Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another google redirection problem


  • This topic is locked This topic is locked
12 replies to this topic

#1 porcelain monkey

porcelain monkey

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 30 October 2011 - 04:13 PM

I posted on the "Am I infected" Forum with this same thread title "another google redirect problem". Topic referenced: http://www.bleepingcomputer.com/forums/topic425562.html ~ OB I have read the Preparation Guide and have referred to some issues I have experienced with my preparation in the previous forum.

The original redirection issues I was having were still apparent after I was asked to go into Firefox 3.x, close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).

I was then asked to start this thread. Thank you.

Edited by Orange Blossom, 30 October 2011 - 11:27 PM.


BC AdBot (Login to Remove)

 


#2 porcelain monkey

porcelain monkey
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 31 October 2011 - 09:04 AM

Below are the Security check, MiniToolBox & Malwarebytes results. When I tried the GMER all I got was "The connection was reset while the page was loading"

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 29
Java™ 6 Update 5
Out of date Java installed!
Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````

MiniToolBox by Farbar
Ran by Any other people (administrator) on 29-10-2011 at 21:02:38
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : XXXXXXX Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC Physical Address. . . . . . . . . : 00-11-09-28-D5-5E Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 95.168.162.12 95.168.162.22 Lease Obtained. . . . . . . . . . : 29 October 2011 18:37:40 Lease Expires . . . . . . . . . . : 01 November 2011 18:37:40 Server: UnKnown
Address: 95.168.162.12

Name: google.com
Addresses: 209.85.148.99, 209.85.148.103, 209.85.148.104, 209.85.148.105
209.85.148.106, 209.85.148.147

Pinging google.com [209.85.148.147] with 32 bytes of data: Reply from 209.85.148.147: bytes=32 time=40ms TTL=50 Reply from 209.85.148.147: bytes=32 time=40ms TTL=50 Ping statistics for 209.85.148.147: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 40ms, Maximum = 40ms, Average = 40ms Server: UnKnown
Address: 95.168.162.12

Name: yahoo.com
Addresses: 67.195.160.76, 72.30.2.43, 98.137.149.56, 98.139.180.149
209.191.122.70

Pinging yahoo.com [209.191.122.70] with 32 bytes of data: Reply from 209.191.122.70: bytes=32 time=145ms TTL=41 Reply from 209.191.122.70: bytes=32 time=160ms TTL=41 Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 145ms, Maximum = 160ms, Average = 152ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms ===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 09 28 d5 5e ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.3 192.168.1.3 20
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 20
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 20
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 20
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog5 05 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/29/2011 04:20:24 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.4280, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/28/2011 00:12:20 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (10/26/2011 09:13:46 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry0moaccapability3.0.8402.000unspecifiedunspecifiedNILNILNIL

Error: (10/26/2011 08:01:01 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.7702.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (10/26/2011 08:00:56 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry2152759308unspecifiedscanfile3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (10/26/2011 08:00:51 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.7702.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (10/26/2011 08:00:17 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.7702.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (10/26/2011 07:59:51 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.7702.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (10/26/2011 07:43:24 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry0x80070003moaccachereset3.0.8402.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (10/26/2011 10:10:47 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.


System errors:
=============
Error: (10/29/2011 06:40:51 PM) (Source: Service Control Manager) (User: )
Description: The KService service hung on starting.

Error: (10/29/2011 06:39:26 PM) (Source: Service Control Manager) (User: )
Description: The Secdrv service failed to start due to the following error:
%%31

Error: (10/29/2011 06:39:26 PM) (Source: Service Control Manager) (User: )
Description: The DigitalCam Pro Video Camera Device service failed to start due to the following error:
%%1058

Error: (10/29/2011 06:35:49 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/29/2011 06:34:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
aswRdr
aswSnx
aswSP
aswTdi
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error: (10/29/2011 06:34:54 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (10/29/2011 06:34:54 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (10/29/2011 06:34:54 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (10/29/2011 06:34:54 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%31

Error: (10/29/2011 06:34:54 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (10/29/2011 04:20:24 PM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.4280ntdll.dll5.1.2600.60550000100b

Error: (10/28/2011 00:12:20 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (10/26/2011 09:13:46 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0moaccapability3.0.8402.000unspecifiedunspecifiedNILNILNIL

Error: (10/26/2011 08:01:01 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.7702.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (10/26/2011 08:00:56 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (10/26/2011 08:00:51 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.7702.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (10/26/2011 08:00:17 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.7702.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (10/26/2011 07:59:51 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.7702.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (10/26/2011 07:43:24 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset3.0.8402.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (10/26/2011 10:10:47 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L


