Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ReDirected Am I Infected


  • Please log in to reply
15 replies to this topic

#1 glf

glf

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 10 October 2011 - 07:17 PM

Hello,
I was redirected to this forum. From here: http://www.bleepingcomputer.com/forums/topic422217.html ~ OB My original post: Running WinXP SP3 on a Dell DEO51. Firefox stopped working, along with Flash Player. Will not load. I uninstalled and installed. FF disabled some of my java plugins. Next time I turned computer on, FF would not load. So, I uninstalled and reinstalled. Still will not load. Same thing with Google Chrome. It seems as if something is stopping it. Tried downloading Adobe Flash Player and keep getting the prompt to close my Flash Player settings manager, but can't get to it without Flash. I am ready to rip my hair out. Any help is greatly appreciated.
Also ran Malwarebytes three days ago and it came back clean.
Did back up. defogger and dds.
Attach dds text and gmer attached in next post.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by administrator at 19:57:31 on 2011-10-10
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uSearch Bar = hxxp://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
uInternet Settings,ProxyOverride = <local>
BHO: {0441e0f5-edb5-40bb-b1e6-487a95a0e189} - c:\windows\system32\audiodev32.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Frontier Browser Assistant: {a93a3cc9-ba23-4d0d-9440-6a0148362b7e} - c:\program files\frontierba\browserassistant\fbabar.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dPolicies-explorer: NoDesktop = 1 (0x1)
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: target.com\hrportalperf
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{DFB25A9E-4FCD-4A2B-B40B-A1FD6C34E2A9} : DhcpNameServer = 192.168.254.254 192.168.254.254
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
.
============= SERVICES / DRIVERS ===============
.
R? mcupdmgr.exe;McAfee SecurityCenter Update Manager
R? pmxscan;Visioneer USB Kernel
R? Secunia Update Agent;Secunia Update Agent
S? !SASCORE;SAS Core Service
S? cbVSCService;Cobian Backup 10 Volume Shadow Copy service
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? McDetect.exe;McAfee WSC Integration
S? McTskshd.exe;McAfee Task Scheduler
S? ppsio2;PPDevice
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2011-10-07 20:38:19 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2011-10-07 20:37:59 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-07 20:37:48 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
2011-10-07 05:49:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 04:18:39 -------- d-----w- c:\program files\ESET
2011-10-02 17:22:07 -------- d-----w- c:\program files\NirSoft
2011-10-01 18:13:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-29 14:55:13 116224 ----a-w- c:\windows\_detmp.2
2011-09-16 20:44:49 -------- d-----w- c:\windows\system32\CatRoot2
.
==================== Find3M ====================
.
2011-10-10 21:51:00 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-09-05 19:59:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-05 19:59:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 18:36:24 296411 ----a-w- c:\windows\system32\shimg.dll
2011-08-30 12:31:51 104 --sh--r- c:\windows\system32\B85A20EDDB.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-06-22 17:44:58 2078344 -c--a-w- c:\program files\NPSWF32.dll
2006-06-22 17:44:58 2078344 -c--a-w- c:\program files\common files\NPSWF32.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JB-75GVC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82C3D4C0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x82c448a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x82c44730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8338BAB8]
3 CLASSPNP[0xF8837FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x832D9DA8]
\Driver\atapi[0x83068428] -> IRP_MJ_CREATE -> 0x82C3D4C0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82C3D2E0
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:58:33.40 ===============

Again, thank you for all of your help! I have now lost sound. This is maddening.

Edited by Orange Blossom, 13 October 2011 - 02:06 PM.


BC AdBot (Login to Remove)

 


#2 glf

glf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 10 October 2011 - 07:46 PM

Attached below dds attach txt and gmer as ark.txt.

