:51.0968 3592 Arp1394 - ok
09:24:51.0984 3592 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:24:51.0984 3592 asc - ok
09:24:52.0000 3592 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:24:52.0000 3592 asc3350p - ok
09:24:52.0015 3592 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:24:52.0015 3592 asc3550 - ok
09:24:52.0046 3592 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:24:52.0046 3592 AsyncMac - ok
09:24:52.0078 3592 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:24:52.0078 3592 atapi - ok
09:24:52.0093 3592 Atdisk - ok
09:24:52.0187 3592 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:24:52.0203 3592 ati2mtag - ok
09:24:52.0250 3592 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:24:52.0250 3592 Atmarpc - ok
09:24:52.0265 3592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:24:52.0265 3592 audstub - ok
09:24:52.0296 3592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:24:52.0312 3592 Beep - ok
09:24:52.0328 3592 bvrp_pci - ok
09:24:52.0328 3592 catchme - ok
09:24:52.0375 3592 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:24:52.0375 3592 cbidf - ok
09:24:52.0390 3592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:24:52.0390 3592 cbidf2k - ok
09:24:52.0437 3592 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:24:52.0437 3592 CCDECODE - ok
09:24:52.0453 3592 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:24:52.0453 3592 cd20xrnt - ok
09:24:52.0468 3592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:24:52.0468 3592 Cdaudio - ok
09:24:52.0500 3592 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
09:24:52.0500 3592 Cdfs - ok
09:24:52.0546 3592 cdrbsdrv (248349293ca42ee5db61dc1fd85a2f49) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
09:24:52.0546 3592 cdrbsdrv - ok
09:24:52.0562 3592 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:24:52.0562 3592 Cdrom - ok
09:24:52.0609 3592 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\WINDOWS\system32\drivers\cfwids.sys
09:24:52.0609 3592 cfwids - ok
09:24:52.0625 3592 Changer - ok
09:24:52.0671 3592 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:24:52.0671 3592 CmdIde - ok
09:24:52.0703 3592 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:24:52.0703 3592 Cpqarray - ok
09:24:52.0734 3592 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:24:52.0734 3592 dac2w2k - ok
09:24:52.0765 3592 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:24:52.0765 3592 dac960nt - ok
09:24:52.0796 3592 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
09:24:52.0796 3592 Disk - ok
09:24:52.0859 3592 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
09:24:52.0859 3592 dmboot - ok
09:24:52.0875 3592 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
09:24:52.0875 3592 dmio - ok
09:24:52.0890 3592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:24:52.0890 3592 dmload - ok
09:24:52.0937 3592 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
09:24:52.0937 3592 DMusic - ok
09:24:52.0984 3592 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:24:52.0984 3592 dpti2o - ok
09:24:53.0000 3592 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
09:24:53.0000 3592 drmkaud - ok
09:24:53.0031 3592 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:24:53.0031 3592 drvmcdb - ok
09:24:53.0046 3592 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
09:24:53.0046 3592 drvnddm - ok
09:24:53.0171 3592 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
09:24:53.0171 3592 DSproct - ok
09:24:53.0218 3592 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
09:24:53.0218 3592 dsunidrv - ok
09:24:53.0234 3592 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:24:53.0234 3592 E100B - ok
09:24:53.0265 3592 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:24:53.0265 3592 e1express - ok
09:24:53.0312 3592 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
09:24:53.0328 3592 Fastfat - ok
09:24:53.0343 3592 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:24:53.0359 3592 Fdc - ok
09:24:53.0375 3592 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
09:24:53.0375 3592 Fips - ok
09:24:53.0406 3592 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:24:53.0406 3592 Flpydisk - ok
09:24:53.0437 3592 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:24:53.0437 3592 FltMgr - ok
09:24:53.0453 3592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:24:53.0453 3592 Fs_Rec - ok
09:24:53.0484 3592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:24:53.0484 3592 Ftdisk - ok
09:24:53.0531 3592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:24:53.0531 3592 GEARAspiWDM - ok
09:24:53.0546 3592 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:24:53.0546 3592 Gpc - ok
09:24:53.0578 3592 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:24:53.0578 3592 HDAudBus - ok
09:24:53.0593 3592 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:24:53.0593 3592 HidUsb - ok
09:24:53.0671 3592 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:24:53.0687 3592 hpn - ok
09:24:53.0734 3592 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:24:53.0734 3592 HSFHWBS2 - ok
09:24:53.0796 3592 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:24:53.0812 3592 HSF_DP - ok
09:24:53.0828 3592 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
09:24:53.0843 3592 HTTP - ok
09:24:53.0859 3592 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:24:53.0859 3592 i2omgmt - ok
09:24:53.0875 3592 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:24:53.0875 3592 i2omp - ok
09:24:53.0890 3592 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:24:53.0890 3592 i8042prt - ok
09:24:53.0984 3592 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
09:24:54.0000 3592 iastor - ok
09:24:54.0031 3592 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:24:54.0031 3592 Imapi - ok
09:24:54.0046 3592 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:24:54.0062 3592 ini910u - ok
09:24:54.0078 3592 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:24:54.0078 3592 IntelIde - ok
09:24:54.0093 3592 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:24:54.0093 3592 intelppm - ok
09:24:54.0140 3592 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:24:54.0156 3592 Ip6Fw - ok
09:24:54.0203 3592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:24:54.0203 3592 IpFilterDriver - ok
09:24:54.0234 3592 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:24:54.0234 3592 IpInIp - ok
09:24:54.0281 3592 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:24:54.0281 3592 IpNat - ok
09:24:54.0296 3592 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:24:54.0312 3592 IPSec - ok
09:24:54.0328 3592 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:24:54.0328 3592 IRENUM - ok
09:24:54.0359 3592 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:24:54.0359 3592 isapnp - ok
09:24:54.0375 3592 ivusb - ok
09:24:54.0390 3592 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:24:54.0390 3592 Kbdclass - ok
09:24:54.0406 3592 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:24:54.0406 3592 kbdhid - ok
09:24:54.0437 3592 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
09:24:54.0437 3592 kmixer - ok
09:24:54.0453 3592 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
09:24:54.0453 3592 KSecDD - ok
09:24:54.0531 3592 Lavasoft Kernexplorer - ok
09:24:54.0546 3592 Lbd - ok
09:24:54.0562 3592 lbrtfdc - ok
09:24:54.0640 3592 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:24:54.0640 3592 mdmxsdk - ok
09:24:54.0687 3592 meiudf (8298785f3be8ab9798875d85b7a7a901) C:\WINDOWS\system32\Drivers\meiudf.sys
09:24:54.0687 3592 meiudf - ok
09:24:54.0734 3592 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\WINDOWS\system32\drivers\mfeapfk.sys
09:24:54.0734 3592 mfeapfk - ok
