Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Halp! Redirect Virus


  • Please log in to reply
16 replies to this topic

#1 splooop

splooop

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 07 February 2012 - 01:19 AM

Firefox and Chrome have both been hijacked, while IE still works (although I do not use it). I have tried Norton Power Eraser and Malewarebytes, which both picked up and removed several things, but the problem still persists. I have also tried a few tutorials where I messed around with some hosts files, but I really had no idea what I was doing and they also did not work. I am by no means a tech savvy user, and am basically technologically illiterate. I created this account specifically seeking help to solve this problem.
I'm not sure if this is important, but I have noticed that the virus has began redirecting to different websites over time. Initially it was only to infomash.org and starfeedsmixer, but now it has changed to GimmeAnswers and happili, as well as several others.

Any help at all is greatly appreciated, thanks in advance.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 PM

Posted 07 February 2012 - 02:39 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 splooop

splooop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 07 February 2012 - 03:34 AM

TDSS came up with nothing
00:29:24.0780 0888 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
00:29:25.0515 0888 ============================================================
00:29:25.0515 0888 Current date / time: 2012/02/07 00:29:25.0515
00:29:25.0515 0888 SystemInfo:
00:29:25.0515 0888
00:29:25.0516 0888 OS Version: 6.0.6002 ServicePack: 2.0
00:29:25.0516 0888 Product type: Workstation
00:29:25.0516 0888 ComputerName: ARTHUR-PC
00:29:25.0516 0888 UserName: Arthur
00:29:25.0516 0888 Windows directory: C:\Windows
00:29:25.0516 0888 System windows directory: C:\Windows
00:29:25.0516 0888 Running under WOW64
00:29:25.0516 0888 Processor architecture: Intel x64
00:29:25.0516 0888 Number of processors: 2
00:29:25.0516 0888 Page size: 0x1000
00:29:25.0516 0888 Boot type: Normal boot
00:29:25.0516 0888 ============================================================
00:29:26.0072 0888 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
00:29:26.0081 0888 \Device\Harddisk0\DR0:
00:29:26.0081 0888 MBR used
00:29:26.0081 0888 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38799F51
00:29:26.0081 0888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38799F90, BlocksNum 0x1BEA900
00:29:26.0149 0888 Initialize success
00:29:26.0149 0888 ============================================================
00:29:27.0207 5796 ============================================================
00:29:27.0207 5796 Scan started
00:29:27.0207 5796 Mode: Manual;
00:29:27.0207 5796 ============================================================
00:29:27.0965 5796 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
00:29:27.0970 5796 ACPI - ok
00:29:28.0023 5796 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
00:29:28.0032 5796 adp94xx - ok
00:29:28.0055 5796 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
00:29:28.0063 5796 adpahci - ok
00:29:28.0084 5796 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
00:29:28.0088 5796 adpu160m - ok
00:29:28.0119 5796 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
00:29:28.0124 5796 adpu320 - ok
00:29:28.0183 5796 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
00:29:28.0191 5796 AFD - ok
00:29:28.0248 5796 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
00:29:28.0273 5796 AgereSoftModem - ok
00:29:28.0305 5796 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
00:29:28.0309 5796 agp440 - ok
00:29:28.0326 5796 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
00:29:28.0329 5796 aic78xx - ok
00:29:28.0353 5796 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
00:29:28.0356 5796 aliide - ok
00:29:28.0389 5796 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
00:29:28.0393 5796 amdide - ok
00:29:28.0421 5796 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
00:29:28.0424 5796 AmdK8 - ok
00:29:28.0467 5796 Amfilter (71aff825b960731e2ae366467bc0d1f3) C:\Windows\system32\DRIVERS\Amfltx64.sys
00:29:28.0469 5796 Amfilter - ok
00:29:28.0503 5796 Amusbprt (8f1db3d133197affa3a721953eb0988c) C:\Windows\system32\DRIVERS\Amusbx64.sys
00:29:28.0506 5796 Amusbprt - ok
00:29:28.0555 5796 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
00:29:28.0559 5796 arc - ok
00:29:28.0599 5796 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
00:29:28.0603 5796 arcsas - ok
00:29:28.0629 5796 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
00:29:28.0632 5796 AsyncMac - ok
00:29:28.0658 5796 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
00:29:28.0661 5796 atapi - ok
00:29:28.0815 5796 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
00:29:28.0841 5796 BHDrvx64 - ok
00:29:28.0919 5796 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
00:29:28.0925 5796 blbdrive - ok
00:29:28.0996 5796 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
00:29:29.0000 5796 bowser - ok
00:29:29.0055 5796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
00:29:29.0057 5796 BrFiltLo - ok
00:29:29.0073 5796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
00:29:29.0076 5796 BrFiltUp - ok
00:29:29.0111 5796 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
00:29:29.0115 5796 Brserid - ok
00:29:29.0143 5796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
00:29:29.0147 5796 BrSerWdm - ok
00:29:29.0175 5796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
00:29:29.0177 5796 BrUsbMdm - ok
