Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help with google redirect


  • This topic is locked This topic is locked
20 replies to this topic

#1 hsimmons

hsimmons

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 30 January 2012 - 08:20 PM

I am having a google redirect issue. Nearly every time I click on a link, I am redirected to some other search engine or some news website. Following the directions on this website, I downloaded and ran the malwarebytes program as well as the Kapersky TDSSkiller. I don't know much about this stuff and would appreciate any help!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 30 January 2012 - 08:39 PM

Hello, I moved you to Am I Infected as there are no logs posted.

Have you run MBAM and TDSS ? If so post those and this log,thank you.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hsimmons

hsimmons
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 31 January 2012 - 07:32 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Simmons (administrator) on 31-01-2012 at 19:21:20
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Simmons-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 70-1A-04-A1-AB-08
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cbc:ef55:1fee:4e25%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 31, 2012 7:11:02 PM
Lease Expires . . . . . . . . . . : Saturday, March 09, 2148 1:49:48 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 309336580
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-BC-65-1B-00-26-6C-3A-49-08
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-26-6C-3A-49-08
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {2DCDBDF7-8433-49D8-82CC-50BA6B6DA565}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2EF9DCB5-5F14-4E05-8F20-5003A6F15ADA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.227.51] with 32 bytes of data:
Reply from 74.125.227.51: bytes=32 time=126ms TTL=56
Reply from 74.125.227.51: bytes=32 time=120ms TTL=56

Ping statistics for 74.125.227.51:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 120ms, Maximum = 126ms, Average = 123ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=92ms TTL=56
Reply from 98.137.149.56: bytes=32 time=89ms TTL=56

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 89ms, Maximum = 92ms, Average = 90ms
Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...70 1a 04 a1 ab 08 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
11...00 26 6c 3a 49 08 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.6 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.6 281
192.168.2.6 255.255.255.255 On-link 192.168.2.6 281
192.168.2.255 255.255.255.255 On-link 192.168.2.6 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.6 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.6 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::cbc:ef55:1fee:4e25/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 mswsock.dll [File Not found] ()
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/30/2012 05:52:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16912, time stamp: 0x4eb4a5ea
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7ab86
Exception code: 0xc0000005
Fault offset: 0x00022262
Faulting process id: 0x107c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/29/2012 03:32:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8907

Error: (01/29/2012 03:32:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8907

Error: (01/29/2012 03:32:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/29/2012 01:00:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9999

Error: (01/29/2012 01:00:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9999

Error: (01/29/2012 01:00:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/29/2012 11:15:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10015

Error: (01/29/2012 11:15:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10015

Error: (01/29/2012 11:15:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/31/2012 07:12:14 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/31/2012 07:11:09 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (01/31/2012 07:11:04 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (01/31/2012 07:11:03 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (01/31/2012 07:11:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/31/2012 07:11:02 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (01/30/2012 08:41:09 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (01/30/2012 07:20:20 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (01/30/2012 07:20:18 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (01/30/2012 07:20:17 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Reader 9.1 (Version: 9.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Apple Application Support (Version: 1.3.0)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
AXIS Media Control Embedded
Best Buy Software Installer (Version: 2.1.0.29)
Bonjour (Version: 2.0.2.0)
BookScan&Whiteboard Suite (Version: 1.0)
Brother MFL-Pro Suite MFC-J615W (Version: 1.0.4.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Coupon Printer for Windows (Version: 5.0.0.1)
Dolby Control Center (Version: 2.2.1)
ExamView Player
ExamView Pro
Facebook Plug-In
FaceFilter Studio Brother Edition (Version: 1.0)
Garmin Lifetime Updater (Version: 2.1.6)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.79)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1986)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.5.0.1037)
Java™ 6 Update 14 (Version: 6.0.140)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Communicator 2007 (Version: 2.0.6362.0)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Security Scan (Version: 2.7.3.34)
PaperPort Image Printer 64-bit (Version: 1.00.0000)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (Version: 5.2.00.03250)
PowerTeacher Gradebook
QuickTime (Version: 7.66.73.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek Ethernet Controller Driver (Version: 1.00.0008)
Realtek High Definition Audio Driver (Version: 6.0.1.5972)
Realtek WLAN Driver (Version: 2.00.0006)
RealUpgrade 1.1 (Version: 1.1.0)
Rhapsody
RICOH R5U230 Media Driver ver.2.06.03.02 (Version: 2.06.03.02)
Roxio Burn (Version: 1.2)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Skype™ 4.2 (Version: 4.2.163)
Synaptics Pointing Device Driver (Version: 14.0.11.0)
Toshiba Application Installer (Version: 9.0.0.9)
TOSHIBA Assist (Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA ConfigFree (Version: 8.0.25)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA DVD PLAYER (Version: 3.01.1.07-A)
TOSHIBA eco Utility (Version: 1.1.12.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Hardware Setup (Version: 2.00.15)
TOSHIBA HDD Protection (Version: 2.2.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.4)
TOSHIBA Media Controller (Version: 1.0.65)
TOSHIBA PC Health Monitor (Version: 1.5.1.64)
TOSHIBA Quality Application (Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.11)
TOSHIBA USB Sleep and Charge Utility (Version: 1.3.2.0)
TOSHIBA Value Added Package (Version: 1.2.32.64)
TOSHIBA Web Camera Application (Version: 1.1.1.7)
ToshibaRegistration (Version: 1.0.3)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3894.85 MB
Available physical RAM: 2191.54 MB
Total Pagefile: 7787.84 MB
Available Pagefile: 5870.47 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.16 MB