09:24:54.0781 3592 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\WINDOWS\system32\drivers\mfeavfk.sys
09:24:54.0781 3592 mfeavfk - ok
09:24:54.0796 3592 mfeavfk01 - ok
09:24:54.0843 3592 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\WINDOWS\system32\drivers\mfebopk.sys
09:24:54.0843 3592 mfebopk - ok
09:24:54.0890 3592 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\WINDOWS\system32\drivers\mfefirek.sys
09:24:54.0906 3592 mfefirek - ok
09:24:54.0953 3592 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\WINDOWS\system32\drivers\mfehidk.sys
09:24:54.0953 3592 mfehidk - ok
09:24:55.0000 3592 mfendisk (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
09:24:55.0000 3592 mfendisk - ok
09:24:55.0000 3592 mfendiskmp (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
09:24:55.0000 3592 mfendiskmp - ok
09:24:55.0046 3592 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\WINDOWS\system32\drivers\mferkdet.sys
09:24:55.0062 3592 mferkdet - ok
09:24:55.0109 3592 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
09:24:55.0109 3592 mferkdk - ok
09:24:55.0156 3592 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
09:24:55.0156 3592 mfesmfk - ok
09:24:55.0203 3592 mfetdi2k (2026fe7c9e6b26ffeb08cd89c6326b91) C:\WINDOWS\system32\drivers\mfetdi2k.sys
09:24:55.0203 3592 mfetdi2k - ok
09:24:55.0250 3592 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
09:24:55.0250 3592 MHNDRV - ok
09:24:55.0281 3592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:24:55.0281 3592 mnmdd - ok
09:24:55.0328 3592 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
09:24:55.0343 3592 Modem - ok
09:24:55.0375 3592 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:24:55.0375 3592 MODEMCSA - ok
09:24:55.0468 3592 mosuport (f3aef73cb4df553871da0a3d429847b0) C:\WINDOWS\system32\DRIVERS\mosuport.sys
09:24:55.0468 3592 mosuport - ok
09:24:55.0531 3592 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:24:55.0531 3592 Mouclass - ok
09:24:55.0609 3592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:24:55.0609 3592 mouhid - ok
09:24:55.0656 3592 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
09:24:55.0656 3592 MountMgr - ok
09:24:55.0718 3592 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:24:55.0718 3592 mraid35x - ok
09:24:55.0781 3592 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:24:55.0781 3592 MRxDAV - ok
09:24:55.0828 3592 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:24:55.0843 3592 MRxSmb - ok
09:24:55.0859 3592 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
09:24:55.0859 3592 Msfs - ok
09:24:55.0890 3592 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:24:55.0890 3592 MSKSSRV - ok
09:24:55.0906 3592 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:24:55.0906 3592 MSPCLOCK - ok
09:24:55.0937 3592 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
09:24:55.0937 3592 MSPQM - ok
09:24:55.0953 3592 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:24:55.0953 3592 mssmbios - ok
09:24:55.0968 3592 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
09:24:55.0968 3592 MSTEE - ok
09:24:56.0000 3592 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
09:24:56.0000 3592 Mup - ok
09:24:56.0031 3592 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:24:56.0031 3592 NABTSFEC - ok
09:24:56.0046 3592 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
09:24:56.0046 3592 NDIS - ok
09:24:56.0078 3592 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:24:56.0078 3592 NdisIP - ok
09:24:56.0093 3592 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:24:56.0093 3592 NdisTapi - ok
09:24:56.0125 3592 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:24:56.0140 3592 Ndisuio - ok
09:24:56.0156 3592 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:24:56.0156 3592 NdisWan - ok
09:24:56.0171 3592 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
09:24:56.0171 3592 NDProxy - ok
09:24:56.0187 3592 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:24:56.0187 3592 NetBIOS - ok
09:24:56.0218 3592 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:24:56.0218 3592 NetBT - ok
09:24:56.0281 3592 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:24:56.0281 3592 NIC1394 - ok
09:24:56.0296 3592 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
09:24:56.0296 3592 Npfs - ok
09:24:56.0343 3592 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
09:24:56.0343 3592 Ntfs - ok
09:24:56.0359 3592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:24:56.0359 3592 Null - ok
09:24:56.0437 3592 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:24:56.0453 3592 nv - ok
09:24:56.0484 3592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:24:56.0484 3592 NwlnkFlt - ok
09:24:56.0500 3592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:24:56.0500 3592 NwlnkFwd - ok
09:24:56.0546 3592 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:24:56.0546 3592 ohci1394 - ok
09:24:56.0625 3592 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
09:24:56.0625 3592 Parport - ok
09:24:56.0671 3592 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
09:24:56.0671 3592 PartMgr - ok
09:24:56.0703 3592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:24:56.0718 3592 ParVdm - ok
09:24:56.0750 3592 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
09:24:56.0750 3592 PCI - ok
09:24:56.0765 3592 PCIDump - ok
09:24:56.0781 3592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:24:56.0781 3592 PCIIde - ok
09:24:56.0812 3592 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:24:56.0828 3592 Pcmcia - ok
09:24:56.0828 3592 PDCOMP - ok
09:24:56.0843 3592 PDFRAME - ok
09:24:56.0859 3592 PDRELI - ok
09:24:56.0875 3592 PDRFRAME - ok
09:24:56.0906 3592 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:24:56.0906 3592 perc2 - ok
09:24:56.0937 3592 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:24:56.0937 3592 perc2hib - ok
09:24:56.0984 3592 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
09:24:56.0984 3592 pnarp - ok
09:24:57.0031 3592 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:24:57.0031 3592 PptpMiniport - ok
09:24:57.0062 3592 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
09:24:57.0062 3592 PSched - ok
09:24:57.0078 3592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:24:57.0078 3592 Ptilink - ok
09:24:57.0156 3592 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
09:24:57.0156 3592 purendis - ok
09:24:57.0203 3592 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:24:57.0203 3592 PxHelp20 - ok
09:24:57.0250 3592 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:24:57.0265 3592 ql1080 - ok
09:24:57.0328 3592 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:24:57.0328 3592 Ql10wnt - ok
09:24:57.0406 3592 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:24:57.0406 3592 ql12160 - ok
09:24:57.0437 3592 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:24:57.0437 3592 ql1240 - ok
09:24:57.0453 3592 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:24:57.0453 3592 ql1280 - ok
09:24:57.0484 3592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:24:57.0484 3592 RasAcd - ok
09:24:57.0562 3592 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:24:57.0562 3592 Rasl2tp - ok
09:24:57.0578 3592 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:24:57.0578 3592 RasPppoe - ok
09:24:57.0609 3592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:24:57.0609 3592 Raspti - ok
09:24:57.0625 3592 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:24:57.0640 3592 Rdbss - ok
09:24:57.0640 3592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:24:57.0640 3592 RDPCDD - ok
09:24:57.0687 3592 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:24:57.0703 3592 rdpdr - ok
09:24:57.0734 3592 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