=========================== Installed Programs ============================

4oD (Version: 2.0.23.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader X (10.1.1) (Version: 10.1.1)
AGT Pro (Version: 1.1.11)
Apple Mobile Device Support (Version: 2.1.1.13)
Apple Software Update (Version: 2.1.1.116)
ATI Control Panel (Version: 6.14.10.5046)
ATI Display Driver (Version: 7.94-030917m-011435C-ATI)
ATI HydraVision
avast! Free Antivirus (Version: 6.0.1289.0)
Belkin 54g USB Network Adapter
Bonjour (Version: 1.0.105)
CCleaner (Version: 3.07)
Conduit Engine (Version: )
Defraggler (Version: 2.04)
Digimax A5
DigitalCam Pro
eMachines Bay Reader (Version: 1.07)
Google Chrome (Version: 15.0.874.106)
Google Update Helper (Version: 1.3.21.79)
Intel® Extreme Graphics Driver
Internet Optimizer
IRXpress USB IrDA
iTunes (Version: 8.0.1.11)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 5 (Version: 1.6.0.50)
Kodak EasyShare software
Labtec Keyboard-Desktop Software (Version: 1.00.000)
Labtec Mouse
Learn2 Player (Uninstall Only)
Lexmark 730 Series
LG SyncManager (Version: 1.00.0000)
LG USB Modem driver-U400 (Version: 1.0.0.0000)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Media Gateway
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Age of Empires
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Office XP Pro Step by Step Interactive
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Journal Viewer (Version: 1.5.2316.0)
Microsoft Works 7.0 (Version: 07.02.0620)
Mozilla Firefox (3.6.23) (Version: 3.6.23 (en-GB))
MSN Toolbar
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Keyboard Driver
My_Voucher_Codes Toolbar (Version: )
Nero OEM
Network Play System (Patching)
OpenMG Secure Module 4.3.00 (Version: 4.3.00.08302)
PCFriendly
PCShowBuzz (Version: 1.2)
PDF Manual NW-A10003000 (Version: 1.0.00.09080)
PowerDVD
QuickTime (Version: 7.55.90.70)
RealPlayer Basic
Realtek AC'97 Audio
SelectRebates
Skype Toolbars (Version: 5.3.7280)
Skype™ 5.3 (Version: 5.3.116)
Smart Link 56K Voice Modem
The Sims Livin' it up
Viewpoint Media Player
WebFldrs XP (Version: 9.50.6513)
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Messenger (Version: 8.1.0178.00)
Windows Live Sign-in Assistant (Version: 4.000.248.1)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Movie Maker 2.0 (Version: 2.0.0000)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 80%
Total physical RAM: 511.48 MB
Available physical RAM: 97.48 MB
Total Pagefile: 1247.26 MB
Available Pagefile: 708.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1997.71 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:115.04 GB) (Free:53.85 GB) NTFS

========================= Users: ========================================

User accounts for \\XXXXXXX

Administrator Any other people Guest
HelpAssistant XXXXXXX SUPPORT_388945a0


**** End of log ****

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8042

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

29/10/2011 22:44:02
mbam-log-2011-10-29 (22-44-02).txt

Scan type: Quick scan
Objects scanned: 202024
Time elapsed: 21 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 porcelain monkey

porcelain monkey
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 01 November 2011 - 11:43 AM

I tried to create the DDS log. I downloaded Defogger & followed the instructions for that then downloaded & Run DDS but the two files were DDS.notepad and Attach.notepad NOT DDS.txt - Notepad and Attach.txt - Notepad. I had deleted them to start again. I have renamed the other file & attached it attach.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by Any other people at 16:25:20 on 2011-11-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.165 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: My Voucher Codes Toolbar: {15b9700d-f5b7-4d0a-ae43-9b5099836a58} - c:\program files\my_voucher_codes\prxtbMy_0.dll
mURLSearchHooks: H - No File
BHO: My Voucher Codes Toolbar: {15b9700d-f5b7-4d0a-ae43-9b5099836a58} - c:\program files\my_voucher_codes\prxtbMy_0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-gb\msntb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-gb\msntb.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: My Voucher Codes Toolbar: {15b9700d-f5b7-4d0a-ae43-9b5099836a58} - c:\program files\my_voucher_codes\prxtbMy_0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [<NO NAME>]
mRun: [KeyBoard] c:\progra~1\labtec\labtec~1\Keyboard.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,_RunDLLEntry@16
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe
DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - hxxp://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c11.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136395227718
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136395206328
DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} - file://c:\program files\microsoft interactive training\o10c\mitm0026.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 95.168.162.12 95.168.162.22
TCP: Interfaces\{D38A8202-7F5B-4100-AB77-CFF2B1CDD829} : DhcpNameServer = 95.168.162.12 95.168.162.22
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\any other people\application data\mozilla\firefox\profiles\nuqmj5nk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2529008&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Avanquest App'-Anwendungsleiste Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2529008&SearchSource=13
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Avanquest App'-Anwendungsleiste Community Toolbar: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - %profile%\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-12 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-3 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-3 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 44768]
R3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\drivers\KCIRNET.sys [2008-10-28 11856]
S2 Ca536av;DigitalCam Pro Video Camera Device;c:\windows\system32\drivers\Ca536av.sys [2005-7-26 517131]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-13 136176]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2007-9-28 140416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-13 136176]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2005-12-28 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2005-12-28 85696]
S4 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\belkin\belkin wireless network utility\WLService.exe [2007-9-28 49152]
.
=============== Created Last 30 ================
.
2011-10-29 21:20:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-28 21:19:23 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-28 21:19:18 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-28 21:18:44 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-28 10:13:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-28 10:13:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-28 09:21:55 -------- d-----w- c:\windows\system32\SahImages
2011-10-28 09:21:55 -------- d-----w- c:\program files\Internet Optimizer
2011-10-28 09:20:33 -------- d-----w- c:\program files\Conduit
2011-10-28 07:39:03 -------- d-----w- c:\documents and settings\any other people\application data\DriverCure
2011-10-28 07:38:54 -------- d-----w- c:\documents and settings\any other people\application data\SpeedMaxPc
2011-10-27 20:09:12 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-10-27 20:06:59 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-10-26 18:39:27 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2011-10-03 04:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-18 06:38:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32:16 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 16:31:51.60 ===============