========================= Partitions: =====================================

1 Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:399.32 GB) NTFS

========================= Users: ========================================

User accounts for \\SIMMONS-PC

Administrator Guest Simmons

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 31 January 2012 - 08:06 PM

Hello, not sure if you meant ti post something else but you posted the MINI log twice,no problem as I removed it. But would like the MBAM and TDSS logs.

MBAM
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

TDSS
Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.


Are you still redirecting?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hsimmons

hsimmons
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 05 February 2012 - 04:01 PM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Simmons :: SIMMONS-PC [administrator]

Protection: Enabled

1/29/2012 9:57:04 AM
mbam-log-2012-01-29 (09-57-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192934
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\Simmons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Detected: 13
C:\Users\Simmons\AppData\Roaming\4CF7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Local\Temp\42CA.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Local\Temp\42CB.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Local\Temp\4367.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Local\Temp\4C3C.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Local\Temp\ecmowanrxs.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Simmons\Local Settings\zsm.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Simmons\Local Settings\Application Data\zsm.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Users\Simmons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully.

(end)
22:28:03.0375 2536 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
22:28:03.0749 2536 ============================================================
22:28:03.0749 2536 Current date / time: 2012/01/28 22:28:03.0749
22:28:03.0749 2536 SystemInfo:
22:28:03.0749 2536
22:28:03.0749 2536 OS Version: 6.1.7600 ServicePack: 0.0
22:28:03.0749 2536 Product type: Workstation
22:28:03.0749 2536 ComputerName: SIMMONS-PC
22:28:03.0749 2536 UserName: Simmons
22:28:03.0749 2536 Windows directory: C:\windows
22:28:03.0749 2536 System windows directory: C:\windows
22:28:03.0749 2536 Running under WOW64
22:28:03.0749 2536 Processor architecture: Intel x64
22:28:03.0749 2536 Number of processors: 4
22:28:03.0749 2536 Page size: 0x1000
22:28:03.0749 2536 Boot type: Normal boot
22:28:03.0749 2536 ============================================================
22:28:04.0155 2536 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:28:04.0155 2536 Drive \Device\Harddisk1\DR4 - Size: 0xEF300000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:28:04.0186 2536 Initialize success
22:28:20.0457 0608 ============================================================
22:28:20.0457 0608 Scan started
22:28:20.0457 0608 Mode: Manual;
22:28:20.0457 0608 ============================================================
22:28:22.0048 0608 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
22:28:22.0048 0608 1394ohci - ok
22:28:22.0110 0608 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
22:28:22.0110 0608 ACPI - ok
22:28:22.0142 0608 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
22:28:22.0157 0608 AcpiPmi - ok
22:28:22.0251 0608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
22:28:22.0266 0608 adp94xx - ok
22:28:22.0344 0608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
22:28:22.0360 0608 adpahci - ok
22:28:22.0391 0608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
22:28:22.0391 0608 adpu320 - ok
22:28:22.0485 0608 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
22:28:22.0500 0608 AFD - ok
22:28:22.0578 0608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
22:28:22.0578 0608 agp440 - ok
22:28:22.0625 0608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
22:28:22.0625 0608 aliide - ok
22:28:22.0688 0608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
22:28:22.0688 0608 amdide - ok
22:28:22.0781 0608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
22:28:22.0781 0608 AmdK8 - ok
22:28:22.0797 0608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
22:28:22.0797 0608 AmdPPM - ok
22:28:22.0906 0608 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
22:28:22.0906 0608 amdsata - ok
22:28:23.0031 0608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
22:28:23.0031 0608 amdsbs - ok
22:28:23.0078 0608 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
22:28:23.0078 0608 amdxata - ok
22:28:23.0171 0608 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
22:28:23.0171 0608 AppID - ok
22:28:23.0249 0608 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
22:28:23.0249 0608 arc - ok
22:28:23.0265 0608 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
22:28:23.0265 0608 arcsas - ok
22:28:23.0390 0608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:28:23.0390 0608 AsyncMac - ok