00:29:29.0207 5796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
00:29:29.0210 5796 BrUsbSer - ok
00:29:29.0239 5796 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
00:29:29.0243 5796 BTHMODEM - ok
00:29:29.0288 5796 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
00:29:29.0292 5796 cdfs - ok
00:29:29.0330 5796 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
00:29:29.0333 5796 cdrom - ok
00:29:29.0372 5796 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
00:29:29.0375 5796 circlass - ok
00:29:29.0414 5796 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
00:29:29.0422 5796 CLFS - ok
00:29:29.0465 5796 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
00:29:29.0467 5796 cmdide - ok
00:29:29.0487 5796 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
00:29:29.0490 5796 Compbatt - ok
00:29:29.0521 5796 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
00:29:29.0524 5796 crcdisk - ok
00:29:29.0647 5796 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
00:29:29.0651 5796 DfsC - ok
00:29:30.0154 5796 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
00:29:30.0156 5796 disk - ok
00:29:30.0222 5796 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
00:29:30.0225 5796 drmkaud - ok
00:29:30.0276 5796 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
00:29:30.0291 5796 DXGKrnl - ok
00:29:30.0339 5796 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
00:29:30.0343 5796 E1G60 - ok
00:29:30.0386 5796 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
00:29:30.0388 5796 Ecache - ok
00:29:30.0475 5796 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:29:30.0481 5796 eeCtrl - ok
00:29:30.0632 5796 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
00:29:30.0663 5796 elxstor - ok
00:29:30.0751 5796 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:29:30.0771 5796 EraserUtilRebootDrv - ok
00:29:30.0830 5796 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
00:29:30.0835 5796 ErrDev - ok
00:29:30.0895 5796 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
00:29:30.0899 5796 exfat - ok
00:29:30.0929 5796 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
00:29:30.0935 5796 fastfat - ok
00:29:30.0982 5796 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
00:29:30.0985 5796 fdc - ok
00:29:31.0006 5796 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
00:29:31.0011 5796 FileInfo - ok
00:29:31.0060 5796 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
00:29:31.0071 5796 Filetrace - ok
00:29:31.0092 5796 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:29:31.0095 5796 flpydisk - ok
00:29:31.0126 5796 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
00:29:31.0132 5796 FltMgr - ok
00:29:31.0156 5796 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
00:29:31.0160 5796 Fs_Rec - ok
00:29:31.0192 5796 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
00:29:31.0199 5796 gagp30kx - ok
00:29:31.0271 5796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:29:31.0274 5796 GEARAspiWDM - ok
00:29:31.0332 5796 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:29:31.0346 5796 HDAudBus - ok
00:29:31.0382 5796 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
00:29:31.0407 5796 HidBth - ok
00:29:31.0460 5796 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
00:29:31.0463 5796 HidIr - ok
00:29:31.0495 5796 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
00:29:31.0497 5796 HidUsb - ok
00:29:31.0545 5796 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
00:29:31.0563 5796 HpCISSs - ok
00:29:31.0617 5796 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
00:29:31.0650 5796 HTTP - ok
00:29:31.0685 5796 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
00:29:31.0706 5796 i2omp - ok
00:29:31.0764 5796 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
00:29:31.0767 5796 i8042prt - ok
00:29:31.0800 5796 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
00:29:31.0806 5796 iaStorV - ok
00:29:31.0967 5796 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120203.002\IDSvia64.sys
00:29:31.0976 5796 IDSVia64 - ok
00:29:32.0062 5796 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
00:29:32.0079 5796 iirsp - ok
00:29:32.0181 5796 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
00:29:32.0239 5796 IntcAzAudAddService - ok
00:29:32.0296 5796 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
00:29:32.0299 5796 intelide - ok
00:29:32.0328 5796 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
00:29:32.0331 5796 intelppm - ok
00:29:32.0414 5796 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:29:32.0418 5796 IpFilterDriver - ok
00:29:32.0432 5796 IpInIp - ok
00:29:32.0481 5796 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
00:29:32.0485 5796 IPMIDRV - ok
00:29:32.0519 5796 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
00:29:32.0523 5796 IPNAT - ok
00:29:32.0556 5796 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
00:29:32.0558 5796 IRENUM - ok
00:29:32.0590 5796 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
00:29:32.0593 5796 isapnp - ok
00:29:32.0629 5796 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
00:29:32.0634 5796 iScsiPrt - ok
00:29:32.0655 5796 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
00:29:32.0658 5796 iteatapi - ok
00:29:32.0676 5796 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
00:29:32.0679 5796 iteraid - ok
00:29:32.0691 5796 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
00:29:32.0693 5796 kbdclass - ok
00:29:32.0744 5796 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
00:29:32.0746 5796 kbdhid - ok
00:29:32.0796 5796 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