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,922 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 04 November 2011 - 01:20 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know if the problem persists.

#5 porcelain monkey

porcelain monkey
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 04 November 2011 - 06:11 PM

Here are the logs, the notepad which I have posted was from Checkup - notepad, there wasn't a Notepad document called checkup.txt

ComboFix 11-11-04.04 - Any other people 04/11/2011 22:08:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.293 [GMT 0:00]
Running from: c:\documents and settings\Any other people\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\internet optimizer
c:\program files\internet optimizer\update\actalert.exe
c:\program files\internet optimizer\update\install.exe
c:\program files\internet optimizer\update\rogue.exe
c:\windows\AutoRun.ini
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\help\wmplayer.bak
c:\windows\nem220.dll
c:\windows\unVQ3240.dll
c:\windows\wsem303.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-10-30 09:42 . 2011-10-30 09:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-10-29 21:20 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-29 12:46 . 2011-10-29 12:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-10-28 21:19 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-28 21:19 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-28 21:18 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-28 10:13 . 2011-10-28 10:13 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-28 09:21 . 2011-10-28 09:21 -------- d-----w- c:\windows\system32\SahImages
2011-10-28 09:20 . 2011-10-28 09:20 -------- d-----w- c:\program files\Conduit
2011-10-28 07:39 . 2011-10-28 07:39 -------- d-----w- c:\documents and settings\Any other people\Application Data\DriverCure
2011-10-28 07:38 . 2011-10-28 07:38 -------- d-----w- c:\documents and settings\Any other people\Application Data\SpeedMaxPc
2011-10-27 20:09 . 2011-10-28 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-10-27 20:06 . 2011-10-28 09:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-10-26 18:39 . 2011-10-28 09:23 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 04:06 . 2010-11-01 17:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2007-10-02 22:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-06-15 14:33 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-06-15 14:33 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-06-15 07:05 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2010-10-21 17:26 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-10-03 10:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-12 23:00 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-10-03 10:26 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-10-03 10:26 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-10-03 10:26 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-10-03 10:26 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2009-10-03 10:26 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2009-10-03 10:26 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2009-10-03 10:26 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2004-06-15 14:34 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-18 06:38 . 2011-08-18 06:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 21:32 . 2006-06-23 10:33 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32 . 2010-01-03 09:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32 . 2004-06-15 14:33 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32 . 2004-06-15 14:33 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-06-15 14:33 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{15b9700d-f5b7-4d0a-ae43-9b5099836a58}"= "c:\program files\My_Voucher_Codes\prxtbMy_0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{15b9700d-f5b7-4d0a-ae43-9b5099836a58}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15b9700d-f5b7-4d0a-ae43-9b5099836a58}]
2011-01-17 14:54 175912 ----a-w- c:\program files\My_Voucher_Codes\prxtbMy_0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{15b9700d-f5b7-4d0a-ae43-9b5099836a58}"= "c:\program files\My_Voucher_Codes\prxtbMy_0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{15b9700d-f5b7-4d0a-ae43-9b5099836a58}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{15B9700D-F5B7-4D0A-AE43-9B5099836A58}"= "c:\program files\My_Voucher_Codes\prxtbMy_0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{15b9700d-f5b7-4d0a-ae43-9b5099836a58}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-12-15 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2007-04-23 11:23 1032640 ----a-w- c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2003-06-03 10:01 496640 ----a-w- c:\windows\zHotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2004-12-25 23:55 806912 ----a-w- c:\program files\Labtec\moffice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2007-04-23 11:23 1032640 ----a-w- c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 11:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 15:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-26 20:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 04:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-03-11 14:18 135168 ----a-w- c:\program files\eMachines Bay Reader\shwiconEM.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/05/2011 23:00 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/10/2009 10:26 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/10/2009 10:26 20568]
R3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\drivers\KCIRNET.sys [28/10/2008 16:56 11856]
S2 Ca536av;DigitalCam Pro Video Camera Device;c:\windows\system32\drivers\Ca536av.sys [26/07/2005 14:34 517131]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/11/2010 22:05 136176]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [28/09/2007 13:23 140416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/11/2010 22:05 136176]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [28/12/2005 12:48 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [28/12/2005 12:49 85696]
S4 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [28/09/2007 13:23 49152]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-13 22:04]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-13 22:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 95.168.162.12 95.168.162.22
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} - file://c:\program files\Microsoft Interactive Training\O10C\mitm0026.cab
FF - ProfilePath - c:\documents and settings\Any other people\Application Data\Mozilla\Firefox\Profiles\nuqmj5nk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2529008&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Avanquest App'-Anwendungsleiste Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2529008&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Avanquest App'-Anwendungsleiste Community Toolbar: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - %profile%\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-h1qvgfdi - c:\windows\System32\h1qvgfdi.exe
MSConfigStartUp-Internet Optimizer - c:\program files\Internet Optimizer\optimize.exe
MSConfigStartUp-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
AddRemove-e6n9ie3o - c:\windows\e6n9ie3o.exe
AddRemove-Media Gateway - c:\program files\Media Gateway\MediaGateway.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 22:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-04 23:00:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-04 23:00
.
Pre-Run: 57,079,566,336 bytes free
Post-Run: 57,395,032,064 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - CEE18867E53C1F0714742A6466C423D9