22:28:23.0436 0608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
22:28:23.0436 0608 atapi - ok
22:28:23.0592 0608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
22:28:23.0608 0608 b06bdrv - ok
22:28:23.0717 0608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:28:23.0717 0608 b57nd60a - ok
22:28:23.0842 0608 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:28:23.0842 0608 Beep - ok
22:28:23.0904 0608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:28:23.0904 0608 blbdrive - ok
22:28:24.0014 0608 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
22:28:24.0014 0608 bowser - ok
22:28:24.0076 0608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:28:24.0076 0608 BrFiltLo - ok
22:28:24.0123 0608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:28:24.0123 0608 BrFiltUp - ok
22:28:24.0185 0608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:28:24.0185 0608 Brserid - ok
22:28:24.0232 0608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:28:24.0232 0608 BrSerWdm - ok
22:28:24.0263 0608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:28:24.0263 0608 BrUsbMdm - ok
22:28:24.0279 0608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:28:24.0279 0608 BrUsbSer - ok
22:28:24.0310 0608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
22:28:24.0310 0608 BTHMODEM - ok
22:28:24.0388 0608 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:28:24.0388 0608 cdfs - ok
22:28:24.0466 0608 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
22:28:24.0466 0608 cdrom - ok
22:28:24.0622 0608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
22:28:24.0622 0608 circlass - ok
22:28:24.0716 0608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:28:24.0716 0608 CLFS - ok
22:28:24.0840 0608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:28:24.0840 0608 CmBatt - ok
22:28:24.0887 0608 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
22:28:24.0887 0608 cmdide - ok
22:28:24.0965 0608 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
22:28:24.0965 0608 CNG - ok
22:28:25.0059 0608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
22:28:25.0059 0608 Compbatt - ok
22:28:25.0121 0608 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
22:28:25.0137 0608 CompositeBus - ok
22:28:25.0230 0608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
22:28:25.0230 0608 crcdisk - ok
22:28:25.0340 0608 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
22:28:25.0340 0608 DfsC - ok
22:28:25.0418 0608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:28:25.0418 0608 discache - ok
22:28:25.0449 0608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
22:28:25.0464 0608 Disk - ok
22:28:25.0527 0608 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:28:25.0542 0608 drmkaud - ok
22:28:25.0589 0608 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
22:28:25.0605 0608 DXGKrnl - ok
22:28:25.0761 0608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
22:28:25.0854 0608 ebdrv - ok
22:28:25.0964 0608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
22:28:25.0964 0608 elxstor - ok
22:28:25.0995 0608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
22:28:25.0995 0608 ErrDev - ok
22:28:26.0073 0608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:28:26.0088 0608 exfat - ok
22:28:26.0104 0608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:28:26.0104 0608 fastfat - ok
22:28:26.0229 0608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
22:28:26.0229 0608 fdc - ok
22:28:26.0276 0608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:28:26.0276 0608 FileInfo - ok
22:28:26.0307 0608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:28:26.0307 0608 Filetrace - ok
22:28:26.0369 0608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
22:28:26.0369 0608 flpydisk - ok
22:28:26.0400 0608 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
22:28:26.0416 0608 FltMgr - ok
22:28:26.0463 0608 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:28:26.0463 0608 FsDepends - ok
22:28:26.0541 0608 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
22:28:26.0541 0608 Fs_Rec - ok
22:28:26.0603 0608 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
22:28:26.0603 0608 fvevol - ok
22:28:26.0681 0608 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
22:28:26.0697 0608 FwLnk - ok
22:28:26.0744 0608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
22:28:26.0744 0608 gagp30kx - ok
22:28:26.0900 0608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:28:26.0900 0608 hcw85cir - ok
22:28:26.0946 0608 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
22:28:26.0962 0608 HdAudAddService - ok
22:28:27.0180 0608 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:28:27.0196 0608 HDAudBus - ok
22:28:27.0258 0608 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
22:28:27.0258 0608 HECIx64 - ok
22:28:27.0321 0608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
22:28:27.0321 0608 HidBatt - ok
22:28:27.0352 0608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
22:28:27.0352 0608 HidBth - ok