09:24:57.0734 3592 RDPWD - ok
09:24:57.0765 3592 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:24:57.0781 3592 redbook - ok
09:24:57.0828 3592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:24:57.0828 3592 Secdrv - ok
09:24:57.0875 3592 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:24:57.0875 3592 serenum - ok
09:24:57.0906 3592 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
09:24:57.0906 3592 Serial - ok
09:24:57.0937 3592 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:24:57.0937 3592 Sfloppy - ok
09:24:57.0953 3592 Simbad - ok
09:24:57.0984 3592 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:24:57.0984 3592 sisagp - ok
09:24:58.0015 3592 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:24:58.0015 3592 SLIP - ok
09:24:58.0062 3592 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:24:58.0062 3592 Sparrow - ok
09:24:58.0093 3592 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
09:24:58.0093 3592 splitter - ok
09:24:58.0125 3592 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
09:24:58.0125 3592 sr - ok
09:24:58.0140 3592 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
09:24:58.0156 3592 Srv - ok
09:24:58.0203 3592 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:24:58.0203 3592 sscdbhk5 - ok
09:24:58.0234 3592 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
09:24:58.0234 3592 ssrtln - ok
09:24:58.0296 3592 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
09:24:58.0296 3592 STHDA - ok
09:24:58.0328 3592 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:24:58.0328 3592 StillCam - ok
09:24:58.0390 3592 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:24:58.0390 3592 streamip - ok
09:24:58.0406 3592 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:24:58.0406 3592 swenum - ok
09:24:58.0437 3592 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
09:24:58.0437 3592 swmidi - ok
09:24:58.0484 3592 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:24:58.0484 3592 symc810 - ok
09:24:58.0515 3592 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:24:58.0515 3592 symc8xx - ok
09:24:58.0546 3592 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:24:58.0546 3592 sym_hi - ok
09:24:58.0562 3592 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:24:58.0562 3592 sym_u3 - ok
09:24:58.0609 3592 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
09:24:58.0609 3592 sysaudio - ok
09:24:58.0640 3592 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:24:58.0656 3592 Tcpip - ok
09:24:58.0687 3592 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:24:58.0687 3592 TDPIPE - ok
09:24:58.0718 3592 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
09:24:58.0718 3592 TDTCP - ok
09:24:58.0734 3592 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:24:58.0734 3592 TermDD - ok
09:24:58.0750 3592 TfFsMon - ok
09:24:58.0765 3592 TfNetMon - ok
09:24:58.0828 3592 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
09:24:58.0828 3592 tfsnboio - ok
09:24:58.0843 3592 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
09:24:58.0843 3592 tfsncofs - ok
09:24:58.0859 3592 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
09:24:58.0859 3592 tfsndrct - ok
09:24:58.0875 3592 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
09:24:58.0875 3592 tfsndres - ok
09:24:58.0906 3592 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
09:24:58.0906 3592 tfsnifs - ok
09:24:58.0921 3592 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
09:24:58.0921 3592 tfsnopio - ok
09:24:58.0937 3592 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
09:24:58.0937 3592 tfsnpool - ok
09:24:58.0968 3592 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
09:24:58.0968 3592 tfsnudf - ok
09:24:58.0984 3592 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:24:58.0984 3592 tfsnudfa - ok
09:24:59.0015 3592 TfSysMon - ok
09:24:59.0093 3592 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:24:59.0093 3592 TosIde - ok
09:24:59.0140 3592 tyveqfpltmhj (843cb965b5d3b7c4dbb477bf3a179c0e) C:\WINDOWS\system32\drivers\tyveqfpltmhj.sys
09:24:59.0140 3592 tyveqfpltmhj - ok
09:24:59.0203 3592 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
09:24:59.0203 3592 Udfs - ok
09:24:59.0234 3592 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:24:59.0234 3592 ultra - ok
09:24:59.0281 3592 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
09:24:59.0296 3592 Update - ok
09:24:59.0343 3592 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:24:59.0343 3592 USBAAPL - ok
09:24:59.0375 3592 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
09:24:59.0375 3592 usbaudio - ok
09:24:59.0406 3592 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:24:59.0406 3592 usbccgp - ok
09:24:59.0437 3592 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:24:59.0437 3592 usbehci - ok
09:24:59.0484 3592 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:24:59.0484 3592 usbhub - ok
09:24:59.0562 3592 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
09:24:59.0562 3592 USBIO - ok
09:24:59.0609 3592 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:24:59.0609 3592 usbprint - ok
09:24:59.0656 3592 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:24:59.0656 3592 usbscan - ok
09:24:59.0671 3592 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:24:59.0671 3592 USBSTOR - ok
09:24:59.0703 3592 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:24:59.0703 3592 usbuhci - ok
09:24:59.0750 3592 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:24:59.0750 3592 usbvideo - ok
09:24:59.0812 3592 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
09:24:59.0812 3592 VgaSave - ok
09:24:59.0859 3592 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:24:59.0859 3592 viaagp - ok
09:24:59.0890 3592 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:24:59.0890 3592 ViaIde - ok
09:24:59.0921 3592 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
09:24:59.0921 3592 VolSnap - ok
09:24:59.0953 3592 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:24:59.0953 3592 Wanarp - ok
09:24:59.0968 3592 wanatw - ok
09:25:00.0000 3592 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
09:25:00.0000 3592 WDC_SAM - ok
09:25:00.0031 3592 WDICA - ok
09:25:00.0062 3592 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
09:25:00.0062 3592 wdmaud - ok
09:25:00.0156 3592 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:25:00.0156 3592 winachsf - ok
09:25:00.0234 3592 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
09:25:00.0234 3592 WinDriver6 - ok
09:25:00.0296 3592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:25:00.0296 3592 WS2IFSL - ok
09:25:00.0359 3592 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:25:00.0359 3592 WSTCODEC - ok
09:25:00.0406 3592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:25:00.0406 3592 WudfPf - ok
09:25:00.0437 3592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:25:00.0437 3592 WudfRd - ok
09:25:00.0484 3592 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
09:25:00.0484 3592 \Device\Harddisk0\DR0 - ok
09:25:00.0484 3592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
09:25:00.0500 3592 \Device\Harddisk1\DR4 - ok
09:25:00.0515 3592 Boot (0x1200) (36f677dafba63361cb55bd01fbbebded) \Device\Harddisk0\DR0\Partition0
09:25:00.0515 3592 \Device\Harddisk0\DR0\Partition0 - ok
09:25:00.0515 3592 Boot (0x1200) (679468958eaf69d7baf921957bb6c2fa) \Device\Harddisk1\DR4\Partition0
09:25:00.0531 3592 \Device\Harddisk1\DR4\Partition0 - ok
09:25:00.0531 3592 ============================================================
09:25:00.0531 3592 Scan finished
09:25:00.0531 3592 ============================================================
09:25:00.0531 1296 Detected object count: 0
09:25:00.0531 1296 Actual detected object count: 0