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 29
Java™ 6 Update 5
Out of date Java installed!
Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,922 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 05 November 2011 - 07:16 AM

Remove this old version of Java using the Add/Remove Programs list.
Java™ 6 Update 5
===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

Your ComboFix log is clean.

Any remaining issues?

#7 porcelain monkey

porcelain monkey
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 06 November 2011 - 06:06 AM

Can I now delete ComboFix & Security Check from my desktop?

Also because my computer is still really slow (I thought it was to do with the redirection issues) I now need to address that but at least this has been a big leap forward for me, thank you all very much for your help.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,922 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 06 November 2011 - 09:46 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

===

What version of Firefox do you have?


Slow computer.
Checking your error message I noticed this.

Error: (10/29/2011 04:20:24 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.4280, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [plugin-container.exe!ws!]


I hope that this solution will work for you.
http://support.mozilla.com/en-US/questions/713600
===

#9 porcelain monkey

porcelain monkey
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 06 November 2011 - 03:59 PM

Thanks Nasdaq. But I've done all that & was just redirected to the Life Insurance website below-aaargh!! Is it me that's doing something wrong?

http://www.lifecovered.net/?track=UT0102

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,922 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 07 November 2011 - 07:56 AM

Could be a hidden Rootkit infection or the router is infected.

Lets check the Rootkit first.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#11 porcelain monkey

porcelain monkey
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 07 November 2011 - 05:28 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-07 21:31:56
-----------------------------
21:31:56.046 OS Version: Windows 5.1.2600 Service Pack 3
21:31:56.046 Number of processors: 1 586 0x209
21:31:56.046 ComputerName: XXXXXXX UserName:
21:32:01.203 Initialize success
21:32:02.781 AVAST engine defs: 11110700
21:32:16.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:32:16.625 Disk 0 Vendor: HDS722512VLAT20 V33OA63A Size: 117800MB BusType: 3
21:32:16.640 Disk 0 MBR read successfully
21:32:16.656 Disk 0 MBR scan
21:32:16.812 Disk 0 Windows XP default MBR code
21:32:16.843 Disk 0 scanning sectors +241248105
21:32:16.953 Disk 0 scanning C:\WINDOWS\system32\drivers
21:32:59.625 Service scanning
21:33:03.890 Modules scanning
21:33:27.828 Disk 0 trace - called modules:
21:33:27.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
21:33:27.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83331ab8]
21:33:27.859 3 CLASSPNP.SYS[f8875fd7] -> nt!IofCallDriver -> \Device\0000006a[0x833de208]
21:33:28.406 5 ACPI.sys[f87ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x833d9940]
21:33:30.484 AVAST engine scan C:\WINDOWS
21:33:46.656 AVAST engine scan C:\WINDOWS\system32
21:38:58.187 AVAST engine scan C:\WINDOWS\system32\drivers
21:39:31.875 AVAST engine scan C:\Documents and Settings\Any other people
21:49:37.500 AVAST engine scan C:\Documents and Settings\All Users
21:52:18.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Any other people\Desktop\MBR.dat"
21:52:18.187 The log file has been saved successfully to "C:\Documents and Settings\Any other people\Desktop\aswMBR.txt"