22:28:27.0368 0608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
22:28:27.0368 0608 HidIr - ok
22:28:27.0430 0608 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
22:28:27.0430 0608 HidUsb - ok
22:28:27.0492 0608 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
22:28:27.0492 0608 HpSAMD - ok
22:28:27.0555 0608 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
22:28:27.0555 0608 HTTP - ok
22:28:27.0633 0608 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
22:28:27.0648 0608 hwpolicy - ok
22:28:27.0758 0608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:28:27.0758 0608 i8042prt - ok
22:28:27.0820 0608 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
22:28:27.0820 0608 iaStor - ok
22:28:27.0929 0608 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
22:28:27.0929 0608 iaStorV - ok
22:28:28.0132 0608 igfx (0372c154226f7074cd150f475a4870a6) C:\windows\system32\DRIVERS\igdkmd64.sys
22:28:28.0304 0608 igfx - ok
22:28:28.0382 0608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
22:28:28.0382 0608 iirsp - ok
22:28:28.0460 0608 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys
22:28:28.0460 0608 Impcd - ok
22:28:28.0600 0608 IntcAzAudAddService (450bec18b45bccfdc923e11f856dbda7) C:\windows\system32\drivers\RTKVHD64.sys
22:28:28.0631 0608 IntcAzAudAddService - ok
22:28:28.0740 0608 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\windows\system32\DRIVERS\IntcDAud.sys
22:28:28.0740 0608 IntcDAud - ok
22:28:28.0787 0608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
22:28:28.0787 0608 intelide - ok
22:28:28.0850 0608 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:28:28.0865 0608 intelppm - ok
22:28:28.0943 0608 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:28:28.0943 0608 IpFilterDriver - ok
22:28:28.0959 0608 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
22:28:28.0959 0608 IPMIDRV - ok
22:28:29.0006 0608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:28:29.0006 0608 IPNAT - ok
22:28:29.0130 0608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:28:29.0130 0608 IRENUM - ok
22:28:29.0146 0608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
22:28:29.0146 0608 isapnp - ok
22:28:29.0162 0608 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
22:28:29.0177 0608 iScsiPrt - ok
22:28:29.0224 0608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:28:29.0224 0608 kbdclass - ok
22:28:29.0286 0608 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
22:28:29.0286 0608 kbdhid - ok
22:28:29.0318 0608 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
22:28:29.0318 0608 KSecDD - ok
22:28:29.0349 0608 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
22:28:29.0349 0608 KSecPkg - ok
22:28:29.0427 0608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:28:29.0427 0608 ksthunk - ok
22:28:29.0536 0608 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:28:29.0552 0608 lltdio - ok
22:28:29.0676 0608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
22:28:29.0676 0608 LSI_FC - ok
22:28:29.0708 0608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
22:28:29.0723 0608 LSI_SAS - ok
22:28:29.0723 0608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:28:29.0723 0608 LSI_SAS2 - ok
22:28:29.0754 0608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:28:29.0754 0608 LSI_SCSI - ok
22:28:29.0832 0608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:28:29.0832 0608 luafv - ok
22:28:29.0910 0608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
22:28:29.0910 0608 megasas - ok
22:28:30.0004 0608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
22:28:30.0004 0608 MegaSR - ok
22:28:30.0051 0608 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:28:30.0051 0608 Modem - ok
22:28:30.0082 0608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:28:30.0082 0608 monitor - ok
22:28:30.0160 0608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:28:30.0160 0608 mouclass - ok
22:28:30.0207 0608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:28:30.0222 0608 mouhid - ok
22:28:30.0285 0608 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
22:28:30.0300 0608 mountmgr - ok
22:28:30.0363 0608 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
22:28:30.0363 0608 mpio - ok
22:28:30.0456 0608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:28:30.0456 0608 mpsdrv - ok
22:28:30.0566 0608 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
22:28:30.0566 0608 MRxDAV - ok
22:28:30.0612 0608 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
22:28:30.0612 0608 mrxsmb - ok
22:28:30.0690 0608 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:28:30.0706 0608 mrxsmb10 - ok
22:28:30.0784 0608 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:28:30.0784 0608 mrxsmb20 - ok
22:28:30.0846 0608 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
22:28:30.0846 0608 msahci - ok
22:28:30.0924 0608 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
22:28:30.0924 0608 msdsm - ok
22:28:31.0034 0608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:28:31.0034 0608 Msfs - ok