Attached Files



#3 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:31 PM

Posted 15 October 2011 - 08:58 AM

hi glf,

Your post is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#4 glf

glf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 15 October 2011 - 11:29 AM

Oh, boy, do I still need help!
I believe this all started with the google redirect. All programs files either disappeared or came up with empty files. Then Generic Host Process Error, disconnect, and I have some crazy files under Content.IE5 in Temporary Internet.
Thank you!!
PS. Also found a strange task that runs daily in my Scheduled Task-
C:\WINDOWS\Tasks\lwjdxyzk.job

Edited by glf, 15 October 2011 - 12:18 PM.


#5 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:31 PM

Posted 15 October 2011 - 08:07 PM

ok.We will get a download to use. TDSSkiller. Run it first then after the reboot update and run Malwarebytes. Please post the tdsskiller log:


Please download TDSS Killer.exe and save it to your desktop


Double click to launch the utility. Vista and Windows 7 right click and "run as admin.." After it initializes click the start scan button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.


A report can also be found in your Root drive Local Disk © as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)

Then we will go from there.

How Can I Reduce My Risk to Malware?


#6 glf

glf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 16 October 2011 - 01:24 PM

Thank you. Scanning with Mbam now.
Here is the Rootkill log.

14:13:08.0477 3976 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
14:13:08.0915 3976 ============================================================
14:13:08.0915 3976 Current date / time: 2011/10/16 14:13:08.0915
14:13:08.0915 3976 SystemInfo:
14:13:08.0915 3976
14:13:08.0915 3976 OS Version: 5.1.2600 ServicePack: 3.0
14:13:08.0915 3976 Product type: Workstation
14:13:08.0915 3976 ComputerName: DB7POS91
14:13:08.0915 3976 UserName: Admin User
14:13:08.0915 3976 Windows directory: C:\WINDOWS
14:13:08.0915 3976 System windows directory: C:\WINDOWS
14:13:08.0915 3976 Processor architecture: Intel x86
14:13:08.0915 3976 Number of processors: 1
14:13:08.0915 3976 Page size: 0x1000
14:13:08.0915 3976 Boot type: Normal boot
14:13:08.0915 3976 ============================================================
14:13:10.0837 3976 Initialize success
14:13:32.0093 4040 ============================================================
14:13:32.0093 4040 Scan started
14:13:32.0093 4040 Mode: Manual;
14:13:32.0093 4040 ============================================================
14:13:32.0640 4040 Abiosdsk - ok
14:13:32.0703 4040 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:13:32.0703 4040 abp480n5 - ok
14:13:32.0812 4040 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:13:32.0812 4040 ACPI - ok
14:13:32.0906 4040 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:13:32.0906 4040 ACPIEC - ok
14:13:32.0953 4040 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:13:32.0953 4040 adpu160m - ok
14:13:33.0031 4040 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:13:33.0031 4040 aec - ok
14:13:33.0109 4040 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
14:13:33.0140 4040 AFD - ok
14:13:33.0219 4040 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:13:33.0219 4040 agp440 - ok
14:13:33.0266 4040 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:13:33.0266 4040 agpCPQ - ok
14:13:33.0281 4040 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:13:33.0281 4040 Aha154x - ok
14:13:33.0328 4040 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:13:33.0328 4040 aic78u2 - ok
14:13:33.0359 4040 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:13:33.0359 4040 aic78xx - ok
14:13:33.0422 4040 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:13:33.0422 4040 AliIde - ok
14:13:33.0453 4040 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:13:33.0453 4040 alim1541 - ok
14:13:33.0516 4040 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:13:33.0516 4040 amdagp - ok
14:13:33.0531 4040 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:13:33.0531 4040 amsint - ok
14:13:33.0578 4040 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:13:33.0594 4040 asc - ok
14:13:33.0609 4040 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:13:33.0609 4040 asc3350p - ok