22:06:33.0312 2752 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
22:06:33.0609 2752 ============================================================
22:06:33.0609 2752 Current date / time: 2011/11/07 22:06:33.0609
22:06:33.0609 2752 SystemInfo:
22:06:33.0609 2752
22:06:33.0609 2752 OS Version: 5.1.2600 ServicePack: 3.0
22:06:33.0609 2752 Product type: Workstation
22:06:33.0609 2752 ComputerName: XXXXXXX
22:06:33.0609 2752 UserName: Any other people
22:06:33.0609 2752 Windows directory: C:\WINDOWS
22:06:33.0609 2752 System windows directory: C:\WINDOWS
22:06:33.0609 2752 Processor architecture: Intel x86
22:06:33.0609 2752 Number of processors: 1
22:06:33.0609 2752 Page size: 0x1000
22:06:33.0609 2752 Boot type: Normal boot
22:06:33.0609 2752 ============================================================
22:06:36.0359 2752 Initialize success
22:06:44.0984 3592 ============================================================
22:06:44.0984 3592 Scan started
22:06:44.0984 3592 Mode: Manual;
22:06:44.0984 3592 ============================================================
22:06:45.0671 3592 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:06:45.0687 3592 Aavmker4 - ok
22:06:46.0031 3592 Abiosdsk - ok
22:06:46.0328 3592 abp480n5 - ok
22:06:46.0734 3592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:06:46.0796 3592 ACPI - ok
22:06:47.0203 3592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:06:47.0203 3592 ACPIEC - ok
22:06:47.0546 3592 adpu160m - ok
22:06:47.0937 3592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:06:47.0984 3592 aec - ok
22:06:48.0437 3592 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:06:48.0437 3592 AegisP - ok
22:06:48.0921 3592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:06:48.0968 3592 AFD - ok
22:06:49.0390 3592 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:06:49.0406 3592 agp440 - ok
22:06:49.0781 3592 Aha154x - ok
22:06:50.0078 3592 aic78u2 - ok
22:06:50.0375 3592 aic78xx - ok
22:06:50.0843 3592 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
22:06:50.0984 3592 ALCXSENS - ok
22:06:51.0593 3592 ALCXWDM (4dd2c10fc6434fedcb7c71fbdc1f107a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:06:51.0812 3592 ALCXWDM - ok
22:06:52.0171 3592 AliIde - ok
22:06:52.0468 3592 amsint - ok
22:06:52.0781 3592 asc - ok
22:06:53.0078 3592 asc3350p - ok
22:06:53.0359 3592 asc3550 - ok
22:06:53.0718 3592 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
22:06:53.0718 3592 ASCTRM - ok
22:06:54.0156 3592 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:06:54.0156 3592 aswFsBlk - ok
22:06:54.0593 3592 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
22:06:54.0640 3592 aswMon2 - ok
22:06:55.0046 3592 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
22:06:55.0062 3592 aswRdr - ok
22:06:55.0625 3592 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
22:06:55.0781 3592 aswSnx - ok
22:06:56.0281 3592 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
22:06:56.0390 3592 aswSP - ok
22:06:56.0828 3592 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
22:06:56.0843 3592 aswTdi - ok
22:06:57.0265 3592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:06:57.0265 3592 AsyncMac - ok
22:06:57.0703 3592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:06:57.0703 3592 atapi - ok
22:06:58.0046 3592 Atdisk - ok
22:06:58.0687 3592 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:06:58.0921 3592 ati2mtag - ok
22:06:59.0343 3592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:06:59.0359 3592 Atmarpc - ok
22:06:59.0781 3592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:06:59.0781 3592 audstub - ok
22:07:00.0203 3592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:07:00.0203 3592 Beep - ok
22:07:00.0656 3592 bkn50USB (6d39682a1051a5be7437ec99f1bf9921) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
22:07:00.0718 3592 bkn50USB - ok
22:07:01.0046 3592 BlueletAudio - ok
22:07:01.0390 3592 BlueletSCOAudio - ok
22:07:01.0687 3592 BT - ok
22:07:01.0984 3592 Btcsrusb - ok
22:07:02.0328 3592 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:07:02.0343 3592 BthEnum - ok
22:07:02.0671 3592 BTHidEnum - ok
22:07:03.0031 3592 BTHidMgr - ok
22:07:03.0453 3592 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
22:07:03.0500 3592 BthPan - ok
22:07:04.0031 3592 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
22:07:04.0125 3592 BTHPORT - ok
22:07:04.0546 3592 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
22:07:04.0562 3592 BTHUSB - ok
22:07:05.0203 3592 Ca536av (9ea6d0179e85e5c6ffb6d5994e73ecf8) C:\WINDOWS\system32\Drivers\Ca536av.sys
22:07:05.0390 3592 Ca536av - ok
22:07:05.0406 3592 catchme - ok
22:07:05.0812 3592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:07:05.0812 3592 cbidf2k - ok
22:07:06.0250 3592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:07:06.0265 3592 CCDECODE - ok
22:07:06.0625 3592 cd20xrnt - ok
22:07:06.0953 3592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:07:06.0968 3592 Cdaudio - ok
22:07:07.0390 3592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:07:07.0421 3592 Cdfs - ok
22:07:07.0828 3592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:07:07.0859 3592 Cdrom - ok
22:07:08.0218 3592 Changer - ok
22:07:08.0531 3592 CmdIde - ok
22:07:08.0859 3592 Cpqarray - ok
22:07:09.0156 3592 dac2w2k - ok
22:07:09.0437 3592 dac960nt - ok
22:07:09.0906 3592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:07:09.0921 3592 Disk - ok