22:28:31.0065 0608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:28:31.0080 0608 mshidkmdf - ok
22:28:31.0127 0608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
22:28:31.0127 0608 msisadrv - ok
22:28:31.0205 0608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:28:31.0205 0608 MSKSSRV - ok
22:28:31.0236 0608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:28:31.0236 0608 MSPCLOCK - ok
22:28:31.0299 0608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:28:31.0299 0608 MSPQM - ok
22:28:31.0330 0608 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
22:28:31.0346 0608 MsRPC - ok
22:28:31.0361 0608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:28:31.0361 0608 mssmbios - ok
22:28:31.0408 0608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:28:31.0408 0608 MSTEE - ok
22:28:31.0439 0608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
22:28:31.0439 0608 MTConfig - ok
22:28:31.0470 0608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:28:31.0470 0608 Mup - ok
22:28:31.0564 0608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:28:31.0564 0608 NativeWifiP - ok
22:28:31.0626 0608 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
22:28:31.0642 0608 NDIS - ok
22:28:31.0736 0608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:28:31.0736 0608 NdisCap - ok
22:28:31.0767 0608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:28:31.0767 0608 NdisTapi - ok
22:28:31.0798 0608 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
22:28:31.0798 0608 Ndisuio - ok
22:28:31.0876 0608 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
22:28:31.0876 0608 NdisWan - ok
22:28:31.0907 0608 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
22:28:31.0907 0608 NDProxy - ok
22:28:31.0985 0608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:28:32.0001 0608 NetBIOS - ok
22:28:32.0016 0608 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
22:28:32.0032 0608 NetBT - ok
22:28:32.0126 0608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
22:28:32.0126 0608 nfrd960 - ok
22:28:32.0157 0608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:28:32.0157 0608 Npfs - ok
22:28:32.0172 0608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:28:32.0172 0608 nsiproxy - ok
22:28:32.0266 0608 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
22:28:32.0297 0608 Ntfs - ok
22:28:32.0344 0608 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:28:32.0344 0608 Null - ok
22:28:32.0391 0608 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
22:28:32.0391 0608 nvraid - ok
22:28:32.0500 0608 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
22:28:32.0516 0608 nvstor - ok
22:28:32.0765 0608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
22:28:32.0765 0608 nv_agp - ok
22:28:32.0906 0608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
22:28:32.0906 0608 ohci1394 - ok
22:28:33.0046 0608 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
22:28:33.0062 0608 Parport - ok
22:28:33.0093 0608 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
22:28:33.0108 0608 partmgr - ok
22:28:33.0186 0608 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
22:28:33.0202 0608 pci - ok
22:28:33.0264 0608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
22:28:33.0264 0608 pciide - ok
22:28:33.0296 0608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
22:28:33.0296 0608 pcmcia - ok
22:28:33.0374 0608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:28:33.0389 0608 pcw - ok
22:28:33.0452 0608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:28:33.0452 0608 PEAUTH - ok
22:28:33.0530 0608 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
22:28:33.0530 0608 PGEffect - ok
22:28:33.0686 0608 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
22:28:33.0686 0608 PptpMiniport - ok
22:28:33.0717 0608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
22:28:33.0732 0608 Processor - ok
22:28:33.0779 0608 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
22:28:33.0779 0608 Psched - ok
22:28:33.0873 0608 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
22:28:33.0873 0608 PxHlpa64 - ok
22:28:33.0951 0608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
22:28:33.0982 0608 ql2300 - ok
22:28:34.0076 0608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
22:28:34.0076 0608 ql40xx - ok
22:28:34.0107 0608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:28:34.0107 0608 QWAVEdrv - ok
22:28:34.0122 0608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:28:34.0122 0608 RasAcd - ok
22:28:34.0169 0608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:28:34.0169 0608 RasAgileVpn - ok
22:28:34.0232 0608 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
22:28:34.0232 0608 Rasl2tp - ok
22:28:34.0263 0608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:28:34.0263 0608 RasPppoe - ok
22:28:34.0278 0608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:28:34.0278 0608 RasSstp - ok
22:28:34.0294 0608 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
22:28:34.0310 0608 rdbss - ok
22:28:34.0325 0608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
22:28:34.0341 0608 rdpbus - ok