00:29:32.0805 5796 KSecDD - ok
00:29:32.0835 5796 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
00:29:32.0838 5796 ksthunk - ok
00:29:32.0889 5796 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
00:29:32.0893 5796 lltdio - ok
00:29:32.0933 5796 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
00:29:32.0937 5796 LSI_FC - ok
00:29:32.0987 5796 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
00:29:32.0990 5796 LSI_SAS - ok
00:29:33.0025 5796 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
00:29:33.0033 5796 LSI_SCSI - ok
00:29:33.0072 5796 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
00:29:33.0075 5796 luafv - ok
00:29:33.0088 5796 LVcKap64 - ok
00:29:33.0132 5796 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
00:29:33.0135 5796 megasas - ok
00:29:33.0211 5796 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
00:29:33.0220 5796 MegaSR - ok
00:29:33.0255 5796 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
00:29:33.0257 5796 Modem - ok
00:29:33.0296 5796 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
00:29:33.0298 5796 monitor - ok
00:29:33.0331 5796 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
00:29:33.0334 5796 mouclass - ok
00:29:33.0345 5796 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
00:29:33.0347 5796 mouhid - ok
00:29:33.0359 5796 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
00:29:33.0362 5796 MountMgr - ok
00:29:33.0385 5796 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
00:29:33.0388 5796 mpio - ok
00:29:33.0414 5796 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
00:29:33.0417 5796 mpsdrv - ok
00:29:33.0436 5796 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
00:29:33.0438 5796 Mraid35x - ok
00:29:33.0496 5796 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
00:29:33.0498 5796 MREMP50 - ok
00:29:33.0519 5796 MREMP50a64 - ok
00:29:33.0528 5796 MREMPR5 - ok
00:29:33.0539 5796 MRENDIS5 - ok
00:29:33.0585 5796 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
00:29:33.0588 5796 MRESP50 - ok
00:29:33.0597 5796 MRESP50a64 - ok
00:29:33.0687 5796 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
00:29:33.0689 5796 MRxDAV - ok
00:29:33.0728 5796 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:29:33.0731 5796 mrxsmb - ok
00:29:33.0743 5796 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:29:33.0748 5796 mrxsmb10 - ok
00:29:33.0766 5796 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:29:33.0769 5796 mrxsmb20 - ok
00:29:33.0803 5796 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
00:29:33.0805 5796 msahci - ok
00:29:33.0824 5796 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
00:29:33.0828 5796 msdsm - ok
00:29:33.0861 5796 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
00:29:33.0863 5796 Msfs - ok
00:29:33.0883 5796 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
00:29:33.0885 5796 msisadrv - ok
00:29:33.0905 5796 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
00:29:33.0908 5796 MSKSSRV - ok
00:29:33.0941 5796 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
00:29:33.0943 5796 MSPCLOCK - ok
00:29:33.0968 5796 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
00:29:33.0970 5796 MSPQM - ok
00:29:34.0001 5796 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
00:29:34.0008 5796 MsRPC - ok
00:29:34.0026 5796 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
00:29:34.0027 5796 mssmbios - ok
00:29:34.0042 5796 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
00:29:34.0044 5796 MSTEE - ok
00:29:34.0077 5796 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
00:29:34.0079 5796 Mup - ok
00:29:34.0111 5796 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
00:29:34.0117 5796 NativeWifiP - ok
00:29:34.0197 5796 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120206.020\ENG64.SYS
00:29:34.0214 5796 NAVENG - ok
00:29:34.0292 5796 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120206.020\EX64.SYS
00:29:34.0334 5796 NAVEX15 - ok
00:29:34.0426 5796 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
00:29:34.0438 5796 NDIS - ok
00:29:34.0472 5796 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
00:29:34.0476 5796 NdisTapi - ok
00:29:34.0494 5796 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
00:29:34.0497 5796 Ndisuio - ok
00:29:34.0515 5796 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
00:29:34.0519 5796 NdisWan - ok
00:29:34.0529 5796 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
00:29:34.0533 5796 NDProxy - ok
00:29:34.0548 5796 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
00:29:34.0551 5796 NetBIOS - ok
00:29:34.0577 5796 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
00:29:34.0583 5796 netbt - ok
00:29:34.0645 5796 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
00:29:34.0651 5796 nfrd960 - ok
00:29:34.0692 5796 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
00:29:34.0695 5796 Npfs - ok
00:29:34.0735 5796 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
00:29:34.0737 5796 nsiproxy - ok
00:29:34.0780 5796 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
00:29:34.0813 5796 Ntfs - ok
00:29:34.0826 5796 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
00:29:34.0828 5796 Null - ok
00:29:34.0904 5796 NVENETFD (47e206deb9e7260c033ca53795e97c21) C:\Windows\system32\DRIVERS\nvmfdx64.sys
00:29:34.0940 5796 NVENETFD - ok
00:29:35.0159 5796 nvlddmkm (1c4db04ebf98f9ede804905e91bed9ae) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:29:35.0295 5796 nvlddmkm - ok
00:29:35.0353 5796 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
00:29:35.0357 5796 nvraid - ok