22:07:10.0593 3592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:07:10.0890 3592 dmboot - ok
22:07:11.0328 3592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:07:11.0390 3592 dmio - ok
22:07:11.0796 3592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:07:11.0796 3592 dmload - ok
22:07:12.0234 3592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:07:12.0250 3592 DMusic - ok
22:07:12.0609 3592 dpti2o - ok
22:07:12.0984 3592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:07:13.0000 3592 drmkaud - ok
22:07:13.0421 3592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:07:13.0468 3592 Fastfat - ok
22:07:13.0953 3592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:07:13.0968 3592 Fdc - ok
22:07:14.0390 3592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:07:14.0406 3592 Fips - ok
22:07:14.0828 3592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:07:14.0828 3592 Flpydisk - ok
22:07:15.0296 3592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:07:15.0359 3592 FltMgr - ok
22:07:15.0796 3592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:07:15.0812 3592 Fs_Rec - ok
22:07:16.0265 3592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:07:16.0328 3592 Ftdisk - ok
22:07:16.0781 3592 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:07:16.0796 3592 GEARAspiWDM - ok
22:07:17.0203 3592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:07:17.0218 3592 Gpc - ok
22:07:17.0656 3592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:07:17.0656 3592 HidUsb - ok
22:07:18.0031 3592 hpn - ok
22:07:18.0531 3592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:07:18.0687 3592 HTTP - ok
22:07:19.0046 3592 i2omgmt - ok
22:07:19.0343 3592 i2omp - ok
22:07:19.0703 3592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:07:19.0734 3592 i8042prt - ok
22:07:20.0171 3592 ialm (3db0a9c35a5cf76386aadceda014e5e6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:07:20.0218 3592 ialm - ok
22:07:20.0640 3592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:07:20.0656 3592 Imapi - ok
22:07:21.0015 3592 ini910u - ok
22:07:21.0421 3592 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:07:21.0421 3592 IntelIde - ok
22:07:21.0781 3592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:07:21.0843 3592 intelppm - ok
22:07:22.0265 3592 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:07:22.0265 3592 ip6fw - ok
22:07:22.0671 3592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:07:22.0687 3592 IpFilterDriver - ok
22:07:23.0125 3592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:07:23.0140 3592 IpInIp - ok
22:07:23.0593 3592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:07:23.0671 3592 IpNat - ok
22:07:24.0125 3592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:07:24.0156 3592 IPSec - ok
22:07:24.0578 3592 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
22:07:24.0609 3592 irda - ok
22:07:25.0046 3592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:07:25.0062 3592 IRENUM - ok
22:07:25.0484 3592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:07:25.0500 3592 isapnp - ok
22:07:25.0906 3592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:07:25.0921 3592 Kbdclass - ok
22:07:26.0296 3592 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:07:26.0312 3592 kbdhid - ok
22:07:26.0718 3592 KCIRDA (a5d49e08ae2d8b5fc95d809844034883) C:\WINDOWS\system32\DRIVERS\KCIrNet.sys
22:07:26.0734 3592 KCIRDA - ok
22:07:27.0187 3592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:07:27.0250 3592 kmixer - ok
22:07:27.0687 3592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:07:27.0734 3592 KSecDD - ok
22:07:28.0093 3592 lbrtfdc - ok
22:07:28.0484 3592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:07:28.0484 3592 mnmdd - ok
22:07:28.0968 3592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:07:28.0984 3592 Modem - ok
22:07:29.0390 3592 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:07:29.0390 3592 MODEMCSA - ok
22:07:29.0796 3592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:07:29.0796 3592 Mouclass - ok
22:07:30.0218 3592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:07:30.0234 3592 mouhid - ok
22:07:30.0640 3592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:07:30.0656 3592 MountMgr - ok
22:07:31.0062 3592 mraid35x - ok
22:07:31.0515 3592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:07:31.0578 3592 MRxDAV - ok
22:07:32.0125 3592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:07:32.0421 3592 MRxSmb - ok
22:07:32.0843 3592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:07:32.0859 3592 Msfs - ok
22:07:33.0281 3592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:07:33.0296 3592 MSKSSRV - ok
22:07:33.0718 3592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:07:33.0734 3592 MSPCLOCK - ok
22:07:34.0156 3592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:07:34.0171 3592 MSPQM - ok
22:07:34.0562 3592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:07:34.0562 3592 mssmbios - ok
22:07:34.0953 3592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:07:34.0968 3592 MSTEE - ok
22:07:35.0406 3592 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
22:07:35.0453 3592 Mtlmnt5 - ok
22:07:36.0312 3592 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
22:07:36.0796 3592 Mtlstrm - ok
22:07:37.0250 3592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:07:37.0296 3592 Mup - ok
22:07:37.0718 3592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:07:37.0750 3592 NABTSFEC - ok