#9 IndyDon

IndyDon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 06 October 2011 - 02:52 PM

Spoke too soon. Still being redirected for some, but not all, searches in Yahoo and Google. Reran TDSSKiller and it detected and removed a virus. New log shown below. Rebooted PC and at the moment it again appears to be OK.

20:42:10.0562 5392 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
20:42:12.0562 5392 ============================================================
20:42:12.0562 5392 Current date / time: 2011/10/06 20:42:12.0562
20:42:12.0562 5392 SystemInfo:
20:42:12.0562 5392
20:42:12.0562 5392 OS Version: 5.1.2600 ServicePack: 2.0
20:42:12.0562 5392 Product type: Workstation
20:42:12.0562 5392 ComputerName: DHCLK191
20:42:12.0562 5392 UserName: Family
20:42:12.0562 5392 Windows directory: C:\WINDOWS
20:42:12.0562 5392 System windows directory: C:\WINDOWS
20:42:12.0562 5392 Processor architecture: Intel x86
20:42:12.0562 5392 Number of processors: 2
20:42:12.0562 5392 Page size: 0x1000
20:42:12.0562 5392 Boot type: Normal boot
20:42:12.0562 5392 ============================================================
20:42:13.0296 5392 Initialize success
20:42:14.0781 0192 ============================================================
20:42:14.0781 0192 Scan started
20:42:14.0781 0192 Mode: Manual;
20:42:14.0781 0192 ============================================================
20:42:15.0734 0192 Abiosdsk - ok
20:42:15.0828 0192 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:42:15.0843 0192 abp480n5 - ok
20:42:15.0921 0192 ACPI (3b67b435fddf777c595f0ec736b03c37) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:42:15.0921 0192 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 3b67b435fddf777c595f0ec736b03c37, Fake md5: a10c7534f7223f4a73a948967d00e69b
20:42:15.0921 0192 ACPI ( Virus.Win32.Rloader.a ) - infected
20:42:15.0921 0192 ACPI - detected Virus.Win32.Rloader.a (0)
20:42:15.0984 0192 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:42:16.0000 0192 ACPIEC - ok
20:42:16.0031 0192 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:42:16.0031 0192 adpu160m - ok
20:42:16.0062 0192 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
20:42:16.0062 0192 aec - ok
20:42:16.0078 0192 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
20:42:16.0093 0192 Afc - ok
20:42:16.0125 0192 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
20:42:16.0125 0192 AFD - ok
20:42:16.0140 0192 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:42:16.0140 0192 agp440 - ok
20:42:16.0171 0192 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:42:16.0171 0192 agpCPQ - ok
20:42:16.0218 0192 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:42:16.0234 0192 Aha154x - ok
20:42:16.0250 0192 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:42:16.0250 0192 aic78u2 - ok
20:42:16.0265 0192 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:42:16.0265 0192 aic78xx - ok
20:42:16.0296 0192 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:42:16.0296 0192 AliIde - ok
20:42:16.0328 0192 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:42:16.0328 0192 alim1541 - ok
20:42:16.0343 0192 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:42:16.0343 0192 amdagp - ok
20:42:16.0375 0192 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:42:16.0375 0192 amsint - ok
20:42:16.0406 0192 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:42:16.0406 0192 Arp1394 - ok
20:42:16.0421 0192 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:42:16.0437 0192 asc - ok
20:42:16.0453 0192 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:42:16.0453 0192 asc3350p - ok
20:42:16.0468 0192 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:42:16.0468 0192 asc3550 - ok
20:42:16.0500 0192 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:42:16.0500 0192 AsyncMac - ok
20:42:16.0515 0192 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:42:16.0531 0192 atapi - ok
20:42:16.0546 0192 Atdisk - ok
20:42:16.0687 0192 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:42:16.0937 0192 ati2mtag - ok
20:42:17.0000 0192 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:42:17.0000 0192 Atmarpc - ok
20:42:17.0031 0192 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:42:17.0031 0192 audstub - ok
20:42:17.0093 0192 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:42:17.0093 0192 Beep - ok
20:42:17.0109 0192 bvrp_pci - ok
20:42:17.0125 0192 catchme - ok
20:42:17.0140 0192 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:42:17.0140 0192 cbidf - ok
20:42:17.0156 0192 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:42:17.0156 0192 cbidf2k - ok
20:42:17.0218 0192 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:42:17.0218 0192 CCDECODE - ok
20:42:17.0234 0192 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:42:17.0234 0192 cd20xrnt - ok
20:42:17.0250 0192 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:42:17.0250 0192 Cdaudio - ok
20:42:17.0281 0192 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:42:17.0281 0192 Cdfs - ok
20:42:17.0312 0192 cdrbsdrv (248349293ca42ee5db61dc1fd85a2f49) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
20:42:17.0312 0192 cdrbsdrv - ok
20:42:17.0343 0192 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:42:17.0343 0192 Cdrom - ok
20:42:17.0375 0192 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\WINDOWS\system32\drivers\cfwids.sys
20:42:17.0375 0192 cfwids - ok
20:42:17.0390 0192 Changer - ok
20:42:17.0406 0192 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:42:17.0406 0192 CmdIde - ok
20:42:17.0453 0192 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:42:17.0453 0192 Cpqarray - ok
20:42:17.0500 0192 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:42:17.0500 0192 dac2w2k - ok
20:42:17.0515 0192 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:42:17.0515 0192 dac960nt - ok
20:42:17.0578 0192 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:42:17.0578 0192 Disk - ok
20:42:17.0625 0192 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
20:42:17.0640 0192 dmboot - ok
20:42:17.0656 0192 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
20:42:17.0656 0192 dmio - ok
20:42:17.0671 0192 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:42:17.0671 0192 dmload - ok
20:42:17.0703 0192 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:42:17.0703 0192 DMusic - ok
20:42:17.0734 0192 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:42:17.0734 0192 dpti2o - ok
20:42:17.0750 0192 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
20:42:17.0750 0192 drmkaud - ok
20:42:17.0781 0192 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
20:42:17.0781 0192 drvmcdb - ok
20:42:17.0796 0192 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