14:13:33.0656 4040 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:13:33.0656 4040 asc3550 - ok
14:13:33.0766 4040 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
14:13:33.0766 4040 ASCTRM - ok
14:13:33.0859 4040 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:13:33.0859 4040 AsyncMac - ok
14:13:33.0906 4040 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:13:33.0906 4040 atapi - ok
14:13:33.0922 4040 Atdisk - ok
14:13:33.0984 4040 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:13:33.0984 4040 Atmarpc - ok
14:13:34.0047 4040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:13:34.0047 4040 audstub - ok
14:13:34.0094 4040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:13:34.0094 4040 Beep - ok
14:13:34.0141 4040 bvrp_pci - ok
14:13:34.0172 4040 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:13:34.0172 4040 cbidf - ok
14:13:34.0219 4040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:13:34.0219 4040 cbidf2k - ok
14:13:34.0266 4040 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:13:34.0266 4040 cd20xrnt - ok
14:13:34.0281 4040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:13:34.0281 4040 Cdaudio - ok
14:13:34.0328 4040 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:13:34.0328 4040 Cdfs - ok
14:13:34.0391 4040 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:13:34.0391 4040 Cdrom - ok
14:13:34.0406 4040 Changer - ok
14:13:34.0469 4040 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:13:34.0469 4040 CmdIde - ok
14:13:35.0079 4040 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:13:35.0219 4040 Cpqarray - ok
14:13:35.0485 4040 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:13:35.0485 4040 dac2w2k - ok
14:13:35.0532 4040 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:13:35.0532 4040 dac960nt - ok
14:13:35.0610 4040 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:13:35.0610 4040 Disk - ok
14:13:35.0704 4040 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:13:35.0719 4040 dmboot - ok
14:13:35.0797 4040 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:13:35.0797 4040 dmio - ok
14:13:35.0829 4040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:13:35.0829 4040 dmload - ok
14:13:35.0907 4040 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:13:35.0907 4040 DMusic - ok
14:13:35.0954 4040 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:13:35.0954 4040 dpti2o - ok
14:13:36.0016 4040 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:13:36.0016 4040 drmkaud - ok
14:13:36.0048 4040 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:13:36.0048 4040 E100B - ok
14:13:36.0110 4040 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:13:36.0141 4040 Fastfat - ok
14:13:36.0173 4040 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:13:36.0173 4040 Fdc - ok
14:13:36.0235 4040 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:13:36.0235 4040 Fips - ok
14:13:36.0266 4040 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:13:36.0282 4040 Flpydisk - ok
14:13:36.0329 4040 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:13:36.0329 4040 FltMgr - ok
14:13:36.0360 4040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:13:36.0360 4040 Fs_Rec - ok
14:13:36.0454 4040 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:13:36.0454 4040 Ftdisk - ok
14:13:36.0516 4040 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:13:36.0516 4040 Gpc - ok
14:13:36.0548 4040 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:13:36.0548 4040 HidUsb - ok
14:13:36.0579 4040 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:13:36.0595 4040 hpn - ok
14:13:36.0641 4040 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:13:36.0641 4040 HSFHWBS2 - ok
14:13:36.0704 4040 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:13:36.0735 4040 HSF_DP - ok
14:13:36.0860 4040 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:13:36.0860 4040 HTTP - ok
14:13:36.0923 4040 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:13:36.0923 4040 i2omgmt - ok
14:13:36.0985 4040 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:13:36.0985 4040 i2omp - ok
14:13:37.0017 4040 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:13:37.0017 4040 i8042prt - ok
14:13:37.0142 4040 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:13:37.0173 4040 ialm - ok
14:13:37.0235 4040 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:13:37.0235 4040 Imapi - ok