00:29:35.0388 5796 nvrd64 (2f60404c51999daed32517606b6b9585) C:\Windows\system32\drivers\nvrd64.sys
00:29:35.0390 5796 nvrd64 - ok
00:29:35.0426 5796 nvsmu (16d36074b84da72d160233c8d132dc89) C:\Windows\system32\drivers\nvsmu.sys
00:29:35.0428 5796 nvsmu - ok
00:29:35.0453 5796 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
00:29:35.0470 5796 nvstor - ok
00:29:35.0498 5796 nvstor64 (3eae16d8e9c4ed4725186eace6f5357a) C:\Windows\system32\drivers\nvstor64.sys
00:29:35.0499 5796 nvstor64 - ok
00:29:35.0537 5796 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
00:29:35.0541 5796 nv_agp - ok
00:29:35.0549 5796 NwlnkFlt - ok
00:29:35.0562 5796 NwlnkFwd - ok
00:29:35.0584 5796 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
00:29:35.0586 5796 ohci1394 - ok
00:29:35.0620 5796 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
00:29:35.0622 5796 Parport - ok
00:29:35.0658 5796 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
00:29:35.0660 5796 partmgr - ok
00:29:35.0744 5796 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
00:29:35.0762 5796 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
00:29:35.0824 5796 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
00:29:35.0829 5796 pci - ok
00:29:35.0855 5796 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
00:29:35.0858 5796 pciide - ok
00:29:35.0882 5796 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
00:29:35.0887 5796 pcmcia - ok
00:29:35.0918 5796 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
00:29:35.0930 5796 PEAUTH - ok
00:29:36.0032 5796 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
00:29:36.0035 5796 PptpMiniport - ok
00:29:36.0052 5796 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
00:29:36.0053 5796 Processor - ok
00:29:36.0096 5796 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
00:29:36.0100 5796 PSched - ok
00:29:36.0139 5796 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
00:29:36.0165 5796 ql2300 - ok
00:29:36.0211 5796 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
00:29:36.0217 5796 ql40xx - ok
00:29:36.0256 5796 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
00:29:36.0259 5796 QWAVEdrv - ok
00:29:36.0279 5796 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
00:29:36.0281 5796 RasAcd - ok
00:29:36.0325 5796 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:29:36.0329 5796 Rasl2tp - ok
00:29:36.0344 5796 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
00:29:36.0348 5796 RasPppoe - ok
00:29:36.0376 5796 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
00:29:36.0380 5796 RasSstp - ok
00:29:36.0424 5796 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
00:29:36.0433 5796 rdbss - ok
00:29:36.0447 5796 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:29:36.0449 5796 RDPCDD - ok
00:29:36.0484 5796 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
00:29:36.0492 5796 rdpdr - ok
00:29:36.0502 5796 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
00:29:36.0504 5796 RDPENCDD - ok
00:29:36.0530 5796 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
00:29:36.0534 5796 RDPWD - ok
00:29:36.0579 5796 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
00:29:36.0581 5796 rspndr - ok
00:29:36.0600 5796 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
00:29:36.0603 5796 sbp2port - ok
00:29:36.0644 5796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:29:36.0646 5796 secdrv - ok
00:29:36.0671 5796 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
00:29:36.0673 5796 Serenum - ok
00:29:36.0689 5796 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
00:29:36.0692 5796 Serial - ok
00:29:36.0709 5796 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
00:29:36.0711 5796 sermouse - ok
00:29:36.0743 5796 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
00:29:36.0745 5796 sffdisk - ok
00:29:36.0761 5796 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
00:29:36.0763 5796 sffp_mmc - ok
00:29:36.0779 5796 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
00:29:36.0781 5796 sffp_sd - ok
00:29:36.0804 5796 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
00:29:36.0805 5796 sfloppy - ok
00:29:36.0827 5796 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
00:29:36.0830 5796 SiSRaid2 - ok
00:29:36.0852 5796 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
00:29:36.0855 5796 SiSRaid4 - ok
00:29:36.0883 5796 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
00:29:36.0885 5796 Smb - ok
00:29:36.0917 5796 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
00:29:36.0918 5796 spldr - ok
00:29:36.0989 5796 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS
00:29:37.0001 5796 SRTSP - ok
00:29:37.0015 5796 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS
00:29:37.0017 5796 SRTSPX - ok
00:29:37.0049 5796 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
00:29:37.0055 5796 srv - ok
00:29:37.0093 5796 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
00:29:37.0096 5796 srv2 - ok
00:29:37.0123 5796 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
00:29:37.0125 5796 srvnet - ok
00:29:37.0173 5796 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
00:29:37.0176 5796 swenum - ok
00:29:37.0206 5796 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
00:29:37.0208 5796 Symc8xx - ok
00:29:37.0294 5796 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS
00:29:37.0301 5796 SymDS - ok
00:29:37.0334 5796 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS
00:29:37.0351 5796 SymEFA - ok
00:29:37.0406 5796 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:29:37.0410 5796 SymEvent - ok