22:28:34.0419 0608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:28:34.0419 0608 RDPCDD - ok
22:28:34.0512 0608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:28:34.0512 0608 RDPENCDD - ok
22:28:34.0559 0608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:28:34.0559 0608 RDPREFMP - ok
22:28:34.0622 0608 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
22:28:34.0622 0608 RDPWD - ok
22:28:34.0715 0608 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
22:28:34.0731 0608 rdyboost - ok
22:28:34.0778 0608 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\windows\system32\DRIVERS\rimspe64.sys
22:28:34.0778 0608 rimspci - ok
22:28:34.0840 0608 risdpcie (7dda2e5cf452dad24b1be704225c18ee) C:\windows\system32\DRIVERS\risdpe64.sys
22:28:34.0840 0608 risdpcie - ok
22:28:34.0871 0608 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\windows\system32\DRIVERS\rixdpe64.sys
22:28:34.0871 0608 rixdpcie - ok
22:28:34.0918 0608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:28:34.0918 0608 rspndr - ok
22:28:35.0027 0608 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\windows\system32\DRIVERS\Rt64win7.sys
22:28:35.0027 0608 RTL8167 - ok
22:28:35.0105 0608 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys
22:28:35.0121 0608 rtl8192se - ok
22:28:35.0214 0608 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
22:28:35.0214 0608 sbp2port - ok
22:28:35.0230 0608 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
22:28:35.0230 0608 scfilter - ok
22:28:35.0277 0608 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
22:28:35.0277 0608 sdbus - ok
22:28:35.0355 0608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:28:35.0355 0608 secdrv - ok
22:28:35.0386 0608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
22:28:35.0386 0608 Serenum - ok
22:28:35.0417 0608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
22:28:35.0417 0608 Serial - ok
22:28:35.0495 0608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
22:28:35.0511 0608 sermouse - ok
22:28:35.0526 0608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
22:28:35.0542 0608 sffdisk - ok
22:28:35.0542 0608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
22:28:35.0542 0608 sffp_mmc - ok
22:28:35.0558 0608 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
22:28:35.0558 0608 sffp_sd - ok
22:28:35.0573 0608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
22:28:35.0573 0608 sfloppy - ok
22:28:35.0604 0608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:28:35.0604 0608 SiSRaid2 - ok
22:28:35.0620 0608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
22:28:35.0620 0608 SiSRaid4 - ok
22:28:35.0651 0608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:28:35.0651 0608 Smb - ok
22:28:35.0745 0608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:28:35.0745 0608 spldr - ok
22:28:35.0792 0608 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
22:28:35.0807 0608 srv - ok
22:28:35.0901 0608 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
22:28:35.0901 0608 srv2 - ok
22:28:35.0963 0608 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
22:28:35.0963 0608 SrvHsfHDA - ok
22:28:36.0088 0608 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
22:28:36.0104 0608 SrvHsfV92 - ok
22:28:36.0213 0608 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
22:28:36.0228 0608 SrvHsfWinac - ok
22:28:36.0306 0608 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
22:28:36.0306 0608 srvnet - ok
22:28:36.0384 0608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
22:28:36.0384 0608 stexstor - ok
22:28:36.0494 0608 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
22:28:36.0494 0608 StillCam - ok
22:28:36.0618 0608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:28:36.0618 0608 swenum - ok
22:28:36.0665 0608 SynTP (e28ca52ecf8cb6eb04b34de440ba260e) C:\windows\system32\DRIVERS\SynTP.sys
22:28:36.0665 0608 SynTP - ok
22:28:36.0852 0608 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
22:28:36.0899 0608 Tcpip - ok
22:28:37.0086 0608 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
22:28:37.0118 0608 TCPIP6 - ok
22:28:37.0211 0608 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
22:28:37.0211 0608 tcpipreg - ok
22:28:37.0274 0608 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
22:28:37.0274 0608 tdcmdpst - ok
22:28:37.0352 0608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:28:37.0352 0608 TDPIPE - ok
22:28:37.0367 0608 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
22:28:37.0367 0608 TDTCP - ok
22:28:37.0398 0608 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
22:28:37.0398 0608 tdx - ok
22:28:37.0430 0608 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
22:28:37.0430 0608 TermDD - ok
22:28:37.0508 0608 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
22:28:37.0523 0608 Thpdrv - ok
22:28:37.0554 0608 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
22:28:37.0570 0608 Thpevm - ok
22:28:37.0726 0608 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
22:28:37.0726 0608 tos_sps64 - ok
22:28:37.0820 0608 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