22:07:38.0265 3592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:07:38.0328 3592 NDIS - ok
22:07:38.0734 3592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:07:38.0750 3592 NdisIP - ok
22:07:39.0156 3592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:07:39.0156 3592 NdisTapi - ok
22:07:39.0562 3592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:07:39.0578 3592 Ndisuio - ok
22:07:40.0015 3592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:07:40.0046 3592 NdisWan - ok
22:07:40.0484 3592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:07:40.0500 3592 NDProxy - ok
22:07:40.0921 3592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:07:40.0937 3592 NetBIOS - ok
22:07:41.0375 3592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:07:41.0437 3592 NetBT - ok
22:07:41.0890 3592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:07:41.0906 3592 Npfs - ok
22:07:42.0515 3592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:07:42.0703 3592 Ntfs - ok
22:07:43.0203 3592 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
22:07:43.0281 3592 NtMtlFax - ok
22:07:43.0687 3592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:07:43.0687 3592 Null - ok
22:07:44.0140 3592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:07:44.0156 3592 NwlnkFlt - ok
22:07:44.0562 3592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:07:44.0578 3592 NwlnkFwd - ok
22:07:45.0031 3592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:07:45.0062 3592 Parport - ok
22:07:45.0484 3592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:07:45.0484 3592 PartMgr - ok
22:07:45.0875 3592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:07:45.0890 3592 ParVdm - ok
22:07:46.0312 3592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:07:46.0343 3592 PCI - ok
22:07:46.0703 3592 PCIDump - ok
22:07:47.0031 3592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:07:47.0031 3592 PCIIde - ok
22:07:47.0468 3592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:07:47.0531 3592 Pcmcia - ok
22:07:47.0875 3592 PDCOMP - ok
22:07:48.0156 3592 PDFRAME - ok
22:07:48.0453 3592 PDRELI - ok
22:07:48.0750 3592 PDRFRAME - ok
22:07:49.0062 3592 perc2 - ok
22:07:49.0359 3592 perc2hib - ok
22:07:49.0734 3592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:07:49.0765 3592 PptpMiniport - ok
22:07:50.0203 3592 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:07:50.0218 3592 Processor - ok
22:07:50.0656 3592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:07:50.0671 3592 PSched - ok
22:07:51.0078 3592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:07:51.0093 3592 Ptilink - ok
22:07:51.0500 3592 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:07:51.0515 3592 PxHelp20 - ok
22:07:51.0859 3592 ql1080 - ok
22:07:52.0156 3592 Ql10wnt - ok
22:07:52.0437 3592 ql12160 - ok
22:07:52.0734 3592 ql1240 - ok
22:07:53.0031 3592 ql1280 - ok
22:07:53.0390 3592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:07:53.0390 3592 RasAcd - ok
22:07:53.0812 3592 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:07:53.0828 3592 Rasirda - ok
22:07:54.0281 3592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:07:54.0312 3592 Rasl2tp - ok
22:07:54.0734 3592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:07:54.0750 3592 RasPppoe - ok
22:07:55.0171 3592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:07:55.0187 3592 Raspti - ok
22:07:55.0640 3592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:07:55.0703 3592 Rdbss - ok
22:07:56.0093 3592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:07:56.0109 3592 RDPCDD - ok
22:07:56.0562 3592 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:07:56.0625 3592 RDPWD - ok
22:07:57.0046 3592 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
22:07:57.0046 3592 RecAgent - ok
22:07:57.0468 3592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:07:57.0500 3592 redbook - ok
22:07:57.0921 3592 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:07:57.0953 3592 RFCOMM - ok
22:07:58.0343 3592 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:07:58.0359 3592 ROOTMODEM - ok
22:07:58.0843 3592 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
22:07:58.0937 3592 RT73 - ok
22:07:59.0359 3592 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
22:07:59.0390 3592 RTL8023 - ok
22:07:59.0828 3592 Secdrv (65ee3435a9131bee1608f99f16c48e08) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:07:59.0828 3592 Secdrv - ok
22:08:00.0281 3592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:08:00.0281 3592 serenum - ok
22:08:00.0703 3592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:08:00.0734 3592 Serial - ok
22:08:01.0187 3592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:08:01.0187 3592 Sfloppy - ok
22:08:01.0562 3592 Simbad - ok
22:08:01.0906 3592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:08:01.0906 3592 SLIP - ok
22:08:02.0453 3592 Slntamr (2c1779c0feb1f4a6033600305eba623a) C:\WINDOWS\system32\DRIVERS\slntamr.sys
22:08:02.0593 3592 Slntamr - ok
22:08:03.0031 3592 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
22:08:03.0078 3592 SlNtHal - ok
22:08:03.0484 3592 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
22:08:03.0500 3592 SlWdmSup - ok
22:08:03.0859 3592 Sparrow - ok
22:08:04.0203 3592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:08:04.0203 3592 splitter - ok
22:08:04.0796 3592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
22:08:04.0828 3592 sr - ok
22:08:05.0375 3592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:08:05.0640 3592 Srv - ok