20:42:17.0796 0192 drvnddm - ok
20:42:17.0921 0192 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:42:17.0921 0192 DSproct - ok
20:42:17.0968 0192 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
20:42:17.0968 0192 dsunidrv - ok
20:42:17.0984 0192 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:42:17.0984 0192 E100B - ok
20:42:18.0015 0192 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:42:18.0015 0192 e1express - ok
20:42:18.0078 0192 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:42:18.0078 0192 Fastfat - ok
20:42:18.0109 0192 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:42:18.0109 0192 Fdc - ok
20:42:18.0140 0192 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
20:42:18.0140 0192 Fips - ok
20:42:18.0171 0192 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:42:18.0171 0192 Flpydisk - ok
20:42:18.0203 0192 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:42:18.0203 0192 FltMgr - ok
20:42:18.0218 0192 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:42:18.0218 0192 Fs_Rec - ok
20:42:18.0234 0192 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:42:18.0234 0192 Ftdisk - ok
20:42:18.0296 0192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:42:18.0312 0192 GEARAspiWDM - ok
20:42:18.0343 0192 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:42:18.0343 0192 Gpc - ok
20:42:18.0375 0192 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:42:18.0375 0192 HDAudBus - ok
20:42:18.0406 0192 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:42:18.0406 0192 HidUsb - ok
20:42:18.0421 0192 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:42:18.0421 0192 hpn - ok
20:42:18.0453 0192 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:42:18.0453 0192 HSFHWBS2 - ok
20:42:18.0562 0192 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:42:18.0593 0192 HSF_DP - ok
20:42:18.0656 0192 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
20:42:18.0656 0192 HTTP - ok
20:42:18.0671 0192 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:42:18.0671 0192 i2omgmt - ok
20:42:18.0703 0192 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:42:18.0703 0192 i2omp - ok
20:42:18.0718 0192 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:42:18.0718 0192 i8042prt - ok
20:42:18.0781 0192 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
20:42:18.0781 0192 iastor - ok
20:42:18.0828 0192 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:42:18.0828 0192 Imapi - ok
20:42:18.0859 0192 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:42:18.0859 0192 ini910u - ok
20:42:18.0890 0192 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:42:18.0890 0192 IntelIde - ok
20:42:18.0906 0192 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:42:18.0906 0192 intelppm - ok
20:42:18.0953 0192 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:42:18.0953 0192 Ip6Fw - ok
20:42:19.0015 0192 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:42:19.0015 0192 IpFilterDriver - ok
20:42:19.0046 0192 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:42:19.0046 0192 IpInIp - ok
20:42:19.0093 0192 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:42:19.0093 0192 IpNat - ok
20:42:19.0109 0192 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:42:19.0109 0192 IPSec - ok
20:42:19.0140 0192 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:42:19.0140 0192 IRENUM - ok
20:42:19.0171 0192 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:42:19.0171 0192 isapnp - ok
20:42:19.0171 0192 ivusb - ok
20:42:19.0203 0192 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:42:19.0203 0192 Kbdclass - ok
20:42:19.0218 0192 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:42:19.0218 0192 kbdhid - ok
20:42:19.0250 0192 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
20:42:19.0250 0192 kmixer - ok
20:42:19.0265 0192 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
20:42:19.0265 0192 KSecDD - ok
20:42:19.0359 0192 Lavasoft Kernexplorer - ok
20:42:19.0375 0192 Lbd - ok
20:42:19.0390 0192 lbrtfdc - ok
20:42:19.0453 0192 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:42:19.0453 0192 mdmxsdk - ok
20:42:19.0500 0192 meiudf (8298785f3be8ab9798875d85b7a7a901) C:\WINDOWS\system32\Drivers\meiudf.sys
20:42:19.0500 0192 meiudf - ok
20:42:19.0546 0192 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\WINDOWS\system32\drivers\mfeapfk.sys
20:42:19.0546 0192 mfeapfk - ok
20:42:19.0593 0192 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\WINDOWS\system32\drivers\mfeavfk.sys
20:42:19.0593 0192 mfeavfk - ok
20:42:19.0609 0192 mfeavfk01 - ok
20:42:19.0640 0192 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\WINDOWS\system32\drivers\mfebopk.sys
20:42:19.0656 0192 mfebopk - ok
20:42:19.0703 0192 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\WINDOWS\system32\drivers\mfefirek.sys
20:42:19.0703 0192 mfefirek - ok
20:42:19.0750 0192 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\WINDOWS\system32\drivers\mfehidk.sys
20:42:19.0750 0192 mfehidk - ok
20:42:19.0796 0192 mfendisk (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:42:19.0812 0192 mfendisk - ok
20:42:19.0812 0192 mfendiskmp (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:42:19.0812 0192 mfendiskmp - ok
20:42:19.0859 0192 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\WINDOWS\system32\drivers\mferkdet.sys
20:42:19.0859 0192 mferkdet - ok
20:42:19.0906 0192 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
20:42:19.0906 0192 mferkdk - ok
20:42:19.0953 0192 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
20:42:19.0968 0192 mfesmfk - ok
20:42:20.0015 0192 mfetdi2k (2026fe7c9e6b26ffeb08cd89c6326b91) C:\WINDOWS\system32\drivers\mfetdi2k.sys
20:42:20.0015 0192 mfetdi2k - ok
20:42:20.0046 0192 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:42:20.0046 0192 MHNDRV - ok
20:42:20.0062 0192 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:42:20.0062 0192 mnmdd - ok
20:42:20.0109 0192 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
20:42:20.0109 0192 Modem - ok
20:42:20.0156 0192 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:42:20.0156 0192 MODEMCSA - ok
20:42:20.0250 0192 mosuport (f3aef73cb4df553871da0a3d429847b0) C:\WINDOWS\system32\DRIVERS\mosuport.sys
20:42:20.0265 0192 mosuport - ok
20:42:20.0296 0192 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:42:20.0296 0192 Mouclass - ok
20:42:20.0343 0192 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:42:20.0343 0192 mouhid - ok
20:42:20.0390 0192 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:42:20.0390 0192 MountMgr - ok
20:42:20.0437 0192 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:42:20.0437 0192 mraid35x - ok