14:13:37.0298 4040 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:13:37.0298 4040 ini910u - ok
14:13:37.0392 4040 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:13:37.0392 4040 IntelIde - ok
14:13:37.0501 4040 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:13:37.0501 4040 intelppm - ok
14:13:37.0579 4040 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:13:37.0579 4040 Ip6Fw - ok
14:13:37.0642 4040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:13:37.0642 4040 IpFilterDriver - ok
14:13:37.0704 4040 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:13:37.0704 4040 IpInIp - ok
14:13:37.0767 4040 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:13:37.0767 4040 IpNat - ok
14:13:37.0798 4040 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:13:37.0798 4040 IPSec - ok
14:13:37.0892 4040 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:13:37.0892 4040 IRENUM - ok
14:13:37.0907 4040 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:13:37.0923 4040 isapnp - ok
14:13:37.0986 4040 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:13:38.0017 4040 Kbdclass - ok
14:13:38.0048 4040 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:13:38.0048 4040 kbdhid - ok
14:13:38.0095 4040 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:13:38.0095 4040 kmixer - ok
14:13:38.0158 4040 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:13:38.0173 4040 KSecDD - ok
14:13:38.0204 4040 lbrtfdc - ok
14:13:38.0267 4040 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:13:38.0267 4040 MBAMProtector - ok
14:13:38.0361 4040 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:13:38.0361 4040 mdmxsdk - ok
14:13:38.0423 4040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:13:38.0423 4040 mnmdd - ok
14:13:38.0517 4040 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:13:38.0517 4040 Modem - ok
14:13:38.0548 4040 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:13:38.0548 4040 MODEMCSA - ok
14:13:38.0580 4040 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:13:38.0580 4040 Mouclass - ok
14:13:38.0673 4040 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:13:38.0673 4040 mouhid - ok
14:13:38.0705 4040 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:13:38.0720 4040 MountMgr - ok
14:13:38.0767 4040 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:13:38.0767 4040 mraid35x - ok
14:13:38.0783 4040 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:13:38.0798 4040 MRxDAV - ok
14:13:38.0955 4040 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:13:38.0955 4040 MRxSmb - ok
14:13:38.0986 4040 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:13:38.0986 4040 Msfs - ok
14:13:39.0080 4040 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:13:39.0080 4040 MSKSSRV - ok
14:13:39.0111 4040 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:13:39.0111 4040 MSPCLOCK - ok
14:13:39.0158 4040 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:13:39.0158 4040 MSPQM - ok
14:13:39.0236 4040 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:13:39.0236 4040 mssmbios - ok
14:13:39.0330 4040 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:13:39.0330 4040 Mup - ok
14:13:39.0361 4040 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:13:39.0361 4040 NDIS - ok
14:13:39.0470 4040 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:13:39.0470 4040 NdisTapi - ok
14:13:39.0517 4040 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:13:39.0517 4040 Ndisuio - ok
14:13:39.0533 4040 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:13:39.0533 4040 NdisWan - ok
14:13:39.0595 4040 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:13:39.0595 4040 NDProxy - ok
14:13:39.0611 4040 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:13:39.0611 4040 NetBIOS - ok
14:13:39.0705 4040 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:13:39.0705 4040 NetBT - ok
14:13:39.0783 4040 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:13:39.0783 4040 Npfs - ok
14:13:39.0845 4040 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:13:39.0861 4040 Ntfs - ok
14:13:39.0955 4040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:13:39.0955 4040 Null - ok
14:13:40.0080 4040 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:13:40.0142 4040 nv - ok