22:08:06.0062 3592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:08:06.0078 3592 streamip - ok
22:08:06.0484 3592 SunkFilt (d8cbd8b4bf4dc9cd64b5cc8e2bec1b96) C:\WINDOWS\System32\Drivers\sunkfilt.sys
22:08:06.0640 3592 SunkFilt - ok
22:08:07.0046 3592 SunkFilt39 (fabcc3bec89a2853958cefb28943c470) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
22:08:07.0062 3592 SunkFilt39 - ok
22:08:07.0406 3592 Sunkfiltp - ok
22:08:07.0875 3592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:08:07.0875 3592 swenum - ok
22:08:08.0312 3592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:08:08.0343 3592 swmidi - ok
22:08:08.0859 3592 symc810 - ok
22:08:09.0265 3592 symc8xx - ok
22:08:09.0593 3592 sym_hi - ok
22:08:10.0031 3592 sym_u3 - ok
22:08:10.0453 3592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:08:10.0484 3592 sysaudio - ok
22:08:11.0187 3592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:08:11.0328 3592 Tcpip - ok
22:08:11.0734 3592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:08:11.0734 3592 TDPIPE - ok
22:08:12.0281 3592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:08:12.0296 3592 TDTCP - ok
22:08:12.0703 3592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:08:12.0718 3592 TermDD - ok
22:08:13.0281 3592 TosIde - ok
22:08:13.0734 3592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:08:13.0765 3592 Udfs - ok
22:08:14.0312 3592 ultra - ok
22:08:14.0812 3592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:08:15.0093 3592 Update - ok
22:08:15.0515 3592 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:08:15.0531 3592 USBAAPL - ok
22:08:15.0953 3592 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:08:15.0984 3592 usbaudio - ok
22:08:16.0406 3592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:08:16.0421 3592 usbccgp - ok
22:08:16.0828 3592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:08:16.0843 3592 usbehci - ok
22:08:17.0296 3592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:08:17.0312 3592 usbhub - ok
22:08:17.0734 3592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:08:17.0734 3592 usbprint - ok
22:08:18.0156 3592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:08:18.0171 3592 USBSTOR - ok
22:08:18.0609 3592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:08:18.0625 3592 usbuhci - ok
22:08:19.0140 3592 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:08:19.0187 3592 usbvideo - ok
22:08:19.0531 3592 VComm - ok
22:08:19.0828 3592 VcommMgr - ok
22:08:20.0171 3592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:08:20.0187 3592 VgaSave - ok
22:08:20.0546 3592 VHidMinidrv - ok
22:08:20.0843 3592 ViaIde - ok
22:08:21.0203 3592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:08:21.0218 3592 VolSnap - ok
22:08:21.0656 3592 w300bus (d4baa1ac8dcea1382e81aa6fe48cdd7c) C:\WINDOWS\system32\DRIVERS\w300bus.sys
22:08:21.0687 3592 w300bus - ok
22:08:22.0093 3592 w300mdfl (12d415ab0ddd86c42cdc5f120a381f24) C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
22:08:22.0093 3592 w300mdfl - ok
22:08:22.0546 3592 w300mdm (f470d5e61ee7f951883f70d676551c89) C:\WINDOWS\system32\DRIVERS\w300mdm.sys
22:08:22.0593 3592 w300mdm - ok
22:08:23.0031 3592 w300mgmt (1b575b7384e22f5b278d3d7fc1bae682) C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
22:08:23.0062 3592 w300mgmt - ok
22:08:23.0515 3592 w300obex (a2bc36924ae02ca1e01ec39c99afea09) C:\WINDOWS\system32\DRIVERS\w300obex.sys
22:08:23.0546 3592 w300obex - ok
22:08:23.0984 3592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:08:24.0000 3592 Wanarp - ok
22:08:24.0453 3592 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:08:24.0468 3592 wanatw - ok
22:08:24.0812 3592 WDICA - ok
22:08:25.0203 3592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:08:25.0234 3592 wdmaud - ok
22:08:25.0718 3592 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:08:25.0734 3592 WpdUsb - ok
22:08:26.0140 3592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:08:26.0156 3592 WSTCODEC - ok
22:08:26.0578 3592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:08:26.0609 3592 WudfPf - ok
22:08:27.0109 3592 {6080A529-897E-4629-A488-ABA0C29B635E} (9c4b8ead60c0ce09c0fcf49f6788bb19) C:\WINDOWS\system32\drivers\ialmsbw.sys
22:08:27.0156 3592 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
22:08:27.0609 3592 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (dfebdcc9e3678fad34b14867c47c1036) C:\WINDOWS\system32\drivers\ialmkchw.sys
22:08:27.0640 3592 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
22:08:27.0734 3592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:08:27.0937 3592 \Device\Harddisk0\DR0 - ok
22:08:27.0953 3592 Boot (0x1200) (e1be32c7fe87c9bd48141604375a6b4e) \Device\Harddisk0\DR0\Partition0
22:08:27.0953 3592 \Device\Harddisk0\DR0\Partition0 - ok
22:08:27.0968 3592 ============================================================
22:08:27.0968 3592 Scan finished
22:08:27.0968 3592 ============================================================
22:08:28.0000 3612 Detected object count: 0
22:08:28.0000 3612 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   499bytes   0 downloads


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,922 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 07 November 2011 - 07:29 PM

No rootkit present. Try this.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,922 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 13 November 2011 - 10:32 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users