20:42:20.0453 0192 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:42:20.0453 0192 MRxDAV - ok
20:42:20.0500 0192 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:42:20.0515 0192 MRxSmb - ok
20:42:20.0531 0192 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:42:20.0531 0192 Msfs - ok
20:42:20.0562 0192 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:42:20.0562 0192 MSKSSRV - ok
20:42:20.0593 0192 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:42:20.0593 0192 MSPCLOCK - ok
20:42:20.0609 0192 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
20:42:20.0609 0192 MSPQM - ok
20:42:20.0625 0192 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:42:20.0625 0192 mssmbios - ok
20:42:20.0640 0192 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
20:42:20.0640 0192 MSTEE - ok
20:42:20.0687 0192 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
20:42:20.0687 0192 Mup - ok
20:42:20.0718 0192 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:42:20.0718 0192 NABTSFEC - ok
20:42:20.0734 0192 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:42:20.0734 0192 NDIS - ok
20:42:20.0781 0192 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:42:20.0781 0192 NdisIP - ok
20:42:20.0796 0192 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:42:20.0796 0192 NdisTapi - ok
20:42:20.0828 0192 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:42:20.0828 0192 Ndisuio - ok
20:42:20.0843 0192 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:42:20.0843 0192 NdisWan - ok
20:42:20.0859 0192 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:42:20.0875 0192 NDProxy - ok
20:42:20.0890 0192 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:42:20.0890 0192 NetBIOS - ok
20:42:20.0906 0192 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:42:20.0921 0192 NetBT - ok
20:42:20.0953 0192 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:42:20.0968 0192 NIC1394 - ok
20:42:20.0984 0192 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:42:20.0984 0192 Npfs - ok
20:42:21.0031 0192 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
20:42:21.0078 0192 Ntfs - ok
20:42:21.0125 0192 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:42:21.0125 0192 Null - ok
20:42:21.0265 0192 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:42:21.0328 0192 nv - ok
20:42:21.0406 0192 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:42:21.0406 0192 NwlnkFlt - ok
20:42:21.0421 0192 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:42:21.0421 0192 NwlnkFwd - ok
20:42:21.0468 0192 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:42:21.0468 0192 ohci1394 - ok
20:42:21.0546 0192 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
20:42:21.0546 0192 Parport - ok
20:42:21.0578 0192 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:42:21.0593 0192 PartMgr - ok
20:42:21.0625 0192 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:42:21.0625 0192 ParVdm - ok
20:42:21.0656 0192 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
20:42:21.0656 0192 PCI - ok
20:42:21.0671 0192 PCIDump - ok
20:42:21.0734 0192 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:42:21.0734 0192 PCIIde - ok
20:42:21.0765 0192 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:42:21.0781 0192 Pcmcia - ok
20:42:21.0796 0192 PDCOMP - ok
20:42:21.0812 0192 PDFRAME - ok
20:42:21.0828 0192 PDRELI - ok
20:42:21.0843 0192 PDRFRAME - ok
20:42:21.0875 0192 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:42:21.0875 0192 perc2 - ok
20:42:21.0890 0192 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:42:21.0890 0192 perc2hib - ok
20:42:21.0953 0192 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
20:42:21.0953 0192 pnarp - ok
20:42:21.0984 0192 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:42:21.0984 0192 PptpMiniport - ok
20:42:22.0015 0192 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:42:22.0015 0192 PSched - ok
20:42:22.0031 0192 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:42:22.0031 0192 Ptilink - ok
20:42:22.0109 0192 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
20:42:22.0109 0192 purendis - ok
20:42:22.0171 0192 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:42:22.0171 0192 PxHelp20 - ok
20:42:22.0203 0192 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:42:22.0203 0192 ql1080 - ok
20:42:22.0234 0192 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:42:22.0234 0192 Ql10wnt - ok
20:42:22.0250 0192 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:42:22.0250 0192 ql12160 - ok
20:42:22.0281 0192 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:42:22.0281 0192 ql1240 - ok
20:42:22.0312 0192 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:42:22.0312 0192 ql1280 - ok
20:42:22.0343 0192 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:42:22.0343 0192 RasAcd - ok
20:42:22.0421 0192 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:42:22.0421 0192 Rasl2tp - ok
20:42:22.0484 0192 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:42:22.0484 0192 RasPppoe - ok
20:42:22.0500 0192 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:42:22.0500 0192 Raspti - ok
20:42:22.0531 0192 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:42:22.0531 0192 Rdbss - ok
20:42:22.0593 0192 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:42:22.0593 0192 RDPCDD - ok
20:42:22.0656 0192 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:42:22.0656 0192 rdpdr - ok
20:42:22.0687 0192 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
20:42:22.0703 0192 RDPWD - ok
20:42:22.0734 0192 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:42:22.0734 0192 redbook - ok
20:42:22.0796 0192 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:42:22.0796 0192 Secdrv - ok
20:42:22.0843 0192 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:42:22.0843 0192 serenum - ok
20:42:22.0890 0192 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
20:42:22.0890 0192 Serial - ok
20:42:22.0921 0192 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:42:22.0921 0192 Sfloppy - ok
20:42:22.0968 0192 Simbad - ok
20:42:23.0000 0192 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:42:23.0000 0192 sisagp - ok
20:42:23.0031 0192 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:42:23.0046 0192 SLIP - ok
20:42:23.0093 0192 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:42:23.0093 0192 Sparrow - ok
20:42:23.0125 0192 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
20:42:23.0140 0192 splitter - ok
20:42:23.0156 0192 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
20:42:23.0156 0192 sr - ok
20:42:23.0187 0192 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
20:42:23.0187 0192 Srv - ok
20:42:23.0234 0192 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:42:23.0250 0192 sscdbhk5 - ok