14:13:40.0236 4040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:13:40.0267 4040 NwlnkFlt - ok
14:13:40.0299 4040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:13:40.0299 4040 NwlnkFwd - ok
14:13:40.0361 4040 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:13:40.0361 4040 Parport - ok
14:13:40.0455 4040 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:13:40.0455 4040 PartMgr - ok
14:13:40.0518 4040 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:13:40.0518 4040 ParVdm - ok
14:13:40.0533 4040 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:13:40.0533 4040 PCI - ok
14:13:40.0549 4040 PCIDump - ok
14:13:40.0596 4040 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:13:40.0596 4040 PCIIde - ok
14:13:40.0658 4040 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:13:40.0658 4040 Pcmcia - ok
14:13:40.0674 4040 PDCOMP - ok
14:13:40.0721 4040 PDFRAME - ok
14:13:40.0736 4040 PDRELI - ok
14:13:40.0830 4040 PDRFRAME - ok
14:13:40.0893 4040 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:13:40.0893 4040 perc2 - ok
14:13:40.0971 4040 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:13:40.0971 4040 perc2hib - ok
14:13:41.0080 4040 pmxscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:13:41.0080 4040 pmxscan - ok
14:13:41.0174 4040 ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys
14:13:41.0174 4040 ppsio2 - ok
14:13:41.0221 4040 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:13:41.0221 4040 PptpMiniport - ok
14:13:41.0268 4040 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:13:41.0268 4040 PSched - ok
14:13:41.0283 4040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:13:41.0283 4040 Ptilink - ok
14:13:41.0330 4040 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:13:41.0330 4040 PxHelp20 - ok
14:13:41.0362 4040 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:13:41.0362 4040 ql1080 - ok
14:13:41.0424 4040 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:13:41.0424 4040 Ql10wnt - ok
14:13:41.0471 4040 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:13:41.0471 4040 ql12160 - ok
14:13:41.0518 4040 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:13:41.0518 4040 ql1240 - ok
14:13:41.0549 4040 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:13:41.0549 4040 ql1280 - ok
14:13:41.0612 4040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:13:41.0643 4040 RasAcd - ok
14:13:41.0674 4040 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:13:41.0674 4040 Rasl2tp - ok
14:13:41.0721 4040 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:13:41.0721 4040 RasPppoe - ok
14:13:41.0737 4040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:13:41.0737 4040 Raspti - ok
14:13:41.0784 4040 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:13:41.0799 4040 Rdbss - ok
14:13:41.0830 4040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:13:41.0830 4040 RDPCDD - ok
14:13:41.0893 4040 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:13:41.0893 4040 rdpdr - ok
14:13:41.0971 4040 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:13:41.0987 4040 RDPWD - ok
14:13:42.0096 4040 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:13:42.0096 4040 redbook - ok
14:13:42.0331 4040 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:13:42.0331 4040 SASDIFSV - ok
14:13:42.0346 4040 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:13:42.0346 4040 SASKUTIL - ok
14:13:42.0456 4040 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:13:42.0456 4040 Secdrv - ok
14:13:42.0721 4040 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
14:13:43.0253 4040 senfilt - ok
14:13:43.0472 4040 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:13:43.0472 4040 serenum - ok
14:13:43.0550 4040 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:13:43.0550 4040 Serial - ok
14:13:43.0612 4040 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:13:43.0612 4040 Sfloppy - ok
14:13:43.0659 4040 Simbad - ok
14:13:43.0722 4040 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:13:43.0722 4040 sisagp - ok
14:13:43.0800 4040 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
14:13:43.0800 4040 smwdm - ok
14:13:43.0893 4040 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:13:43.0893 4040 SONYPVU1 - ok
14:13:43.0972 4040 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:13:43.0972 4040 Sparrow - ok
14:13:44.0050 4040 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:13:44.0050 4040 splitter - ok