00:29:37.0426 5796 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS
00:29:37.0429 5796 SymIRON - ok
00:29:37.0454 5796 SYMTDIv (61d06be74fa23ebb7d816e4468edd19e) C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMTDIV.SYS
00:29:37.0464 5796 SYMTDIv - ok
00:29:37.0493 5796 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
00:29:37.0496 5796 Sym_hi - ok
00:29:37.0527 5796 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
00:29:37.0530 5796 Sym_u3 - ok
00:29:37.0601 5796 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
00:29:37.0632 5796 Tcpip - ok
00:29:37.0681 5796 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
00:29:37.0698 5796 Tcpip6 - ok
00:29:37.0763 5796 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
00:29:37.0771 5796 tcpipreg - ok
00:29:37.0789 5796 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
00:29:37.0791 5796 TDPIPE - ok
00:29:37.0813 5796 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
00:29:37.0816 5796 TDTCP - ok
00:29:37.0847 5796 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
00:29:37.0850 5796 tdx - ok
00:29:37.0864 5796 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
00:29:37.0866 5796 TermDD - ok
00:29:37.0907 5796 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:29:37.0909 5796 tssecsrv - ok
00:29:37.0932 5796 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
00:29:37.0934 5796 tunmp - ok
00:29:37.0973 5796 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
00:29:37.0975 5796 tunnel - ok
00:29:38.0005 5796 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
00:29:38.0008 5796 uagp35 - ok
00:29:38.0097 5796 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
00:29:38.0104 5796 udfs - ok
00:29:38.0167 5796 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
00:29:38.0171 5796 uliagpkx - ok
00:29:38.0217 5796 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
00:29:38.0222 5796 uliahci - ok
00:29:38.0248 5796 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
00:29:38.0253 5796 UlSata - ok
00:29:38.0274 5796 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
00:29:38.0281 5796 ulsata2 - ok
00:29:38.0299 5796 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
00:29:38.0313 5796 umbus - ok
00:29:38.0394 5796 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
00:29:38.0396 5796 USBAAPL64 - ok
00:29:38.0449 5796 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
00:29:38.0453 5796 usbaudio - ok
00:29:38.0507 5796 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
00:29:38.0512 5796 usbccgp - ok
00:29:38.0542 5796 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
00:29:38.0546 5796 usbcir - ok
00:29:38.0575 5796 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
00:29:38.0578 5796 usbehci - ok
00:29:38.0614 5796 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
00:29:38.0620 5796 usbhub - ok
00:29:38.0640 5796 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
00:29:38.0643 5796 usbohci - ok
00:29:38.0671 5796 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
00:29:38.0674 5796 usbprint - ok
00:29:38.0699 5796 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:29:38.0703 5796 USBSTOR - ok
00:29:38.0719 5796 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
00:29:38.0722 5796 usbuhci - ok
00:29:38.0753 5796 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
00:29:38.0756 5796 vga - ok
00:29:38.0782 5796 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
00:29:38.0784 5796 VgaSave - ok
00:29:38.0816 5796 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
00:29:38.0819 5796 viaide - ok
00:29:38.0852 5796 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
00:29:38.0855 5796 volmgr - ok
00:29:38.0892 5796 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
00:29:38.0900 5796 volmgrx - ok
00:29:38.0924 5796 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
00:29:38.0930 5796 volsnap - ok
00:29:38.0952 5796 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
00:29:38.0956 5796 vsmraid - ok
00:29:39.0001 5796 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
00:29:39.0004 5796 WacomPen - ok
00:29:39.0048 5796 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
00:29:39.0051 5796 Wanarp - ok
00:29:39.0058 5796 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
00:29:39.0062 5796 Wanarpv6 - ok
00:29:39.0118 5796 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
00:29:39.0121 5796 Wd - ok
00:29:39.0187 5796 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
00:29:39.0201 5796 Wdf01000 - ok
00:29:39.0287 5796 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
00:29:39.0290 5796 WmiAcpi - ok
00:29:39.0339 5796 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
00:29:39.0343 5796 WpdUsb - ok
00:29:39.0366 5796 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
00:29:39.0369 5796 ws2ifsl - ok
00:29:39.0414 5796 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:29:39.0417 5796 WUDFRd - ok
00:29:39.0450 5796 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
00:29:39.0607 5796 \Device\Harddisk0\DR0 - ok
00:29:39.0613 5796 Boot (0x1200) (fbb43427094c3c25abdf57a5434ce959) \Device\Harddisk0\DR0\Partition0
00:29:39.0614 5796 \Device\Harddisk0\DR0\Partition0 - ok
00:29:39.0621 5796 Boot (0x1200) (e28962218e563af764a0d4568528b62a) \Device\Harddisk0\DR0\Partition1
00:29:39.0622 5796 \Device\Harddisk0\DR0\Partition1 - ok
00:29:39.0624 5796 ============================================================
00:29:39.0624 5796 Scan finished
00:29:39.0624 5796 ============================================================
00:29:39.0642 5520 Detected object count: 0
00:29:39.0642 5520 Actual detected object count: 0