22:28:37.0820 0608 tssecsrv - ok
22:28:37.0866 0608 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
22:28:37.0866 0608 tunnel - ok
22:28:37.0913 0608 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:28:37.0913 0608 TVALZ - ok
22:28:37.0976 0608 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
22:28:37.0976 0608 TVALZFL - ok
22:28:38.0022 0608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
22:28:38.0022 0608 uagp35 - ok
22:28:38.0054 0608 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
22:28:38.0069 0608 udfs - ok
22:28:38.0085 0608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
22:28:38.0085 0608 uliagpkx - ok
22:28:38.0163 0608 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
22:28:38.0163 0608 umbus - ok
22:28:38.0210 0608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
22:28:38.0210 0608 UmPass - ok
22:28:38.0256 0608 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
22:28:38.0272 0608 usbccgp - ok
22:28:38.0350 0608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
22:28:38.0350 0608 usbcir - ok
22:28:38.0412 0608 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\drivers\usbehci.sys
22:28:38.0444 0608 usbehci - ok
22:28:38.0756 0608 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
22:28:38.0756 0608 usbhub - ok
22:28:38.0802 0608 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
22:28:38.0802 0608 usbohci - ok
22:28:38.0865 0608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:28:38.0865 0608 usbprint - ok
22:28:38.0958 0608 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:28:38.0958 0608 USBSTOR - ok
22:28:39.0005 0608 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
22:28:39.0005 0608 usbuhci - ok
22:28:39.0130 0608 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
22:28:39.0130 0608 usbvideo - ok
22:28:39.0192 0608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
22:28:39.0192 0608 vdrvroot - ok
22:28:39.0302 0608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:28:39.0302 0608 vga - ok
22:28:39.0333 0608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:28:39.0333 0608 VgaSave - ok
22:28:39.0348 0608 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
22:28:39.0364 0608 vhdmp - ok
22:28:39.0364 0608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
22:28:39.0380 0608 viaide - ok
22:28:39.0411 0608 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
22:28:39.0411 0608 volmgr - ok
22:28:39.0458 0608 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
22:28:39.0473 0608 volmgrx - ok
22:28:39.0551 0608 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
22:28:39.0567 0608 volsnap - ok
22:28:39.0598 0608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
22:28:39.0598 0608 vsmraid - ok
22:28:39.0629 0608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:28:39.0629 0608 vwifibus - ok
22:28:39.0707 0608 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:28:39.0707 0608 vwififlt - ok
22:28:39.0738 0608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
22:28:39.0738 0608 WacomPen - ok
22:28:39.0816 0608 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
22:28:39.0832 0608 WANARP - ok
22:28:39.0832 0608 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
22:28:39.0832 0608 Wanarpv6 - ok
22:28:39.0957 0608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
22:28:39.0957 0608 Wd - ok
22:28:39.0988 0608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:28:40.0004 0608 Wdf01000 - ok
22:28:40.0144 0608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:28:40.0144 0608 WfpLwf - ok
22:28:40.0160 0608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:28:40.0160 0608 WIMMount - ok
22:28:40.0300 0608 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
22:28:40.0300 0608 WinUsb - ok
22:28:40.0347 0608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
22:28:40.0347 0608 WmiAcpi - ok
22:28:40.0456 0608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:28:40.0456 0608 ws2ifsl - ok
22:28:40.0503 0608 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
22:28:40.0503 0608 WudfPf - ok
22:28:40.0612 0608 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
22:28:40.0612 0608 WUDFRd - ok
22:28:40.0706 0608 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:28:40.0924 0608 \Device\Harddisk0\DR0 - ok
22:28:40.0940 0608 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
22:28:40.0940 0608 \Device\Harddisk1\DR4 - ok
22:28:40.0955 0608 Boot (0x1200) (a929511bccd67685bc1d3913ac6bc708) \Device\Harddisk0\DR0\Partition0
22:28:40.0955 0608 \Device\Harddisk0\DR0\Partition0 - ok
22:28:40.0971 0608 Boot (0x1200) (424bcb40b8003cd8ba8133fb6addec4a) \Device\Harddisk1\DR4\Partition0
22:28:40.0971 0608 \Device\Harddisk1\DR4\Partition0 - ok
22:28:40.0971 0608 ============================================================
22:28:40.0971 0608 Scan finished
22:28:40.0971 0608 ============================================================
22:28:40.0986 5568 Detected object count: 0
22:28:40.0986 5568 Actual detected object count: 0
22:29:19.0113 1368 Deinitialize success