14:13:44.0144 4040 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:13:44.0144 4040 sr - ok
14:13:44.0237 4040 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:13:44.0237 4040 Srv - ok
14:13:44.0362 4040 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:13:44.0362 4040 swenum - ok
14:13:44.0394 4040 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:13:44.0394 4040 swmidi - ok
14:13:44.0456 4040 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:13:44.0456 4040 symc810 - ok
14:13:44.0487 4040 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:13:44.0487 4040 symc8xx - ok
14:13:44.0534 4040 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:13:44.0534 4040 sym_hi - ok
14:13:44.0581 4040 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:13:44.0581 4040 sym_u3 - ok
14:13:44.0644 4040 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:13:44.0644 4040 sysaudio - ok
14:13:44.0737 4040 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:13:44.0737 4040 Tcpip - ok
14:13:44.0831 4040 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:13:44.0831 4040 TDPIPE - ok
14:13:44.0863 4040 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:13:44.0863 4040 TDTCP - ok
14:13:44.0909 4040 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:13:44.0909 4040 TermDD - ok
14:13:45.0019 4040 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:13:45.0019 4040 TosIde - ok
14:13:45.0113 4040 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:13:45.0144 4040 Udfs - ok
14:13:45.0175 4040 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:13:45.0175 4040 ultra - ok
14:13:45.0269 4040 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:13:45.0269 4040 Update - ok
14:13:45.0331 4040 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:13:45.0331 4040 usbehci - ok
14:13:45.0363 4040 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:13:45.0363 4040 usbhub - ok
14:13:45.0456 4040 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:13:45.0456 4040 USBSTOR - ok
14:13:45.0488 4040 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:13:45.0488 4040 usbuhci - ok
14:13:45.0535 4040 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:13:45.0535 4040 VgaSave - ok
14:13:45.0597 4040 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:13:45.0597 4040 viaagp - ok
14:13:45.0644 4040 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:13:45.0644 4040 ViaIde - ok
14:13:45.0707 4040 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:13:45.0707 4040 VolSnap - ok
14:13:45.0769 4040 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:13:45.0769 4040 Wanarp - ok
14:13:45.0847 4040 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:13:45.0847 4040 wanatw - ok
14:13:45.0894 4040 WDICA - ok
14:13:45.0925 4040 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:13:45.0925 4040 wdmaud - ok
14:13:46.0050 4040 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:13:46.0066 4040 winachsf - ok
14:13:46.0207 4040 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:13:46.0207 4040 WS2IFSL - ok
14:13:46.0285 4040 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:13:46.0285 4040 WudfPf - ok
14:13:46.0347 4040 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:13:46.0347 4040 WudfRd - ok
14:13:46.0363 4040 MBR (0x1B8) (7c813d1ed418f46302a154e14cf3bdc5) \Device\Harddisk0\DR0
14:13:46.0363 4040 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
14:13:46.0363 4040 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
14:13:46.0410 4040 Boot (0x1200) (0a7831e2ab7e3ba2b5ab79d98353ceb2) \Device\Harddisk0\DR0\Partition0
14:13:46.0410 4040 \Device\Harddisk0\DR0\Partition0 - ok
14:13:46.0457 4040 Boot (0x1200) (323e60dd48ae943f655a144b102f2141) \Device\Harddisk0\DR0\Partition1
14:13:46.0457 4040 \Device\Harddisk0\DR0\Partition1 - ok
14:13:46.0457 4040 ============================================================
14:13:46.0457 4040 Scan finished
14:13:46.0457 4040 ============================================================
14:13:46.0472 4032 Detected object count: 1
14:13:46.0472 4032 Actual detected object count: 1
14:14:17.0184 4032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot
14:14:17.0184 4032 \Device\Harddisk0\DR0 - ok
14:14:17.0184 4032 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure
14:14:20.0544 3972 Deinitialize success