#4 splooop

splooop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 08 February 2012 - 02:42 AM

Sorry I have 64-Bit Vista Home Premium, forgot to mention that.

Here is the log for aswMBR

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 00:33:30
-----------------------------
00:33:30.348 OS Version: Windows x64 6.0.6002 Service Pack 2
00:33:30.348 Number of processors: 2 586 0x203
00:33:30.349 ComputerName: ARTHUR-PC UserName: Arthur
00:33:32.916 Initialize success
00:36:26.857 AVAST engine defs: 12020601
00:36:44.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
00:36:44.913 Disk 0 Vendor: ST350041 HP22 Size: 476940MB BusType: 3
00:36:44.935 Disk 0 MBR read successfully
00:36:44.938 Disk 0 MBR scan
00:36:44.947 Disk 0 unknown MBR code
00:36:44.951 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462643 MB offset 63
00:36:44.983 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14293 MB offset 947494800
00:36:44.991 Service scanning
00:36:46.060 Modules scanning
00:36:46.065 Disk 0 trace - called modules:
00:36:46.071 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
00:36:46.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d92790]
00:36:46.083 3 CLASSPNP.SYS[fffffa6000794c33] -> nt!IofCallDriver -> [0xfffffa80040f8c60]
00:36:46.091 5 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\00000056[0xfffffa80040f0060]
00:36:47.140 AVAST engine scan C:\Windows
00:36:50.057 AVAST engine scan C:\Windows\system32
00:40:47.238 AVAST engine scan C:\Windows\system32\drivers
00:41:02.891 AVAST engine scan C:\Users\Arthur
00:56:37.953 File: C:\Users\Arthur\Downloads\Jack Johnson - In Between Dreams\Jack Johnson - In Between Dreams\MusicGen.exe **INFECTED** Win32:Trojan-gen
00:58:10.809 File: C:\Users\Arthur\Music\Jack Johnson - In Between Dreams\MusicGen.exe **INFECTED** Win32:Trojan-gen
00:59:10.879 AVAST engine scan C:\ProgramData
01:04:32.827 Disk 0 MBR has been saved successfully to "C:\Users\Arthur\Documents\MBR.dat"
01:04:32.829 The log file has been saved successfully to "C:\Users\Arthur\Documents\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 22:51:40
-----------------------------
22:51:40.288 OS Version: Windows x64 6.0.6002 Service Pack 2
22:51:40.289 Number of processors: 2 586 0x203
22:51:40.289 ComputerName: ARTHUR-PC UserName: Arthur
22:51:47.054 Initialize success
22:51:53.131 AVAST engine defs: 12020601
22:52:05.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
22:52:05.765 Disk 0 Vendor: ST350041 HP22 Size: 476940MB BusType: 3
22:52:05.785 Disk 0 MBR read successfully
22:52:05.789 Disk 0 MBR scan
22:52:05.795 Disk 0 unknown MBR code
22:52:05.810 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462643 MB offset 63
22:52:05.859 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14293 MB offset 947494800
22:52:05.866 Service scanning
22:52:07.098 Modules scanning
22:52:07.103 Disk 0 trace - called modules:
22:52:07.141 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
22:52:07.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ca1790]
22:52:07.153 3 CLASSPNP.SYS[fffffa600079bc33] -> nt!IofCallDriver -> [0xfffffa8003c58970]
22:52:07.510 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8003d2c9e0]
22:52:11.695 AVAST engine scan C:\Windows
22:52:16.225 AVAST engine scan C:\Windows\system32
22:57:02.121 AVAST engine scan C:\Windows\system32\drivers
22:57:23.548 AVAST engine scan C:\Users\Arthur
23:17:06.310 File: C:\Users\Arthur\Downloads\Jack Johnson - In Between Dreams\Jack Johnson - In Between Dreams\MusicGen.exe **INFECTED** Win32:Trojan-gen
23:18:56.865 File: C:\Users\Arthur\Music\Jack Johnson - In Between Dreams\MusicGen.exe **INFECTED** Win32:Trojan-gen
23:20:28.129 AVAST engine scan C:\ProgramData
23:32:00.847 Scan finished successfully
23:38:26.594 Disk 0 MBR has been saved successfully to "C:\Users\Arthur\Documents\MBR.dat"
23:38:26.606 The log file has been saved successfully to "C:\Users\Arthur\Documents\aswMBR.txt"

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 PM

Posted 08 February 2012 - 08:20 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Post the clean log

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts

Click Go and post the result.

I want you to run aswmbr once and let me know if you still face redirects

#6 splooop

splooop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 09 February 2012 - 02:35 AM


Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.09.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
Arthur :: ARTHUR-PC [administrator]

2/8/2012 6:38:41 PM
mbam-log-2012-02-08 (18-38-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186665
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Arthur\Local Settings\rundll32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Arthur\Local Settings\Application Data\rundll32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)





ESET Scanner Log

C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\ReactivateIE.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan deleted - quarantined
C:\Users\Arthur\AppData\Local\Temp\NODCFC7.tmp a variant of Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined
C:\Users\Arthur\Desktop\GooredFix Backups\C\Users\Arthur\Application Data\Mozilla\Firefox\Profiles\81sq55n0.default\extensions\{afb83c13-4265-40de-ade6-2c419bbbf25b}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Arthur\Downloads\cbfileinforegistrybooster.exe a variant of Win32/RegistryBooster application deleted - quarantined