20:42:23.0265 0192 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
20:42:23.0265 0192 ssrtln - ok
20:42:23.0328 0192 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
20:42:23.0328 0192 STHDA - ok
20:42:23.0375 0192 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:42:23.0375 0192 StillCam - ok
20:42:23.0421 0192 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:42:23.0421 0192 streamip - ok
20:42:23.0453 0192 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:42:23.0453 0192 swenum - ok
20:42:23.0484 0192 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
20:42:23.0484 0192 swmidi - ok
20:42:23.0531 0192 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:42:23.0531 0192 symc810 - ok
20:42:23.0546 0192 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:42:23.0546 0192 symc8xx - ok
20:42:23.0562 0192 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:42:23.0562 0192 sym_hi - ok
20:42:23.0640 0192 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:42:23.0640 0192 sym_u3 - ok
20:42:23.0671 0192 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:42:23.0687 0192 sysaudio - ok
20:42:23.0718 0192 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:42:23.0734 0192 Tcpip - ok
20:42:23.0750 0192 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:42:23.0750 0192 TDPIPE - ok
20:42:23.0765 0192 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
20:42:23.0781 0192 TDTCP - ok
20:42:23.0796 0192 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:42:23.0796 0192 TermDD - ok
20:42:23.0812 0192 TfFsMon - ok
20:42:23.0828 0192 TfNetMon - ok
20:42:23.0890 0192 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
20:42:23.0906 0192 tfsnboio - ok
20:42:23.0921 0192 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
20:42:23.0921 0192 tfsncofs - ok
20:42:23.0953 0192 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
20:42:23.0953 0192 tfsndrct - ok
20:42:23.0968 0192 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
20:42:23.0968 0192 tfsndres - ok
20:42:24.0000 0192 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
20:42:24.0000 0192 tfsnifs - ok
20:42:24.0031 0192 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
20:42:24.0031 0192 tfsnopio - ok
20:42:24.0046 0192 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
20:42:24.0046 0192 tfsnpool - ok
20:42:24.0078 0192 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
20:42:24.0078 0192 tfsnudf - ok
20:42:24.0093 0192 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
20:42:24.0093 0192 tfsnudfa - ok
20:42:24.0156 0192 TfSysMon - ok
20:42:24.0234 0192 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:42:24.0234 0192 TosIde - ok
20:42:24.0328 0192 tyveqfpltmhj (843cb965b5d3b7c4dbb477bf3a179c0e) C:\WINDOWS\system32\drivers\tyveqfpltmhj.sys
20:42:24.0328 0192 tyveqfpltmhj - ok
20:42:24.0421 0192 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
20:42:24.0421 0192 Udfs - ok
20:42:24.0484 0192 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:42:24.0484 0192 ultra - ok
20:42:24.0531 0192 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
20:42:24.0546 0192 Update - ok
20:42:24.0593 0192 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:42:24.0593 0192 USBAAPL - ok
20:42:24.0625 0192 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
20:42:24.0625 0192 usbaudio - ok
20:42:24.0656 0192 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:42:24.0656 0192 usbccgp - ok
20:42:24.0687 0192 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:42:24.0687 0192 usbehci - ok
20:42:24.0734 0192 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:42:24.0734 0192 usbhub - ok
20:42:24.0781 0192 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
20:42:24.0781 0192 USBIO - ok
20:42:24.0796 0192 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:42:24.0796 0192 usbprint - ok
20:42:24.0828 0192 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:42:24.0859 0192 usbscan - ok
20:42:24.0890 0192 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:42:24.0890 0192 USBSTOR - ok
20:42:24.0921 0192 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:42:24.0921 0192 usbuhci - ok
20:42:24.0968 0192 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:42:24.0968 0192 usbvideo - ok
20:42:25.0046 0192 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:42:25.0046 0192 VgaSave - ok
20:42:25.0078 0192 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:42:25.0078 0192 viaagp - ok
20:42:25.0109 0192 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:42:25.0109 0192 ViaIde - ok
20:42:25.0156 0192 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
20:42:25.0156 0192 VolSnap - ok
20:42:25.0187 0192 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:42:25.0187 0192 Wanarp - ok
20:42:25.0203 0192 wanatw - ok
20:42:25.0218 0192 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
20:42:25.0218 0192 WDC_SAM - ok
20:42:25.0250 0192 WDICA - ok
20:42:25.0265 0192 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
20:42:25.0265 0192 wdmaud - ok
20:42:25.0328 0192 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:42:25.0390 0192 winachsf - ok
20:42:25.0453 0192 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
20:42:25.0453 0192 WinDriver6 - ok
20:42:25.0515 0192 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:42:25.0515 0192 WS2IFSL - ok
20:42:25.0546 0192 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:42:25.0546 0192 WSTCODEC - ok
20:42:25.0593 0192 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:42:25.0593 0192 WudfPf - ok
20:42:25.0640 0192 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:42:25.0640 0192 WudfRd - ok
20:42:25.0671 0192 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
20:42:25.0671 0192 \Device\Harddisk0\DR0 - ok
20:42:25.0687 0192 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
20:42:25.0687 0192 \Device\Harddisk1\DR4 - ok
20:42:25.0703 0192 Boot (0x1200) (36f677dafba63361cb55bd01fbbebded) \Device\Harddisk0\DR0\Partition0
20:42:25.0718 0192 \Device\Harddisk0\DR0\Partition0 - ok
20:42:25.0718 0192 Boot (0x1200) (679468958eaf69d7baf921957bb6c2fa) \Device\Harddisk1\DR4\Partition0
20:42:25.0718 0192 \Device\Harddisk1\DR4\Partition0 - ok
20:42:25.0718 0192 ============================================================
20:42:25.0718 0192 Scan finished
20:42:25.0718 0192 ============================================================
20:42:25.0734 4272 Detected object count: 1
20:42:25.0734 4272 Actual detected object count: 1
20:42:44.0328 4272 Backup copy found, using it..
20:42:44.0343 4272 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
20:42:44.0343 4272 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure

Edited by IndyDon, 06 October 2011 - 08:00 PM.


#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:32 AM

Posted 07 October 2011 - 03:07 PM

Hello IndyDon :)

Please UNINSTALL the following programs through the ADD/REMOVE feature of your Control Panel:

  • Browser Defender 2.0.6.15
  • MyWay Search Assistant
  • Viewpoint Media Player


Now, using Windows Explorer, I need you to DELETE the following files or folder(s) and all their content:


C:\Program Files\Browser Defender
C:\Program Files\MyWay
C:\Program Files\Viewpoint

==========

Next, perform the following, and see if you are then able to access your router:

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note them down: Router Passwords

  • Then reset your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


Did the three programs uninstall OK?
Are you now able to access your router?

Best Regards,
oneof4.


#11 IndyDon

IndyDon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 08 October 2011 - 06:59 PM

oneof4,

(1) Deleted MyWay and Viewpoint through Control Panel and deleted the folders
(2) Could not locate Browser Defender through control panel or in folder listing in Windows Explorer.

(3) Before resetting my router, I tried various actions to get it working. It turns out that by turning it off for several seconds and turning it back on restored my access to the Linksys admin setup screens. My login password is not the default and is a fairly secure password.

So, at this moment, I have access to my router and there are no redirects occurring. Looks like I am good to go. Many thanks for the time you spend helping people like me. You are awesome!

#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:32 AM

Posted 10 October 2011 - 06:33 AM

Hello IndyDon :)

That's GREAT news, that everything seems as it should. Just to double-check for leftovers, let's run these two scans:

Please open MalwareBytes, update it, and run a "Quick Scan". Post the scan results in your next reply.

Next,

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Best Regards,
oneof4.


#13 IndyDon

IndyDon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 11 October 2011 - 05:45 AM

oneof4,

Attached are the results of the two scans.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7918

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/10/2011 5:10:32 PM
mbam-log-2011-10-10 (17-10-32).txt

Scan type: Quick scan
Objects scanned: 201434
Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

* * * * * *
ESETS:

C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\12\3cc664c-1156978d probably a variant of Java/Exploit.CVE-2010-4452.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\15\6e2f1c8f-4f6a2d65 multiple threats deleted - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\19\4e2d6d53-24072f95 a variant of Java/TrojanDownloader.OpenStream.NCC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\19\4e2d6d53-6fc890a2 a variant of Java/TrojanDownloader.OpenStream.NCC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\25\15a7ff99-597ca3fb Java/TrojanDownloader.Agent.NCQ trojan deleted - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\26\70f0f65a-20e22f0c multiple threats deleted - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\38\d3a3da6-152f033b multiple threats deleted - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\44\6859aaec-5b46de26 multiple threats deleted - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\46\2314c3ee-37446c6f a variant of Java/TrojanDownloader.OpenStream.NBV trojan deleted - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\46\8a527ae-1dfa05df multiple threats deleted - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\5\7c18d505-20d96a4e a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\5\7c18d505-66aa44fd a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\52\62cc7eb4-56c23ccf a variant of Java/TrojanDownloader.OpenStream.NCE trojan deleted - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\54\12f20fb6-7a86b56f a variant of Java/TrojanDownloader.OpenStream.NBV trojan deleted - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\56\425b1d78-14cd3034 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\56\425b1d78-2f66c073 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\56\425b1d78-31e8398b a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\56\425b1d78-34d4541c a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\56\425b1d78-39efe56d a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\56\425b1d78-479fb5d6 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\58\4da7213a-40ed1ccf multiple threats deleted - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\9\7be78a09-4a6331d3 probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\6.0\9\7be78a09-7dd5b010 probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-2f20bbcd-1ab7996e.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-35070db3-2be66b54.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-3677b51f-30343122.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-3677b51f-74087c02.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined

#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:32 AM

Posted 11 October 2011 - 04:16 PM

Hello IndyDon :)

We have some program updating that needs to be done:

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet are a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

======

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

======

Your Adobe Reader also needs updating. Please follow this link to begin the update process.
NOTE: By default, it will also download Google Chrome, unless you uncheck the box to have it not.

======

Once all of these updates are complete, I believe we can declare the following:

Congratulations! You now appear clean! :cool:

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**********

Recommendations

Below are some recommendations to lower your chances of (re)infection.


  • Install an Anti-Spyware program, and update it regularly
    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.

    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    http://www.techtalkz.com/windows-7/515869-windows-update-enable-disable-automatic-updates-windows-7-guide.html
  • Keep your other software up to date as well. Software does not need to be made by Microsoft to be insecure. Download Secunia Software Inspector to keep all your software up to date.
  • Consider Firefox as your primary browser. Its safer, fast and secure!
  • Install WOT. Never inadvertently surf to a dangerous website again.
  • Install NoScript. Pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing . :(
**********

Safe Surfing!

Best Regards,
oneof4.


#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:32 AM

Posted 15 October 2011 - 04:17 PM

Hello IndyDon, are you still with us?

Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users