Edited by glf, 16 October 2011 - 01:36 PM.


#7 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:31 PM

Posted 16 October 2011 - 02:28 PM

ok good. After you ran tdsskiller, you rebooted your machine?

How Can I Reduce My Risk to Malware?


#8 glf

glf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 16 October 2011 - 02:34 PM

Yes. I rebooted, then updated and ran Mbam full scan. No infections found. As soon as Rootkill began, Windows alerted me that I had updates ready to install, but I have not done that.

#9 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:31 PM

Posted 16 October 2011 - 05:13 PM

ok good. Rescan with DDS and post a new log. You can go ahead and grab those Windows updates


PS. Also found a strange task that runs daily in my Scheduled Task-
C:\WINDOWS\Tasks\lwjdxyzk.job


If thats still a scheduled task, you can delete it- just to remove it. The actual running of the task,whatever it is, should no longer be present.

How Can I Reduce My Risk to Malware?


#10 glf

glf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 16 October 2011 - 10:02 PM

Thanks!
Here ya go.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Admin 1 at 22:56:02 on 2011-10-16
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\Admin 1\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uSearch Bar = hxxp://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
uInternet Settings,ProxyOverride = <local>
BHO: {0441e0f5-edb5-40bb-b1e6-487a95a0e189} - c:\windows\system32\audiodev32.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Frontier Browser Assistant: {a93a3cc9-ba23-4d0d-9440-6a0148362b7e} - c:\program files\frontierba\browserassistant\fbabar.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dPolicies-explorer: NoDesktop = 1 (0x1)
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: target.com\hrportalperf
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{DFB25A9E-4FCD-4A2B-B40B-A1FD6C34E2A9} : DhcpNameServer = 192.168.254.254 192.168.254.254
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
.
============= SERVICES / DRIVERS ===============
.
R? mcupdmgr.exe;McAfee SecurityCenter Update Manager
R? pmxscan;Visioneer USB Kernel
R? Secunia Update Agent;Secunia Update Agent
S? !SASCORE;SAS Core Service
S? cbVSCService;Cobian Backup 10 Volume Shadow Copy service
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? McDetect.exe;McAfee WSC Integration
S? McTskshd.exe;McAfee Task Scheduler
S? ppsio2;PPDevice
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2011-10-07 20:38:19 -------- d-----w- c:\documents and settings\Admin 1\application data\SUPERAntiSpyware.com
2011-10-07 20:37:59 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-07 20:37:48 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
2011-10-07 05:49:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 04:18:39 -------- d-----w- c:\program files\ESET
2011-10-02 17:22:07 -------- d-----w- c:\program files\NirSoft
2011-10-01 18:13:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-29 14:55:13 116224 ----a-w- c:\windows\_detmp.2
2011-09-26 15:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
.
==================== Find3M ====================
.
2011-10-10 21:51:00 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 19:59:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-05 19:59:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 18:36:24 296411 ----a-w- c:\windows\system32\shimg.dll
2011-08-30 12:31:51 104 --sh--r- c:\windows\system32\B85A20EDDB.sys
2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32:16 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
2011-08-12 17:51:26 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2006-06-22 17:44:58 2078344 -c--a-w- c:\program files\NPSWF32.dll
2006-06-22 17:44:58 2078344 -c--a-w- c:\program files\common files\NPSWF32.dll
.
============= FINISH: 22:57:32.39 ===============

#11 glf

glf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 16 October 2011 - 10:04 PM

attached txt.

Attached Files



#12 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:31 PM

Posted 17 October 2011 - 05:51 PM

ok thanks for the info. Look in your add/remove programs panel and uninstall these tool bars if listed:

My Way or My Search
VMN Toolbar
Frontier Browser Assistant

The first one is malware, not sure about the others but in any case they just incorporate themselves in your browser and a lot of them will sneak in as add ons with other software. Hows it looking on your end now?

How Can I Reduce My Risk to Malware?


#13 glf

glf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 17 October 2011 - 08:42 PM

Did not see the first one, My Way or My Search/ Uninstalled VNM and Frontier thingys.
After the rootkill, I have not seen the Generic Host Error but IE has continued Not Responding and when I log on, it goes to http://www.bing.com/?pc=ZUGO&form=ZGAPHP
Is this a redirect?
Thanks for your help.
Don't leave me. :crazy:

#14 glf

glf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 17 October 2011 - 08:45 PM

Oh, foot! Just did a search and found
Cookie:my name@myway.com/
How do i get rid of this?

Edited by glf, 17 October 2011 - 10:04 PM.


#15 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:31 PM

Posted 18 October 2011 - 07:21 PM

thanks for the info. For IE try this:

At the top go to tools>internet options. under the advanced tab: look for and click on Reset Settings. That should be close, I am in Linux right now and cant check to make sure. This will set IE back to its defaults. Cookies aren't to much to get worried about, they can be controlled via your browser. See if things improve after the reset.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users