Mini Toolbox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Arthur (administrator) on 08-02-2012 at 23:34:19
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost


**** End of log ****

#7 splooop

splooop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 09 February 2012 - 02:37 AM


Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.09.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
Arthur :: ARTHUR-PC [administrator]

2/8/2012 6:38:41 PM
mbam-log-2012-02-08 (18-38-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186665
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Arthur\Local Settings\rundll32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Arthur\Local Settings\Application Data\rundll32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)





ESET Scanner Log

C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\ReactivateIE.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan deleted - quarantined
C:\Users\Arthur\AppData\Local\Temp\NODCFC7.tmp a variant of Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined
C:\Users\Arthur\Desktop\GooredFix Backups\C\Users\Arthur\Application Data\Mozilla\Firefox\Profiles\81sq55n0.default\extensions\{afb83c13-4265-40de-ade6-2c419bbbf25b}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Arthur\Downloads\cbfileinforegistrybooster.exe a variant of Win32/RegistryBooster application deleted - quarantined





Mini Toolbox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Arthur (administrator) on 08-02-2012 at 23:34:19
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost


**** End of log ****

#8 splooop

splooop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 09 February 2012 - 02:38 AM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
Arthur :: ARTHUR-PC [administrator]

2/8/2012 6:38:41 PM
mbam-log-2012-02-08 (18-38-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186665
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Arthur\Local Settings\rundll32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Arthur\Local Settings\Application Data\rundll32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Arthur\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)





ESET Scanner Log

C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\ReactivateIE.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan deleted - quarantined
C:\Users\Arthur\AppData\Local\Temp\NODCFC7.tmp a variant of Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined
C:\Users\Arthur\Desktop\GooredFix Backups\C\Users\Arthur\Application Data\Mozilla\Firefox\Profiles\81sq55n0.default\extensions\{afb83c13-4265-40de-ade6-2c419bbbf25b}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Arthur\Downloads\cbfileinforegistrybooster.exe a variant of Win32/RegistryBooster application deleted - quarantined





Mini Toolbox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Arthur (administrator) on 08-02-2012 at 23:34:19
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost


**** End of log ****

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 PM

Posted 09 February 2012 - 02:52 AM

Run malwarebytes FULL SCAN(not a quick scan)-post the clean log alone

Run aswmbr once again and post the log

Download

mini toolbox

Checkmark following boxes:

List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 09 February 2012 - 02:53 AM.


#10 splooop

splooop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 09 February 2012 - 03:28 AM

I ran aswMBR again, I'm still being redirected although I noticed only to infomash.org now.

#11 splooop

splooop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 09 February 2012 - 03:30 AM

Just saw your last post, am scanning now.

#12 splooop

splooop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 10 February 2012 - 12:30 AM

aswMBR

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-09 17:27:31
-----------------------------
17:27:31.545 OS Version: Windows x64 6.0.6002 Service Pack 2
17:27:31.545 Number of processors: 2 586 0x203
17:27:31.545 ComputerName: ARTHUR-PC UserName: Arthur
17:27:45.274 Initialize success
17:28:00.021 AVAST engine defs: 12020801
17:28:05.554 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
17:28:05.554 Disk 0 Vendor: ST350041 HP22 Size: 476940MB BusType: 3
17:28:05.601 Disk 0 MBR read successfully
17:28:05.601 Disk 0 MBR scan
17:28:05.617 Disk 0 unknown MBR code
17:28:05.617 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462643 MB offset 63
17:28:05.664 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14293 MB offset 947494800
17:28:05.664 Service scanning
17:28:07.005 Modules scanning
17:28:07.005 Disk 0 trace - called modules:
17:28:07.021 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
17:28:07.036 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d934c0]
17:28:07.036 3 CLASSPNP.SYS[fffffa60007a3c33] -> nt!IofCallDriver -> [0xfffffa80040f4ce0]
17:28:07.036 5 acpi.sys[fffffa60008f8fde] -> nt!IofCallDriver -> \Device\00000056[0xfffffa80040ef4b0]
17:28:13.256 AVAST engine scan C:\Windows
17:28:29.247 AVAST engine scan C:\Windows\system32
17:34:29.076 AVAST engine scan C:\Windows\system32\drivers
17:34:58.966 AVAST engine scan C:\Users\Arthur
17:55:07.264 File: C:\Users\Arthur\Downloads\Jack Johnson - In Between Dreams\Jack Johnson - In Between Dreams\MusicGen.exe **INFECTED** Win32:Trojan-gen
17:56:51.721 File: C:\Users\Arthur\Music\Jack Johnson - In Between Dreams\MusicGen.exe **INFECTED** Win32:Trojan-gen
18:02:56.605 AVAST engine scan C:\ProgramData
18:15:22.254 Scan finished successfully
21:26:41.363 Disk 0 MBR has been saved successfully to "C:\Users\Arthur\Documents\MBR.dat"
21:26:41.363 The log file has been saved successfully to "C:\Users\Arthur\Documents\aswMBR.txt"