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 06 February 2012 - 05:18 PM

Are you still redirecting?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 hsimmons

hsimmons
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 06 February 2012 - 06:40 PM

Yes, still being redirected, but not as often.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 06 February 2012 - 09:45 PM

Let's look at these then.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.




Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 hsimmons

hsimmons
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 11 February 2012 - 12:30 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:29 on 11/02/2012 (Simmons)
Firefox version [Unable to determine]

========== GooredScan ==========

Removing Orphan:
"{4C0766D3-67A7-45a3-85A2-752F77312F32}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [12:55 28/05/2011]

-=E.O.F=-

#10 hsimmons

hsimmons
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 11 February 2012 - 12:39 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:29 on 11/02/2012 (Simmons)
Firefox version [Unable to determine]

========== GooredScan ==========

Removing Orphan:
"{4C0766D3-67A7-45a3-85A2-752F77312F32}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [12:55 28/05/2011]

-=E.O.F=-

#11 hsimmons

hsimmons
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 11 February 2012 - 12:52 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 12:50:03
-----------------------------
12:50:03.223 OS Version: Windows x64 6.1.7600
12:50:03.223 Number of processors: 4 586 0x2502
12:50:03.223 ComputerName: SIMMONS-PC UserName: Simmons
12:50:05.643 Initialize success
12:50:10.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:50:10.593 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
12:50:10.603 Disk 0 MBR read successfully
12:50:10.603 Disk 0 MBR scan
12:50:10.603 Disk 0 Windows VISTA default MBR code
12:50:10.623 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:50:10.633 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464784 MB offset 3074048
12:50:10.663 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10655 MB offset 954951680
12:50:10.663 Service scanning
12:50:12.943 Modules scanning
12:50:12.943 Disk 0 trace - called modules:
12:50:12.973 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys
12:50:12.983 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c19060]
12:50:12.993 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004c18060]
12:50:13.003 Scan finished successfully
12:50:54.563 Disk 0 MBR has been saved successfully to "C:\Users\Simmons\Desktop\MBR.dat"
12:50:54.573 The log file has been saved successfully to "C:\Users\Simmons\Desktop\aswMBR.txt"

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 11 February 2012 - 04:04 PM

OK,we removed an issue,
If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.

Either way run this to see if there is anything left.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 hsimmons

hsimmons
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 12 February 2012 - 04:26 PM

C:\Users\Simmons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\3955170a-75f5bf38 a variant of Win32/Kryptik.AAAQ trojan cleaned by deleting - quarantined
C:\Users\Simmons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\7b82a25a-1d657e47 a variant of Win32/Kryptik.ZRY trojan cleaned by deleting - quarantined
C:\Users\Simmons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\7b82a25a-47f44cdf a variant of Win32/Kryptik.ZRY trojan cleaned by deleting - quarantined
C:\Users\Simmons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\25e259de-20e92fc7 Java/Exploit.CVE-2011-3544.AK trojan deleted - quarantined
C:\Users\Simmons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\52aa70a9-65d8e24e Java/Exploit.CVE-2011-3544.AM trojan deleted - quarantined
C:\Users\Simmons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6ab98476-4ac52186 a variant of Win32/Kryptik.ZUD trojan cleaned by deleting - quarantined
C:\Users\Simmons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\a042308-32e654cb a variant of Java/Exploit.CVE-2011-3544.AM trojan deleted - quarantined
C:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
C:\Windows\System32\2kyNg6.com_ Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Windows\Temp\hki25292.exe Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\Windows\Temp\effrir\setup.exe a variant of Win32/Kryptik.AAFJ trojan cleaned by deleting - quarantined
C:\Windows\Temp\xqmthf\setup.exe a variant of Win32/TrojanDownloader.Delf.POH trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

#14 hsimmons

hsimmons
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 12 February 2012 - 07:43 PM

Still getting some redirects

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 12 February 2012 - 08:54 PM

Lets reset the hosts file.


Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.



If stll redirecting then we'll need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users