Mini toolbar


MiniToolBox by Farbar Version: 18-01-2012
Ran by Arthur (administrator) on 09-02-2012 at 21:27:39
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/09/2012 05:24:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2012 08:59:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/08/2012 08:59:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/08/2012 08:59:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/08/2012 08:59:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/08/2012 06:49:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2012 06:39:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/08/2012 06:23:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2012 11:06:08 PM) (Source: Perflib) (User: )
Description: PolicyAgent4

Error: (02/07/2012 11:06:08 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4


System errors:
=============
Error: (02/09/2012 05:24:46 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (02/09/2012 05:23:45 PM) (Source: netbt) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.134.
The computer with the IP address 192.168.2.1 did not allow the name to be claimed by
this computer.

Error: (02/08/2012 06:49:11 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (02/08/2012 06:23:15 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (02/08/2012 06:22:17 PM) (Source: netbt) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.134.
The computer with the IP address 192.168.2.1 did not allow the name to be claimed by
this computer.

Error: (02/07/2012 07:43:35 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (02/07/2012 07:42:51 PM) (Source: netbt) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.134.
The computer with the IP address 192.168.2.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 06:52:37 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (02/06/2012 06:51:58 PM) (Source: netbt) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.134.
The computer with the IP address 192.168.2.1 did not allow the name to be claimed by
this computer.

Error: (02/05/2012 00:35:59 PM) (Source: Service Control Manager) (User: )
Description: i8042prt


Microsoft Office Sessions:
=========================
Error: (11/03/2011 04:30:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1201 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/26/2011 09:09:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/18/2010 02:45:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/04/2010 08:44:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/20/2010 06:29:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Agere Systems PCI-SV92EX Soft Modem
Apple Mobile Device Support (Version: 3.4.0.25)
Bonjour (Version: 2.0.5.0)
Dropbox (Version: 1.2.51)
EasyBits GO
Google Chrome (Version: 17.0.963.46)
Hardware Diagnostic Tools (Version: 5.1.5144.16)
HP MediaSmart SmartMenu (Version: 2.1.12)
HP Remote Software (Version: 1.0.5.0)
iTunes (Version: 10.2.2.12)
Logitech Legacy USB Camera Driver Package (Version: 11.10.2016)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
LSI PCI-SV92EX Soft Modem (Version: 2.2.98)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
NVIDIA Drivers (Version: 1.3)
Spotify (Version: 0.8.1.32.g93407e5e)
WebEx
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR archiver
Wolfram Mathematica 7 (M-WIN-L 7.0.1 1213965) (Version: 7.0.1)
Yahoo! BrowserPlus 2.9.8

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 3965.58 MB
Available physical RAM: 1404.74 MB
Total Pagefile: 8113.69 MB
Available Pagefile: 5836.37 MB
Total Virtual: 4095.88 MB
Available Virtual: 3991.93 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:451.8 GB) (Free:274.45 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.96 GB) (Free:1.97 GB) NTFS

========================= Users: ========================================

User accounts for \\ARTHUR-PC

Administrator Arthur Guest


**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 PM

Posted 10 February 2012 - 09:03 AM

Please run a FULL SCAN of malwarebytes and post the scan.Do not run QUICK SCAN

Press Windows+R key and type

notepad and click ok

copy this script
@echo off
del /f /s /q "C:\Users\Arthur\Downloads\Jack Johnson - In Between Dreams\Jack Johnson - In Between Dreams\MusicGen.exe"
del /f /s /q "C:\Users\Arthur\Music\Jack Johnson - In Between Dreams\MusicGen.exe"
del %0

Save it as Remove.bat

Run the bat file


Download

Goored Fix

Launch it(For vista &7,right-click and select Run As Administrator)
When prompted to run the scan, click Yes.
Please post the log in your next reply


Let me know if you still face redirects

#14 splooop

splooop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 15 February 2012 - 03:37 AM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
Arthur :: ARTHUR-PC [administrator]

2/14/2012 11:08:27 PM
mbam-log-2012-02-14 (23-08-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 432423
Time elapsed: 1 hour(s), 21 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:36 on 15/02/2012 (Arthur)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [21:21 11/06/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:26 01/01/2012]
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [07:56 19/01/2012]

C:\Users\Arthur\Application Data\Mozilla\Firefox\Profiles\81sq55n0.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [03:45 19/08/2009]
{5911488E-9D1E-40ec-8CBB-06B231CC153F} [01:35 15/12/2011]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [18:56 14/02/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [21:08 18/08/2009]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\" [01:45 19/10/2010]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2" [17:19 14/02/2012]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video" [00:03 13/06/2011]
"{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa" [00:03 13/06/2011]

---------- Old Logs ----------
GooredFix[08.34.13_15-02-2012].txt

-=E.O.F=-

I am still being redirected

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 PM

Posted 15 February 2012 - 09:14 AM

We need to take a deeper look

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users